{"report_id":"ad308314-a6de-4cb1-a876-7d1b1e7ed2b7","version":6,"status":"done","tags":[],"date":"2026-03-23T09:43:15Z","url":{"schema":"http","addr":"www.992kp365.work/","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"172.247.250.234","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"title":"992KP快樂看片ＦＰ７．９９２ＫＰ１７９．ＣＯＭ：７４４３","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.992kp365.work/","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"172.247.250.234","port":0,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-27T09:43:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"zbxmrg.univqi07dr.com","ip":{"addr":"23.224.225.141","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-19T17:12:03.824987Z","last_seen":"2026-03-21T23:38:39.762993Z","alert_count":0,"request_count":2,"received_data":244470,"sent_data":900,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ku2.mk3.syqsvvqr.com","ip":{"addr":"23.225.112.99","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-22T07:53:48.80616Z","last_seen":"2026-03-22T07:53:48.806161Z","alert_count":0,"request_count":1,"received_data":86755,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"www.992kpjs.com","ip":{"addr":"192.151.192.162","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-03-27","domain_rank":0,"first_seen":"2025-04-24T08:44:35.478891Z","last_seen":"2026-03-21T10:46:55.74535Z","alert_count":0,"request_count":1,"received_data":20425,"sent_data":422,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fp7.992kp179.com","ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":17,"received_data":267247,"sent_data":7959,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"jQuery:2.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"kp-i25372.com","ip":{"addr":"23.224.70.154","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-08-23","domain_rank":0,"first_seen":"2025-08-26T05:44:35.341899Z","last_seen":"2026-03-22T07:59:03.161127Z","alert_count":0,"request_count":5,"received_data":127669,"sent_data":2271,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ku2.mk3.sdtxihoh.com","ip":{"addr":"23.224.225.141","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-02-05T21:17:51.660707Z","last_seen":"2026-03-21T23:34:52.034394Z","alert_count":0,"request_count":1,"received_data":143282,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ku2.mk3.sscilhjb.com","ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2026-01-12","domain_rank":0,"first_seen":"2026-03-21T23:34:49.872828Z","last_seen":"2026-03-21T23:34:49.872828Z","alert_count":0,"request_count":1,"received_data":121694,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"www.yiqitongji.com","ip":{"addr":"107.148.148.129","port":443,"asn":399195,"as":"PEG-KR","country":"South Korea","country_code":"KR"},"domain_registered":"2023-03-09","domain_rank":0,"first_seen":"2025-04-25T06:06:18.822124Z","last_seen":"2026-03-21T10:46:55.510099Z","alert_count":0,"request_count":3,"received_data":136938,"sent_data":1662,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2025-07-15","domain_rank":0,"first_seen":"2026-03-05T07:08:29.691045Z","last_seen":"2026-03-21T23:34:51.714817Z","alert_count":0,"request_count":8,"received_data":149752,"sent_data":4033,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.992kp365.work","ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-09-02","domain_rank":0,"first_seen":"2026-03-23T09:43:17.163792Z","last_seen":"2026-03-23T09:43:17.163792Z","alert_count":8,"request_count":8,"received_data":126894,"sent_data":3638,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:2.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"992kp-js.com","ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2025-09-23","domain_rank":0,"first_seen":"2025-09-27T08:16:02.960182Z","last_seen":"2026-03-21T23:10:28.55991Z","alert_count":0,"request_count":7,"received_data":229440,"sent_data":3020,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"hgetryn.sgsjlxgw.com","ip":{"addr":"23.224.225.139","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"domain_registered":"2026-01-12","domain_rank":0,"first_seen":"2026-03-21T10:17:12.75724Z","last_seen":"2026-03-21T10:17:12.757241Z","alert_count":0,"request_count":4,"received_data":495131,"sent_data":1923,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"172.217.20.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-22T22:23:33.61086Z","alert_count":0,"request_count":1,"received_data":442216,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c68ca73baad3b43ca551060e3d7cde4b","sha1":"b821d618f32f61ba196cb2afb43a61e9e2038997","sha256":"48c0d31e97e2917637d53792e4f3541b6ce6e16c07edba6316a18560c3b2ded9","sha512":"9b98ebdbb66e08b14113573700bf9978f9d1a83b2d644915fd7010961b29b3efc45e342538144c1af8c5916af7390e40cbde5f9fa457133604a58f439f674de5","ssdeep":"","tlshash":"a4b09b952c538c8555561db0d167d406549c53504110cd0001d0558da765d5b4b5fd45","size":122,"data":"","first_seen":"2026-01-27T03:41:00.728857Z","last_seen":"2026-04-05T00:12:49.352831Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"23d551c87ed44f20d9f09746fb212493","sha1":"20ccc278465bf1e8f0dbbf96400d075151aba4d7","sha256":"89ac5ae85a1232e466315af94ad49072f7dff3451843913bcc41b956cfef8f9f","sha512":"5560f204187217f8765833e466e8fa000fde6babd6a6ded5c5658feb4a58f37bf59e915cd0e99fef0cbaaf09da6d9c5299f05aae299c4f55e5e35e4a80a33d7b","ssdeep":"","tlshash":"3ff02200f28000ec002000f3828c080f80080a88c02208a330a22000e8083383a2280b","size":629,"data":"","first_seen":"2026-02-09T03:37:13.617127Z","last_seen":"2026-03-30T02:06:52.474318Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/index.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d87a4619c0f51b639fa591716de2bd3","sha1":"8d46d22da40e875810ee644c097e5865877ce2a2","sha256":"3667f2b9746f19719a50bb65c8f2dcadfe9ef5b69c95a71c2da6b945beff5ba5","sha512":"6e7b6db1b538cc43593578fac64c78a5beb4df7b8b1f3859a04878f0c2948fac04f3bef8209e6d33f306d166a85fc03f336b3ad1853aed796d63bbe8d72cc015","ssdeep":"","tlshash":"6be061215d4d2e7d4355a17b2c38df1a73d7181ca89180494d94b87575b2ac655c1388","size":402,"data":"","first_seen":"2025-04-24T08:44:46.831208Z","last_seen":"2026-04-05T00:12:49.268859Z","times_seen":553,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ff575e552ef3cc04d2523efba7a95dc","sha1":"70ce9879e7db0342612bf673e8763f36f702e641","sha256":"6d6e1ef0f98d89faa4ad255d88d2e842d6edeb75adbcc1f5724015e0b5166899","sha512":"5ff64f9d4d2f773faa22aeb9ae221231a6f980a118743e19fe5c1cd9961f52ba8c8d4b11385d84065f437f343f6d206e5e80d4fc3563555f419c1527b09fcf47","ssdeep":"","tlshash":"75f0263950e3a4af3c271450e058fa681cd4150385118ba4f57d1192cfe1875253a4ea","size":497,"data":"","first_seen":"2026-03-23T09:43:14.124583Z","last_seen":"2026-03-24T11:52:21.622517Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ecad7d30ecafc06c477e0532fceba829","sha1":"e9f9142cce65d59331796238b9ab297219e19e87","sha256":"1838b08b7e02f84c06d75b25d906c67b2dbf19a4928f33880051976571ddea59","sha512":"b947c952f1507f69b98fa89a1de36188f90ed16617eba659f611831ba4e5bbccc99d1253d1ce967a7884924d9aa55f8f4b78c249afa0e79b068a24065b1fac28","ssdeep":"","tlshash":"07f0263950e3a4af3c172450e058fa6c1cd4150385118ba4f57d1192cfd18b5253a4fa","size":497,"data":"","first_seen":"2026-03-23T09:43:14.125617Z","last_seen":"2026-03-23T09:43:38.742454Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/notice.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"be418c13f5745234342386c91843588c","sha1":"1d5d62bcd7b9b26c4257ffe4fec00e98d867e8db","sha256":"c287f1c177124dd745863cd7c7da06bbfec7d87cb31deefeed18310c50841d65","sha512":"2cf4721f682fd610e8b9c4f69508d5154c6bc5dafeb76374729a0f87e0f89bb318944f14660a6e40366640b98e6282f1a6b12f33aa5c53ed467367a065be9cc7","ssdeep":"","tlshash":"8061b65b0b05251c356b2c8efd229f8c53a1100cfb1ee130a0afa464b2deab20163b8c","size":3397,"data":"","first_seen":"2025-02-22T04:56:39.855316Z","last_seen":"2026-04-05T00:12:49.306565Z","times_seen":478,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ed2123432e80436657fa32aa4d7a88e","sha1":"82242065ad6fdf82ac808e512286400491a61e96","sha256":"ac9e6bed6380febd49c5bb56f9ae406f332e4644bfbe9add90daee25d0205c5f","sha512":"ece8955ca1b161b41817bedc0020481a8895ba0deb7446d57ecc5943809ac9f1fd490ece9a72b0a7d0c818eef63e7eab77d2f700cf940cc8dafd99a7f961ae14","ssdeep":"","tlshash":"d621235be6f706108647f4360ddd0b0c3030401fd80499033c3cc1509fa8d6025249f9","size":1147,"data":"","first_seen":"2026-02-09T03:37:13.598725Z","last_seen":"2026-03-30T02:06:52.466566Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1E7KLDCG3P","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.20.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c3231431b2500f7303aa61c4344dcc7","sha1":"585fe38e4e4722aa2b4f2b01c97b7f1b22e6973d","sha256":"404541b2c08be944aa263cd3789e4bfccd1b926a28b12cbadf2cde07cdb34d86","sha512":"fca8152df20477d1ce865e18dd68d985399749e204d8067747af48912c0d3c7f30ef0e88adbf23e4a9ac0825e7ecd0ccc0ca0f302b48cc82589c35d10d72d48c","ssdeep":"6144:OJ8B4fKAfICc93KwiKHnm8SBtS5K2wzO3Epan8GH/UywU2yIS+a:94tfICAbHm8KetUY","tlshash":"2f94f8cdb3da74264396f478903f018be57b28a2b44cc899f189c8e42d7469a4277f7d","size":441612,"data":"","first_seen":"2026-03-23T09:43:31.075518Z","last_seen":"2026-03-23T09:43:38.7376Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.yiqitongji.com/matomo.js","fqdn":"www.yiqitongji.com","domain":"yiqitongji.com","tld":"com"},"ip":{"addr":"107.148.148.129","port":443,"asn":399195,"as":"PEG-KR","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b032bad4d0d4a7048ffb383d9ecca10c","sha1":"b79ca8828403f0094f8af46ddff72681d3ca7e1b","sha256":"643dc9512a4efa9959a6475a7e7fcdf906b492aedd5c423e83867f8f153dd13e","sha512":"3d80873cc8e92fac5db40bcaec79386d04bcf9135b48747bfdfc0961c054072a476b81f3e75e148f0063525cef414613997a26a13c76d23c6b9bb3a639c4a081","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmlMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fucXYy1PGJ9d5","tlshash":"d063d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","size":67976,"data":"","first_seen":"2026-02-09T02:52:16.040273Z","last_seen":"2026-04-05T03:52:52.735071Z","times_seen":948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kpjs.com/js/qrcode.min.js","fqdn":"www.992kpjs.com","domain":"992kpjs.com","tld":"com"},"ip":{"addr":"192.151.192.162","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","size":19927,"data":"","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-04-05T03:50:08.980852Z","times_seen":48115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/huanyuan.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5ff1933a9c51f5ed95dafb400a7e5b4","sha1":"8d7ab3bfb25e099322caedd04d5be039e9155af7","sha256":"18b0ce86190047070a14bfc871001d8b54c7923bd32be46d078187ada3fa372a","sha512":"c2c411bc69f69456e43de47268470af98590f6fe2f14fade431297caf57e19124b53ba8315606b2b5ca73c4948624bc170be6c1eb4fd7fec5ed065d2b42e79af","ssdeep":"96:mLsDsicvR6fmVVSxSc8TxsAz4h8DeCh7CL+h89HmrEgBSBMrvqkjwtODSrzMJtW8:mlicvEfFSxsw4IcSm94SMxjIrctWRmYE","tlshash":"21c1538873dc620b95df7623ce7f8564a179982a4294ac0fa64cf1dc58b542dc678cfc","size":6099,"data":"","first_seen":"2023-09-07T08:54:49Z","last_seen":"2026-04-05T00:12:49.307991Z","times_seen":738,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/cfg.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6b2c9140f99992362528bd46caf8cf55","sha1":"14380413193d205bfad9abcc508911a3e109bfb3","sha256":"88251da0ba0c91a9e95ceeacfdec626fd82b8b5b7a0c7e348ff8fd53d17a2b69","sha512":"abe90f809158c5472871e2cc11b7bbffd60f76710bd446fab0e347f5ee4a9de55e4fd1fb63645e59f767fc1e3649a0922b965a4ed6320a5ace93b2fa6a362e45","ssdeep":"96:pi/AZ8xw1fofHCu7FexoJbqYoZj3rA9t7MtVaZympSJYf48Q1moKik1gH:pi/AZ8iofHCuJbqYW7osmpSJYf48Q1m0","tlshash":"edc1338f58866c279bb817b96b3e258df9b6e41b0944ce45b90d72409fbd069e170ccc","size":5696,"data":"","first_seen":"2026-03-21T23:10:35.346974Z","last_seen":"2026-03-23T09:43:38.713759Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"06a0e355f358929d75e3125e11e43b1a","sha1":"14d0a40c35d0ca0a57214ceac7a34407c468f1a5","sha256":"156500422edbdeaa12c502a7925ca4e3131b5f5d171385141d76da8ad58f51a9","sha512":"de5ad08cc2b3175ba73be0f225409496904a759139975f8e57ab504f09ca37c7bab0b3e9d7c065b727aa4719142b6ec037c03b3d75295ba380b5d015eea29f83","ssdeep":"","tlshash":"0dc00414cc575f30537f34305031cd701ffc5431d4115f10501fd5040054cc45171544","size":141,"data":"","first_seen":"2026-01-27T03:41:00.745182Z","last_seen":"2026-03-30T02:06:52.463635Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/shangshan_dasiqq315.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"00f28f067d3e8e606b0c35c5a6157845","sha1":"2d6ba5e5ac39da82b28be0c4b8d079b08f479892","sha256":"ed9a25764f2abe2b5b70b6cad35110ba9b08eb8afece76421c8aecf136864800","sha512":"64247cd3d1c65b8b65426779cfc3d1312aafe455a9ef0c5a1aee7c1394672a1ebc8046977684af8b31184e0e276f9fd8f1570d0c68b6a8ab76f444b0010815d1","ssdeep":"96:HQ9bzSrL+w3S7kFbzSC5kw3SYHi7NaO1agMGShaMaYad5a9Ka+V3STvtR:HamrvC7+mCDCYEbUBsCzn","tlshash":"0de1f07d97a6585a023385f4e068be6cf8b9703fdd629421d9ff03b1118aed68c9344c","size":7091,"data":"","first_seen":"2026-03-23T09:43:14.111169Z","last_seen":"2026-03-23T09:43:38.70966Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd7c476b16c1571ddb5005526bb889af","sha1":"7c0b0b221e747a9a8280686f2db26d1370d0fe84","sha256":"5b16069873cf2f1c71c939791a2595e566b6a3662699d0bf44f471e57bc64fb6","sha512":"e5c4124ed625d0a4c202456d4a56b447786d358564dd020f0dd569c0916d4354b4d6960421dfafc816a0d09aa0c4a098d652ac375c5947de8de75c2ed07fb07e","ssdeep":"","tlshash":"c1f0263950e3a8af3c271450e048fa681cd4154385118ba4f57d1192cfd1875253a4ea","size":497,"data":"","first_seen":"2026-03-23T09:43:14.127217Z","last_seen":"2026-03-23T09:43:38.74335Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"827677ae716c447b6dcd08509c3ccd17","sha1":"ec4c78663143e5816df5ab52135d5712d06a3d8c","sha256":"a5778a930894665f1937c59b4f3a32497f8f9f440844aeb3bb2313fc9e1693c2","sha512":"4a7b2a73e21e6f53435150b63c378b714aec3fd8dd52034ddbef6b279a3d252cdbc78f74509a71105bdb9b5ebc84dfab71af44210e72bac77e6e6fa4d616c403","ssdeep":"","tlshash":"892134781292223f035709a2b167eba829f58637dd03d74df27e0ac64fc1da8c411c15","size":1387,"data":"","first_seen":"2026-03-23T09:43:14.128411Z","last_seen":"2026-03-23T09:43:38.744256Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c058b9066cab73359172dfbf9aff50f5","sha1":"72d251c82ae3daf795d10bd5ee25cbee417c98af","sha256":"c900b33e6e65bd1c51ff7dc535f16993684678490190763d1ba5455ff2bab208","sha512":"f5ec3a9d93dbad26930f63cf79f77e1fe569747fb54da283efb75263d7f263b2417f6f8efbf10e0b32d5b0c2db27dca9b871525e8a4fa7ddb993e613079bd49c","ssdeep":"","tlshash":"3af0263950e3a4af3c1b1450e048fa781dd4151385118ba4f57d1192cfd1875253a8ea","size":497,"data":"","first_seen":"2026-03-23T09:43:14.129588Z","last_seen":"2026-03-23T09:43:38.745074Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a9bab0c3079373965e5e3b6cd34a0a86","sha1":"969d5188b04614eebe62efd3929b8821e9b2a514","sha256":"3e0beb3bd211f68908b19f68399d9446a342d7bd53efea0d0e32470c62fff215","sha512":"d3cf3f3d903fa65b112b06af43d0a668ab0f263ddfbc1cf7d9b24ba62ab70aac9f315ea6ccc1ed0afd5cb0a2512f5ec184780c0a5c138a64861c5700c5c2a031","ssdeep":"","tlshash":"4ff0263950e3a4af3c171450e04cfa781de4151385118ba4f57d1192cfd1875253a4ea","size":497,"data":"","first_seen":"2026-03-23T09:43:14.133375Z","last_seen":"2026-03-23T09:43:38.749703Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/js/index.js","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d87a4619c0f51b639fa591716de2bd3","sha1":"8d46d22da40e875810ee644c097e5865877ce2a2","sha256":"3667f2b9746f19719a50bb65c8f2dcadfe9ef5b69c95a71c2da6b945beff5ba5","sha512":"6e7b6db1b538cc43593578fac64c78a5beb4df7b8b1f3859a04878f0c2948fac04f3bef8209e6d33f306d166a85fc03f336b3ad1853aed796d63bbe8d72cc015","ssdeep":"","tlshash":"6be061215d4d2e7d4355a17b2c38df1a73d7181ca89180494d94b87575b2ac655c1388","size":402,"data":"","first_seen":"2025-04-24T08:44:46.831208Z","last_seen":"2026-04-05T00:12:49.268859Z","times_seen":553,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/frontpage.html","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5acd85cbaedd7036b068bfdbd93868fa","sha1":"dbe5633aa094932bbbfe67a148bb3663e120eea4","sha256":"cfc898932e228efa7ccac6b15cdcfe2b14b611a69f48e9d4f7a4043c1a0581bf","sha512":"af6d5539348a0ce8ef8ab2a51997b92ccac3edbd4699aa4f37e194f7991d04961c259994509c260f37d16a9edc6567c1144d645e239a41627e74bd0f2ee40367","ssdeep":"","tlshash":"9241d0b89b9d1484454121221faf20c99c1efc373d18d9c9fd0da7087f95e3c6559ea1","size":2135,"data":"","first_seen":"2026-02-09T03:37:13.599627Z","last_seen":"2026-04-05T00:12:49.353549Z","times_seen":89,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"548a3b9782fe81413095f1619c28c16d","sha1":"082aa9f51f314a32d72caf6417d2f15286a4b886","sha256":"070c356346f9f59c101a69bd0ba56781775b3b57e01fb92544f6fd98885429d6","sha512":"d33501d866ed987f492ba10b45986daf95088ca9a5d8d3e1d3e49f0e6cd980a7e06d585e03ff04a257bb01d14692cd02d9d70626b0d19cf4cf1616de9ff980ed","ssdeep":"","tlshash":"a4f0263950e3a4af3c271450e058fa681cd4150385118ba4f57d1192cfe1875253a8ea","size":497,"data":"","first_seen":"2026-03-21T23:10:35.363466Z","last_seen":"2026-03-23T09:43:38.752343Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/mobile.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e2d4cf271f1ed5f9b41ce8108cafb25","sha1":"b0157b4a3b37221d7783af918397c12cb8443231","sha256":"5b7de9a13c6c91059394808a063bd6aef0f71f939378e89ce83ccfbe71e1f1c2","sha512":"3756de5fc233f97f2dfd16c2bc71807f307981bab84f359f0d161df4e4b7f432a0ff972d76f832b5c4cb45836818d19d4b19393e19870a85a5bdd5bc1002bbb7","ssdeep":"","tlshash":"bf717419bae95236896b22b72affc7443470e0035982dc04be4dc0a09f90d261dadfec","size":3750,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.342669Z","times_seen":660,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.yiqitongji.com/matomo.js","fqdn":"www.yiqitongji.com","domain":"yiqitongji.com","tld":"com"},"ip":{"addr":"107.148.148.129","port":443,"asn":399195,"as":"PEG-KR","country":"South Korea","country_code":"KR"},"introduction_type":"scriptElement","is_inline":false,"md5":"b032bad4d0d4a7048ffb383d9ecca10c","sha1":"b79ca8828403f0094f8af46ddff72681d3ca7e1b","sha256":"643dc9512a4efa9959a6475a7e7fcdf906b492aedd5c423e83867f8f153dd13e","sha512":"3d80873cc8e92fac5db40bcaec79386d04bcf9135b48747bfdfc0961c054072a476b81f3e75e148f0063525cef414613997a26a13c76d23c6b9bb3a639c4a081","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmlMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fucXYy1PGJ9d5","tlshash":"d063d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","size":67976,"data":"","first_seen":"2026-02-09T02:52:16.040273Z","last_seen":"2026-04-05T03:52:52.735071Z","times_seen":948,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/pop_layer.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"78083d165d995eb143b1c9e40bd92e3a","sha1":"4ef100345a3eda042266f711900c601673b13c80","sha256":"fbfbf56cba21264e36f233380fa3400adf9c892e98eb831099f32fa19af1c9f4","sha512":"6e995b83cc6d33881b950bd45564a1ec3900184d7e28062908496a26533bf28504f7e74acf48f7e4206ed79bd9905950ac4701db439d656e43df2b05f8da195e","ssdeep":"192:v3kyTc0PR/2c5XKbS9pzXZ8R4sJ9XCmC5CBQVp3I+Zo3riCn8XTxyYeUftj4Egyx:vNw0PRVxKb8zXOrw+8xvgypsR+ssSI","tlshash":"af62752146c11415137383aa9f3b7a5dff2740a78242454bbaed4283aff2d59c893abd","size":14546,"data":"","first_seen":"2026-03-23T09:43:14.120623Z","last_seen":"2026-03-23T09:43:38.714257Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/js/huanyuan.js","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e5ff1933a9c51f5ed95dafb400a7e5b4","sha1":"8d7ab3bfb25e099322caedd04d5be039e9155af7","sha256":"18b0ce86190047070a14bfc871001d8b54c7923bd32be46d078187ada3fa372a","sha512":"c2c411bc69f69456e43de47268470af98590f6fe2f14fade431297caf57e19124b53ba8315606b2b5ca73c4948624bc170be6c1eb4fd7fec5ed065d2b42e79af","ssdeep":"96:mLsDsicvR6fmVVSxSc8TxsAz4h8DeCh7CL+h89HmrEgBSBMrvqkjwtODSrzMJtW8:mlicvEfFSxsw4IcSm94SMxjIrctWRmYE","tlshash":"21c1538873dc620b95df7623ce7f8564a179982a4294ac0fa64cf1dc58b542dc678cfc","size":6099,"data":"","first_seen":"2023-09-07T08:54:49Z","last_seen":"2026-04-05T00:12:49.307991Z","times_seen":738,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/frontpage.html","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"52286ca788cb82c58a52a4ffac2bcc25","sha1":"19ceacf3586392a2742c377ef0ddcf4435f24302","sha256":"63c7c95459ebd11116ddb16f0f31271ddb116bc7ed3be06eeb8799fd5bc42712","sha512":"cd3d9b8c136c1211217525387089cdb5e1bc1fe6b14b114df9b9ce96114b5076b9c590edce7a5a3ff7adfdb4dab42817c1dcf5d0c5a8276211471e0272823206","ssdeep":"96:m/DOQ3SUfoCYAhs8Fp0SFnYEBkk1BqXzypXvSbHOFosNhMsMS3HvlefOtez:mbOQiUP/p0SFntFiEe2ta","tlshash":"fc91846c83ac056c865a260a252f15cda2bc11370804fc7fbd1ec67854d4a2a9339beb","size":4516,"data":"","first_seen":"2024-08-31T08:33:20.081075Z","last_seen":"2026-04-05T00:12:49.359311Z","times_seen":532,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/jquery.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"099252b1110599275168a9206f22a0e0","sha1":"347387ac377957d941ab005198cd7624809e889b","sha256":"c5e0f7bfe63244b6249ad14cdc7f799975228d1065e0c4fefbcbe9b282c251d2","sha512":"c9a0b5677251bebf20935e28baeaf4b45a81919f8f303d51d817e1b5f6ac6399209e8e68013341c32cbe44d86d00e72d4e39a8affbb0301e9eb131b26a2edc2b","ssdeep":"384:QdNIUOrHADf1Zjy5v2P7eMlyMTuITjTOdXmQ5xUN8damYIkZc15cRsFzqSTETI20:SNIUXf1Jy5v2P7eKyyuITjTqXN5xUN8d","tlshash":"b4827400fad5fa3663575da7732f12c5fc6a0ce729838c82d0bcb6546a592a2d1f07b4","size":18960,"data":"","first_seen":"2025-07-08T20:46:45.981514Z","last_seen":"2026-04-05T00:12:49.295403Z","times_seen":441,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/menu.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"694cb34dd524b79a65e4174a9ea1c5c0","sha1":"a9105caaf0a555de5e238ce1b5cb5714705fbaa4","sha256":"2ca76878793382176a485939f4e57e77df1038c1b37e67c4c822b9ee9f494cbb","sha512":"da43f4d63656ff0133b89131895639bf835b33310ce12b542f58198f593b8ac4108c9c528f5a56f306e81b5ec177c71e00bb28b56cb4f8cdb8e32d438b2bc8eb","ssdeep":"384:12wXdUQ2DxQ5DgnvrCyvc3mQvONmOvqIVR+lE88Pz7E:HX6/SG88c","tlshash":"dc62a55efb81c44682b22f7af57abc7df8b6a0751f43cc59ea4964a7e5106f6108108c","size":14749,"data":"","first_seen":"2026-03-23T09:43:14.101652Z","last_seen":"2026-03-23T09:43:38.688188Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dd47ca01424f5c560683eb15f61a6e87","sha1":"86d30502691d15b45ec4bef151472290ff0edd14","sha256":"de872828c4fb66c2fa2abe7306463c1b6d0b3286c9daa2502385fdbe95f15afa","sha512":"452355bcae1fd778117516ed4953b12d3b3b3b4ede0a3038612c2d13e323ed80e27d1a7233d3b89e7a48b722acb20b7c881c9b7c5ce50197c0e9f68219f64b56","ssdeep":"","tlshash":"28f0263950e3a4af3c172450e058fa6c1cd4150385118ba4f57d1192cfd1875253a8fa","size":497,"data":"","first_seen":"2026-03-21T23:10:35.365625Z","last_seen":"2026-03-23T09:43:38.753016Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/xiashan_dasiqq315.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0785e246891b376b05be2a5daf822f87","sha1":"28fc85d322332a3e347e7811340b9b5ac4486f4d","sha256":"92872adcbf3618abc2de1ca7c045a805f8a63857acab0f09ee2e1070c7062a51","sha512":"eb1a87685e99e86029becb64854df830bb37a61c5032af8532ea4498124394a6bd9cae002ad3037a35730e712ff6695f485f2577c97fc10bb67a85d2746d375f","ssdeep":"384:2cVyLhKdYz/qTJoLFuRrm5ym+7Hfru/004cCAD+aSOUBurJt6Pr5dD:BVyLh8igG5qrIPq/rgzzCAD+aSOUBurm","tlshash":"3072213e638651120732a5f1f6f8fb8cf4b6907fdf234609f4af0a916199996448b8dc","size":17145,"data":"","first_seen":"2026-03-23T09:43:14.102547Z","last_seen":"2026-03-23T09:43:38.728343Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5b43b43cb92d1c9bf839ee816b8fbee","sha1":"14f504986f68217740d9e158a9e5b6fdde40fb5d","sha256":"5526eeb3cc93454e9b95579db2038acd5fbc031349820d53bffa5b1f6618e03d","sha512":"09d8234de6f9a91eb73c151776d2ab79a620b8c9b429f9fa2a769241a789a55ac9e5c215a8e30e14824cbfe6e9802e7b7a3bf85cada4bc417812b66e682b6098","ssdeep":"","tlshash":"eaf0263950e3a4af3c271450e048fa682cd4150785118ba8f57d1192cfd1875253a4ea","size":498,"data":"","first_seen":"2026-03-23T09:43:14.135971Z","last_seen":"2026-03-23T09:43:38.753834Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/frontpage.html","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d360c984d7ece28e38577e8106a3756c","sha1":"15d3c8c70e02c73b820da2066a9e8ed9faa8c5f4","sha256":"319d84616495c114d0ec86fb4116069ef4dfe25bc4075ff8973c1cdc36d18155","sha512":"f67d1aff9950d222a030bff597273a6bb7892ebf94c318e59b4e53437bb8e1478fa6a93cb17ca0ddedee683e09c7168c075f3a995d17365069ac8da2e28a8887","ssdeep":"","tlshash":"87e0e5df9b8ea15229ed38d48a5421c8772d25638f025842cd15b62085bda2e82d6efd","size":423,"data":"","first_seen":"2024-08-31T08:33:20.082424Z","last_seen":"2026-04-05T00:12:49.365637Z","times_seen":531,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/frontpage.html","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"88e59548dbe058ceca0e50d2e4e627bd","sha1":"6ffbab0fa044a48fc3d03e6c334489b3a6273f27","sha256":"4167196271af3c5c477cdeac22a27b171c92d64e31251001fabc779b56df97f3","sha512":"c2ac44448e62c52227e62bab0988b34fc6ec41e5b38ccc55b518c12251507e3a8082e43d8f9ab9397a44bc3cec226976f57a2482c3e21bb9f8c38f1335c89f0c","ssdeep":"","tlshash":"7f21356bb5de5da84de532d9107ea19ea0bc201664d5da02cc1dcc0c843cfc66c39caf","size":1273,"data":"","first_seen":"2025-03-07T01:39:24.932604Z","last_seen":"2026-04-05T00:12:49.369242Z","times_seen":530,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc6f1ae5ae1be74d8adfde1de3bb4946","sha1":"650a73335e57069e8996d59edc96bee0d29d41f0","sha256":"58bd6fb29771e6594a2ea44548c88a6a398a0cecdcc122cacc5109cc7402c009","sha512":"699ed483cb6a9e4f19c8401b4c1c9d102103bf615714a3c458bb376358b03387781b2c79bcc0b702837670a92388dff917cd975bd5ed1df9e51a4dd78cace6cd","ssdeep":"","tlshash":"e4c00454cc577510134d14315031d57075fc5030d4151d50745f4f1014d4c455150d50","size":141,"data":"","first_seen":"2026-01-27T03:41:00.72681Z","last_seen":"2026-03-30T02:06:52.46867Z","times_seen":84,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"151ae3dd2df026f9af0305b0fc3326a9","sha1":"fe19b822ce88f24fdac37a774ea57605bb8e7929","sha256":"9c69ce9ab2b47c820e0111b3429db3e2443ebc4a17627c6b48d63ee0098633ee","sha512":"ab621e217e467bb3bac4efdf9bb605437c1b08cb1149fc69d7bf423eec3085a22ad9223f737ae0cbc90434c0899214fa6ba82a787f3a7440525ad35b4adf1c89","ssdeep":"","tlshash":"10f0263950e3a4af3c271450e048fa682cd4191385118ba8f57d1192cfd1875253a4ea","size":498,"data":"","first_seen":"2026-03-23T09:43:14.136946Z","last_seen":"2026-03-23T09:43:38.756014Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"49dcb6550d8d9848aec2bb9adeee5b5e","sha1":"82d84c16e0242ad5927ff31a21be56495e5d1d14","sha256":"260533cf40ba10ec5d087cf6ea179aa03e69c3a1520635c9573a25948e93c938","sha512":"dcc881c1661dcef96e6e41f1ea15cf8ae3139173b486c5301d7e29877fc5a83b7ed570b6a2c5b9cdedd176211eb1bfb5c96622f8cbda6bf290821bc8ddc4b154","ssdeep":"","tlshash":"922134781292263f035709a2b167eba829f5863bdd03d74df27e0ac64fc1da8d411c15","size":1388,"data":"","first_seen":"2026-03-23T09:43:14.139029Z","last_seen":"2026-03-23T09:43:38.756595Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f6f050d8cab478df35919368f76164ee","sha1":"546fae34985a2857d272e54574b8dfc250158bcc","sha256":"b33e858266d0577103d1f5fa86fbf96030155583c5b98227c3ce35fb0e240b12","sha512":"1802b91fd3fd6e28d4af734f800b9a3974078f87920db9fbd1d0d66a66118c0f54968b17d0dea1b6fdbdcd8ea37996123b297a9c917e3ba65781793120e68401","ssdeep":"","tlshash":"78f0263950e3a4af3c271450e048fa6c2cd8150385118ba8f57d1192cfd1875253a4ea","size":498,"data":"","first_seen":"2026-03-23T09:43:14.139987Z","last_seen":"2026-03-23T09:43:38.757353Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"7bdb3dc05300e44ceb7e51339530d303","sha1":"fe168a81aef40c93ddc1a24262e97eaf84bcc24a","sha256":"13ed148ed98ff7de52ca50f70aa90ce7b2e4e1b3cbd91d66fee09f0c51fb9106","sha512":"0ddae3df2fd79849bb1afe0a8da0ba221797a428e2c3ef2cdab95514033bd2cec19f500fc80e23f1a584e41172b174e6359ed3a60613975e976d4e07d6c4c274","ssdeep":"","tlshash":"51f0263950e3a8af3c271450e048fa6c2cd4150385118ba8f57d1192cfe1875253a4ea","size":498,"data":"","first_seen":"2026-03-23T09:43:14.140797Z","last_seen":"2026-03-23T09:43:38.758096Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"32fff82d6d17955fa5b80353855a013d","sha1":"31f75109b57dd6cfe2aab22259c69d09754799a8","sha256":"2b215cf26b144914f3ab543b6526f62dfc1aaee27e12c7a74f67efec71356f2b","sha512":"9f1ba59f33869c9ddc42b7d83884f370bcc60570acf49e6d68ec799e3a83aa8a03d843d2928128f851356a5433751af327e027d7260e4f63364f63fa2c8fe25a","ssdeep":"","tlshash":"70f0263950e3a8af3c171450e048fa681cd4150385118ba8f57d1192cfd1c75253a4ea","size":498,"data":"","first_seen":"2026-03-23T09:43:14.141649Z","last_seen":"2026-03-24T11:52:21.630121Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/js/jquery-2.1.0.min.js","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ca7582261c421482436dfdf3af9bffe","sha1":"98884258cbdb0d939fa2c5e74fc7ac9e56d8170f","sha256":"f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d","sha512":"aa9dbb9ee532954830059247b269b75bb925c2e3398247b8a6b4ef3e89375f9ce2e74cb7328f1c8297977a0596add7ee5f217651d2d62bf5826f932fec228770","ssdeep":"1536:XPpEy5BMibZGOj/bEe8v+/UWf4IhvAQPFZ93E8ud44d+ROvcpbRNkVPEWW9MtXaQ:uIOKpETQRsFrta98HrP","tlshash":"af83c6d9b2c6b162d77730b850bf450bb13a98dab80c8c60f0a5d5e47db4a89507bf2d","size":83615,"data":"","first_seen":"2023-03-07T01:17:22Z","last_seen":"2026-04-05T00:12:49.300153Z","times_seen":2586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/get_ym.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7ebc6a3a9e8f3485fb579907ea430d9","sha1":"8e09a0a3aa63c239a57e8dabf3ba8bddafd65d37","sha256":"0f5b9c6eb38289f77a38426d930135a542205993850a145a95c0fba61e86287b","sha512":"8254be57a2556d6a76fe15795f7b01d832f54f84172c9c1c45aeb8a5b479eb87e5988f0c90345cef1101c97b514775caae3f7d07633f9dee2ea90cc604b0c2f1","ssdeep":"","tlshash":"375145b8652b245d4b8137121dbd1408ac2bfd353d6cc19dde08d4287cb8e38747aa97","size":2531,"data":"","first_seen":"2026-02-09T03:37:13.556948Z","last_seen":"2026-04-05T00:12:49.315767Z","times_seen":90,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/tj.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0597a2aa50f4f4c0eab271975024f5c2","sha1":"48ff227e1f426dfded6438356e2abaaac01d2b9f","sha256":"4c1476659e12d605dd0f3916f9e2aec04449248c7ebbbb07d06a1dd9bd47f0cb","sha512":"4844825ac64667af8a0d6a55f6a047cbce71d2ce204279e81f10f6fd5a48d51a684055e23f633a6d1e3f47ac3288b25b7c1769c5d231832c0558be6b06b1cb83","ssdeep":"","tlshash":"eb01dd457e32cef284a94bc2767ae96cb4fa6020e443f260c4ce681c5123fda6d00cd9","size":683,"data":"","first_seen":"2024-06-08T10:58:31Z","last_seen":"2026-04-05T00:12:49.276069Z","times_seen":638,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/cookie.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a03d97ef3c0c2af25173f367da6d3b0","sha1":"2d689478fab5f3d86e45aca0e6345ea5eafdb178","sha256":"24c7009e8cbd0e9ee4c82320cdfe3de0c42373ee9d603a9c242afb3e3f6692cd","sha512":"a9f173184707eeaae3a92670ecd49eeb6d9eff10bb95705128f57ba7c3bb58b5065996aa97f9d64eedc81f6252a4bbc75252fe027ca6edd0742b862df0314b59","ssdeep":"","tlshash":"474120943c837b099536f171cb3e6348f9f252279229de50380db3b09f009218cae1e5","size":2427,"data":"","first_seen":"2023-03-07T14:03:47Z","last_seen":"2026-04-05T00:12:49.310894Z","times_seen":1169,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/analysis.min.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8f2f21edcdfba40db44db4e5f2260d40","sha1":"1d425cde5ff40bd89aa2e94f0f85aebbdd19a43e","sha256":"6fb1186e5a3874abafc0a5c61170f23a77df40536afceb7defd72a42f248ec45","sha512":"e8d65ed00561d3225b783ec987ec131e15ade0662b204017d0e84cc638f21f010fb8cbe6fc266f90e53a57309a258e88be43fb3b437046f7372cb719093b05ef","ssdeep":"96:ov2h31vGabU1YvHO0aBxzHz0mahqaKZxmNo++ms5MAd3N4FpPOetjlf:9h31v54YRQxzHz0bhqa9No++miMAvrOh","tlshash":"0ea1fbed728a36344628fad736af79087d37c40179c9b88bb1d2d811eca0543463fd89","size":4697,"data":"","first_seen":"2025-01-06T22:23:29.196081Z","last_seen":"2026-04-05T00:25:09.172046Z","times_seen":1476,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/jquery-2.1.0.min.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ca7582261c421482436dfdf3af9bffe","sha1":"98884258cbdb0d939fa2c5e74fc7ac9e56d8170f","sha256":"f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d","sha512":"aa9dbb9ee532954830059247b269b75bb925c2e3398247b8a6b4ef3e89375f9ce2e74cb7328f1c8297977a0596add7ee5f217651d2d62bf5826f932fec228770","ssdeep":"1536:XPpEy5BMibZGOj/bEe8v+/UWf4IhvAQPFZ93E8ud44d+ROvcpbRNkVPEWW9MtXaQ:uIOKpETQRsFrta98HrP","tlshash":"af83c6d9b2c6b162d77730b850bf450bb13a98dab80c8c60f0a5d5e47db4a89507bf2d","size":83615,"data":"","first_seen":"2023-03-07T01:17:22Z","last_seen":"2026-04-05T00:12:49.300153Z","times_seen":2586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"911e3e96cc8379a257c8e6212cec98fb","sha1":"3630ff1cb108503f5445d615ec0dde0e032aee3a","sha256":"992c18c6cf3fca338e5406f284e7a8ad6d143bf07124b6a05077973ed8a4a133","sha512":"288a1c1db787c8b9fb5ffd39735ae6b55ebf9bb0ea3b5dec1552b6060d061c26841844af6a618871ea1eb991693063e0e1bcdf3972bba0a34802009e6b265bfe","ssdeep":"","tlshash":"80f0263950e3a8af3c271450e048fa681cd4154385118ba8f57d1192cfd1875253a4ea","size":498,"data":"","first_seen":"2026-03-23T09:43:14.143498Z","last_seen":"2026-03-23T09:43:38.760309Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b933ead275bb5511e32e491f6aa8a51","sha1":"f368beaa6ea15d96383438c2d7c8b83980a0221e","sha256":"5065454252da24d2c7c5516ca1fda60d89ba71bc75fbad298169611edc50c594","sha512":"5df45051aaaa06c002881527fc19c5e50c05db35e1d88460b5f295e84833f83df13050e2a8a6e102beb0b0984c03c1a95e4cf200424b6ec807ecd226f144b599","ssdeep":"","tlshash":"f5f0263950e3a9af3c271450d048fa681cd4154385118ba4f57d1192cfd1875253a4ea","size":498,"data":"","first_seen":"2026-03-21T23:10:35.387553Z","last_seen":"2026-03-23T09:43:38.762543Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"6782c33532cc51796574b73bb0d08ea6","sha1":"4baefba0da30567d5d8ffd058710009109847030","sha256":"5c2a931086d9c74eb7178c2bb5b0de8e815fbb2690cb5f7f38fd5d30505ea4b9","sha512":"9c705babc8122e62a2e99d6cab085b7550d6fa550fc21f64ae52ea1429f510edd3bfd4a7ef923054d55bb399fc613cd3e8aa632c50153370ffa59caebb3c85ea","ssdeep":"","tlshash":"64d02b7196574d8d4205c1daf005be14d46a108e4e729508d9ba8377958df9bcca715c","size":274,"data":"","first_seen":"2026-03-23T09:43:14.153662Z","last_seen":"2026-03-23T09:43:38.818102Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c11b58e9a9a9c2a79cb0142a180939a8","sha1":"ec1409a723066f49deba5995053ad8f26ddc18fb","sha256":"7db230852757853a0f8aa09067fd6965ec0dd0431ba12c611ae5fe9c9ffce321","sha512":"a8aaf7fb4c6e75fd36c7f44fdb3fa8c045691bbe12189dba254cf2f8604b55607d57f3a0269035b5c3ffc1ad71fc9c01fa503969257114ac7f6936e9737e7574","ssdeep":"","tlshash":"94d0973ac1c8804712e248c3e0e9bd88a0e3f04f8b13814edcd80083118026e8a0d01e","size":243,"data":"","first_seen":"2026-03-23T09:43:14.199189Z","last_seen":"2026-03-23T09:43:38.785448Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"646e9403e291e20aff626e1a16637d64","sha1":"ee9ef5bd03e13a668b037b5623b1375bb1fec521","sha256":"a39cde8b36b237c0ba0aaf9db6b1565d14b595eaaa7b9f07b576d6d8861bb8ea","sha512":"0fc70df67c336c3ae8edea7fc7c4fbb09c248cb8aea4e76a3671533c70c269ee0d97845a6f26a1383372db94647677cef70bb6747276f18707c3c383c6c671d6","ssdeep":"","tlshash":"b4d02b37c48546ae393595c3d5e87e6c9881318fc883f015eae443e253c6e997db254d","size":282,"data":"","first_seen":"2026-03-21T23:10:35.470915Z","last_seen":"2026-03-23T09:43:38.765755Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c1aac1870b9e305e038d09edd624677e","sha1":"14fcccc0e22f8e122056ce425f2af531a73b4452","sha256":"f54852bf99210e451f8a30da8c08d69370989da2bdd28614a029a62cccf01864","sha512":"4ab9786014c1f836b779b798414c2c58835cf691a40615e361e9763cdc7dc5ecb692a3d1f63671c23d1d10e280013e0c7a6f5c2212fc8f74ecbfe0ba95945f01","ssdeep":"","tlshash":"6dd097a1c08a09481a32a0c3c1e9bad8c482300fcca0bc02eded02e313d2f1e9d6208e","size":251,"data":"","first_seen":"2026-03-23T09:43:14.145941Z","last_seen":"2026-03-23T09:43:38.823321Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"db7551143d6cba421d0cf9d1e02ee347","sha1":"74a6581e679a46f228afeb05e0bbe5e2637ac89f","sha256":"9ffa3cf13c1213f573c8a209907d7f61e9f14fa97470dbeb96a0a4151bf26885","sha512":"a6207b1d278d294e367fa68781e7c3f26c13e5eeaffc29b46ea5a16b357cf48ad018b3b0255708171092c88307accb4ee4a24b83efda042db5826d55ea0adbe6","ssdeep":"","tlshash":"afb01265985ea0024056f2813cf1af0130f28b6bd75209dd40b84163f39cf0c005ecf8","size":104,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.434206Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"27631bc2babff4abbc752944ecce599b","sha1":"f7cb523f7247a1ca721a9e26065f412b6aef002e","sha256":"13ea68ecabff8550968e001f4cdde7a5db72c32a606b3fc7797547fa645a7e16","sha512":"fe85695e620729f3eb1148496168f3583b9e8ed2d2f0f42e29e9705338a560c73c52d55b075a6d8e9db661babd4495618471aa5669f270af55153ad18e377e7a","ssdeep":"","tlshash":"e7b01224841b70006222f1413ac1560021728b53d761455401618623b2cde1400ce5ec","size":88,"data":"","first_seen":"2024-06-08T10:58:32Z","last_seen":"2026-04-05T00:12:49.386231Z","times_seen":636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f328ea08ebe65680d4263e882bf3b703","sha1":"0070c10f8f3a3885319ce413d997888ef62d1b4a","sha256":"f783038c7258d592f01cd4cb2045087e4ed331cf5cab52ffd459b086a0537bf9","sha512":"1d614086927686877dd42ee0c73f0776cc15887f4624b327bac7be9e2d4f215e9cd8e5650f2a6cebd00ccfc0340616414d746000bbfc075476b4db43570d5410","ssdeep":"","tlshash":"62700000080200028082080002000e02c0a0888002be82080003000f00820880b80a00","size":20,"data":"","first_seen":"2023-03-07T12:02:01Z","last_seen":"2026-04-05T00:25:09.340454Z","times_seen":1873,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0f54a1a226b889000980f1d5f2bd1727","sha1":"1be0e6017103adae0174a5e8c088cadbb47d5a02","sha256":"4814b3de7b0b847c32f7b2b7ca8cb543e19abe4776341db41db0ef98c6b0f1c1","sha512":"237a97cb4c00a2d441634ab2464d1b16e9306c22ea3703fc67051f63bf8075bd6dac2d7212d99f761f4fb5aecb0f498980f771da7f35e76f99e1f48bc2a59d42","ssdeep":"","tlshash":"0ed0ebb1c14248480002c9ebe00cbc88c8aa305f8f32a008e97641322109a9f8c1309c","size":275,"data":"","first_seen":"2026-03-23T09:43:14.185168Z","last_seen":"2026-03-23T09:43:38.789346Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a4fd0300f84aa2a9a2139d2315d62e45","sha1":"03644b2a40fc78eeeb43e5e578ceb432802e0e26","sha256":"4b8828ba4df314a30600423c57c22c90e66715fc9fc1d8a55f0ea48133ddd863","sha512":"eae08c83a6c31e06ec0797da9d20ee33a67b3930aba728244cb2b224a62a9a28981eb2a0b00398daec9c9524ddc65858006e898c3769a095f767ea327d8f29a0","ssdeep":"","tlshash":"28e0277e44e794df1c0f04a4d058b91c4d453c4785110bd065781151cbd28b93235489","size":297,"data":"","first_seen":"2026-03-23T09:43:14.146699Z","last_seen":"2026-03-23T09:43:38.821243Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9f4fbe6bdef6cfa6899c151b527a0f51","sha1":"5708e03011177306e1acc0ab54e543491f5f89e1","sha256":"e367819b74e57138eb9806d8a5bea1aa57bb5cd563bd80fff671d914dd1c9f39","sha512":"213acec27d62b56f374eb835cf3e11b6a13792ac99e1caae5183dd64d1d8e1a1d112afc06bcb60f164af4fcf12ffb79f236a45c3208f6316c5976af085504656","ssdeep":"","tlshash":"a6e0277d44e794df1c0b04a0d05cb91c4d453c4785110bd065781151cbd24b93235089","size":297,"data":"","first_seen":"2026-03-23T09:43:14.169353Z","last_seen":"2026-03-23T09:43:38.79678Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"cc7c13fbe720138560172ecb650b623f","sha1":"6c40600dbe89a6b59377a2a747b84d9c8c8e02a2","sha256":"d9057f11d8ec34e3061d603fdbf2cc5cb7eb28524f1772e0e33b013963e15f86","sha512":"26de1256ebfc0c6a01cf5d027ec8c09a4befb48bfb17fad19737774c48011e701ebac50488d6a2313c848ecf9f308bac3cf4ecee507618a4eaf94dd54520f07b","ssdeep":"","tlshash":"1be0277d44e794df1c0b08a0d054ba1c5d493c4785110bd4a57c1151cbd28b93235189","size":298,"data":"","first_seen":"2026-03-23T09:43:14.19186Z","last_seen":"2026-03-23T09:43:38.792726Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7b85c98a9ee328d2bfd358b60309938d","sha1":"7c7430f9e1e455cc056f2b378911dff6fbbca8f8","sha256":"1c02bba092175b296be548a7a5d39c7594790194b9ab4c6b116844314ec54ff5","sha512":"ebf72cc91ea06d5b9a725598f05a23fad0b85b507bd5ed0e75919c270134c5a51a6d969e6b874bc53b1d1eaed4b16beb0df595f089703bd965b493ef1fd36d9a","ssdeep":"","tlshash":"6bd02b31c286929d87044087d448b949d45210cf8b12860ddd70c2a3a6c9e2b4c9759d","size":269,"data":"","first_seen":"2026-03-23T09:43:14.190243Z","last_seen":"2026-03-23T09:43:38.76808Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b14d5af76cb2c0448ec84a1bd77ace5b","sha1":"606bdd7066fccc7b41291b3c306a9aa5ab75daf7","sha256":"174b15df67e77b2bff997b39a0e66b550f5388f5e496a0a0f965146f152b4a91","sha512":"52cd107b5ff4dd933c2c825bf816b715f4a499309cb6259728667b623bb22595ebf5e51d653c143d264b755abce0be46419fe2f1783c36c09a25e9246bada736","ssdeep":"","tlshash":"e0416b66c5c08a6e52627a6ff1427ebcd1fb60b54b225f4079171dafed04572200178e","size":2040,"data":"","first_seen":"2026-03-23T09:43:14.156493Z","last_seen":"2026-03-23T09:43:38.764372Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e68723f0bd3aed0286821cdfd61d3237","sha1":"c42a6419f1ac9e556e796bd3ec9f73eae33435bf","sha256":"3b54c559ee68c73e66e50c02d6653631962c0b42561245d7b679f042e8d417b3","sha512":"fb5b48b2effd648dac75d931ed5dba8bf07e9a1e3844de3071d53a160f53d4196c93cd3690185f8a0e1e6f36c07c7964bd6819802aa50af1074c8bed84195b8a","ssdeep":"","tlshash":"934000f0000000000c0000030000cc000000000000000000000000000000000c000c00","size":6,"data":"","first_seen":"2024-06-29T11:16:14Z","last_seen":"2026-04-05T00:25:09.314821Z","times_seen":1025,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e344c60c9e5c1c1af378bb0261108193","sha1":"d48bb4cefaca31c7f7619329a19dd9eb7851ff10","sha256":"9a7db2062db99fd4703eff19715d3d6af0b6ebc3e569a56a0788f1f367a57239","sha512":"7df5e1f124474df97b15e1700497b6259a3b4a1ab696eeb452d234791748b9db8ef99d3ad8e896adb33a804de552ce88f9051a6605a23215525d909811c49db4","ssdeep":"","tlshash":"3a9004f44003513d1045cdd374171d3331701f45d40347cc53711557c750c7511004c5","size":47,"data":"","first_seen":"2025-05-21T12:42:46.058606Z","last_seen":"2026-04-05T00:12:49.44681Z","times_seen":879,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"71339cfdb2e8ec485eb7abf09ca2a56d","sha1":"7bf0b15011bfbc62416085eeaa6d8fa87b2f49db","sha256":"9350fb88382da017a6904515b899a46bff58161d11911077426e2a7934e53720","sha512":"4ecd5e7f627ec1e2120d26fd01e0549d560d8dc3ed43043acb2094961b66590c6b5323c6703bd64f73009232f23c3bfd50b44fdfbc898d0ca11c83bbd9920653","ssdeep":"","tlshash":"aae02bbe84e7a8df2c0b08b0e058fa1c5d453c4b85220be4a67c2152cbd28ba3239189","size":298,"data":"","first_seen":"2026-03-23T09:43:14.154604Z","last_seen":"2026-03-23T09:43:31.163036Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"615512d160e8e5ee10d8b6ebfe6cb4cf","sha1":"ec2eacda71e6890960dc0630385f234cec2bd610","sha256":"d721407d6600bedeecc8d9ffc6a4615de5012e7c644dcba006759ff0a0973c97","sha512":"f207bfdbc9c24b5806c753a0e4ec5eec303c6e55b57a7852d3cb8e8b965c3906717fc2537ede428ee9c5cb831d24362c06f3eb28ce9b44faf8f5c0a0227bb57d","ssdeep":"","tlshash":"9de0277e44e7d8df1c0b08a0d054b91c4d453c4785110bd4a57c1151dbd2cb93235089","size":298,"data":"","first_seen":"2026-03-23T09:43:14.149364Z","last_seen":"2026-03-24T11:52:21.643697Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e36102e7033fff0792dfc9ae35fc042e","sha1":"15cdf108d418171ddb25880458583ffaa0a832cc","sha256":"2e0492523c620d2555c61d2a3b2042a2e9d16ebb539e8706b11baebd118056cb","sha512":"06e2e8da0b75246a262b0a7f93247762206df17bf8b3f5d286b895769752d1a670ca63edec4bc2ccf4aff13291a95af3025c640ab29be769e13e58d3700e5287","ssdeep":"","tlshash":"30b0121c586c2002416aa283adb5af0161f24b6fc7120ecdd0fd4d62b39db19004ecf9","size":103,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.384711Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"8dd08fad22a70c1c1d5038531aae5cdb","sha1":"0971571982b6c6cd9df89133fa5f88fd2faf2cbb","sha256":"dc75febeefd8d833d01ee48759cae75e70235718ed483775610b1109753b88c1","sha512":"e34bb77b7e7af92a44417d943a8dee1bd553d8bb3a859dca387c6643675cd7fca119814e97bd8c904895ef5b92783a866322fc4c6b04886b1e084b48d1d15928","ssdeep":"","tlshash":"9db01200441aa0006241b2413de1d60230b24763e7a604d510200663f38cf04009f8fc","size":87,"data":"","first_seen":"2024-06-08T10:58:31Z","last_seen":"2026-04-05T00:12:49.414378Z","times_seen":636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f9772c0f8ebb198f2de0185366738594","sha1":"8f7f037d1fb161321497676fc64494bb08a0bb5a","sha256":"4bd901fecec053df788c744af375ad52416e04bddb8b9916b9f71a5fa214d42d","sha512":"3614fe99f9ac93257710553a6be785b38540ce52a2ecdf119b3b142de64bc97a71e6309f67dd94140638d26914d8a87b1eabd4e4de54f298ca2943a93cf904ce","ssdeep":"","tlshash":"06b012084428a000635572427de5da0231b20767e76704d560640a63f38de14008f8fd","size":88,"data":"","first_seen":"2024-06-08T10:58:31Z","last_seen":"2026-04-05T00:12:49.452417Z","times_seen":636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a01d615d591e876191cb9f08239165fd","sha1":"2676576a84381a8d2ea3f038d381f0e834048191","sha256":"4c7bb09aec0a759f1ad2cb134bfb50dc04bb337784f88119ed87142360db7079","sha512":"e632dd37e3dc411263271b59aaf457facad2ba5af9e152610ddcfd45769d95dd9bc3f9c5c792e9e286ea284a8cb2c8c3db3fab896715000fd9144429581bf426","ssdeep":"","tlshash":"ddd0e770d5d154470112c5e2f019fe48d49f304f4b61c00ce97e51311524ad7cc1364c","size":284,"data":"","first_seen":"2026-03-23T09:43:14.197067Z","last_seen":"2026-03-23T09:43:38.775252Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"50feafa09fa9ce1b718019c7519eadd2","sha1":"2ff77fde7eddcb78088bbba0a09ed08a533d383e","sha256":"f873a2f6a53d3401a1862535f9bd141a77347e2e4b7beddd24b5fc6e3158aca0","sha512":"515353f591c05b20f725a5837e8b8be23a32534c1ab481a776c1424f12ec375a4420ec1905b9f34eea0ea9cfb7d99d288bfc38cb12dd1747d30325bae0cc2538","ssdeep":"","tlshash":"16d0a76184c609a9367696c3e9787958e0d1200fcdc1a015def852e216d9d1d34a149c","size":240,"data":"","first_seen":"2026-03-19T11:05:59.876189Z","last_seen":"2026-03-23T09:43:38.772055Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"b69850db78f59fc8beb049d1f4e4671b","sha1":"52b32c3d68e88198c81b6e32e2fc3d42ac1a74a3","sha256":"44bd63c6d5f0864432c71290f241695c8a60d4dcd7932e5ce66217fdccc26d68","sha512":"6232273fccc2cc051a67aa7e9b176ffdc0b45452476b8ac3ee785f621d7ff96f4ee1b6724b54eb59f1229c1f08dadb505836ce52f121857e68d277a1565c33e4","ssdeep":"","tlshash":"ea900273428460a51150c9808260a128d00640a98d56f953d4951d4998146714502999","size":51,"data":"","first_seen":"2026-03-19T11:05:59.844211Z","last_seen":"2026-03-23T09:43:38.829407Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1ff0ec8aa5776219897179ce08704dca","sha1":"75826e0c07bf6a6f63f124ee2d48f2958f8b034f","sha256":"f6ce7090178cbf576ecb1b618f034683eafe7d77b795f84e2119de71af9ec2e8","sha512":"ce342584643988cf2bb9b627c33d84ca303d8a422d2accfb308d59f653de018562fafed93ca1cd69aeb9ca731c799ae7c66b269ab0d0e91aada4e8bff1b79db9","ssdeep":"","tlshash":"9f90047c0410517d1043c5d111307f5f11d14f07c50305454370355355f3c73cd1c555","size":52,"data":"","first_seen":"2025-06-02T23:36:48.209782Z","last_seen":"2026-04-05T00:12:49.433185Z","times_seen":877,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"823e05773c128387201ce9570f6c6310","sha1":"baf44065f10066dd86be3e0f27a634ec458ce37e","sha256":"751cd84fb38c617a9e4191ebd1f7aa4734cd3531d3b1c0896e3c5a52f822cbda","sha512":"fbb3e22fd1995cafc752aa51427f22cf4d2a662914fe9d9a2eb5c77c9bc2f2dd5195adb7e291a295d8c3a8cce3d1397f5e369e9ef17849c4927a1cef09c828dd","ssdeep":"","tlshash":"e1d0e770c6d1644b02129472e059bd88e4c3304f5f61c008d97d11721164dd78c1354c","size":283,"data":"","first_seen":"2026-03-23T09:43:14.1757Z","last_seen":"2026-03-23T09:43:38.824786Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bcbb21e3c30fe7671275bc16d7e26d76","sha1":"58ed64f2c3f31ed9c3513c5cafe1570e4b095af5","sha256":"fd32821b7e9adf169ecb390f9ab547091c4b0a895f99669cfa6c8a6ffdb841c3","sha512":"852ad737d06f6e7d0413fa557a16a98dbbfe6f674661c94c280c08837731355997feaff29489e67919274e0c7757b9e725661ff39e2c9156fb920b54f36ace55","ssdeep":"","tlshash":"f9c08cd2fadb1213c0b482ee15ba6b4df0e3c400c7024a08a27e24c20f8ac82301402c","size":161,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.388421Z","times_seen":634,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fc956fd51bc3bc2ef68d4404e864914f","sha1":"30bba0172bdb96206fea9b5e7585b7bcdf7fe3dd","sha256":"e4ac4f444922e66c60d214e8d8b560b832c30b0b73b831b8a98513518e5b95eb","sha512":"40226515b34dd91cc831173c404e16411542033e6e26564e0b365ce8088c20616b736c99a1e90dc593ecd092240d2181e5e30f6b27fa38263f731baa99d00740","ssdeep":"","tlshash":"7cd02b6145855855c106c2d6e428fc08d0d5204f8fb1641499ea52316148e9f8c5367c","size":252,"data":"","first_seen":"2026-03-19T11:05:59.816379Z","last_seen":"2026-03-23T09:43:38.806796Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"0a3a0b592b9c285e050805307cee87c2","sha1":"125a168e24b2bd38aadb84cbb5f87f316b073c41","sha256":"aac32651b10f567c461b9b4f255d6fb1fa6859b5368d8bd9a51af920ab21cf23","sha512":"4097f05a9ce819914160aeba71fa11524f6b291a39b7c948509d756318b600934f1d195980df66bc7731e327979135bfcbe0e9ff3758d779a72481ed623cd3a5","ssdeep":"","tlshash":"a34000000000000000000000003000000000c000000000000000000000c0000cc00000","size":6,"data":"","first_seen":"2023-03-07T01:02:09Z","last_seen":"2026-04-05T03:48:32.816524Z","times_seen":227264,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f1b4bf4c08ae17082d6ce3007b5c9370","sha1":"ac4c9958e889f0079ac8af708516f4ed3caf2b86","sha256":"bd1770902d0bb0db962c9fd528eee6c5a5b288abc3e70dcebc101fd959016111","sha512":"96ad84471fea2af1c673f991b78ea22aae347428661fbd37bfe8cc310f95ecde423725d6fcae3282759a925069e6bcaa632bfad3d14abc3eb773507f9e9d9942","ssdeep":"","tlshash":"e57000000000000003000c000030030c0003c30c00000000000cc0c00cc30c0cc00000","size":18,"data":"","first_seen":"2023-03-07T13:21:33Z","last_seen":"2026-04-05T00:25:09.403318Z","times_seen":2008,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6950021a330043c92bd6e5e8855dbf92","sha1":"65621fd4e1e6be914d03cb30ce4c436700199af5","sha256":"586cf26aaefb3a5fffc237dd1b4ac04bdd44a2bc50764a8fd41de0dc724289ef","sha512":"e73e7e383f5590a6a35ff41a29ca040a63d52c192c50ea8d5acce7cfd517ac2134c7552b08f2058a34e925fbe5fbf1e1627133c9b3840209efbeb3cfa091c86a","ssdeep":"","tlshash":"81e07d750056f89f3c4a00d2e048fd444d955d0746210bd045380053d7c697a612c00d","size":307,"data":"","first_seen":"2026-02-15T17:34:53.348664Z","last_seen":"2026-04-05T00:12:49.411153Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"12c8ebcf0cda5b76e4d84de9833cf6df","sha1":"ed6c211148fa16c9641c00d979f70f481ba046d8","sha256":"f211d406727ba7839a02a6082ab87d1cd8fdcb9f595aab6a2b21887b6d05a601","sha512":"213139ed7c4fff337cceb4f36cee03bb9ffb5f59866d605d34e56efd9f2b210be391b361843ec6b5d97c9063cb209767b995a274da1f9a71d1eb54cf424eb369","ssdeep":"","tlshash":"16e0277d44e7d4df1c4b04a0d054ba1c4d453c4785110bd065781151dbd247e3235489","size":297,"data":"","first_seen":"2026-03-21T23:10:35.429691Z","last_seen":"2026-03-23T09:43:38.791514Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"93a6b90b2e2bf3fbe48c692bc4e1c395","sha1":"e1e79bbd81ae4bdf782ea27407be85748a1b090f","sha256":"971e4dce5fc779df1378443a9a5044181b97da89c22638e17ef6889d57401338","sha512":"2442df01d08d3153d95e648b80edbaac4b859ed826a524c91aa5148ad1298ae6a188690b91b21e78acfe7a64c310323ec238c328f8171001daa61254cef48fe5","ssdeep":"","tlshash":"cbd02323c185218e39654353f158ad5c4853555f8f039d8dcc4116863287596c69350c","size":214,"data":"","first_seen":"2026-03-21T23:10:35.424126Z","last_seen":"2026-03-23T09:43:38.774696Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ad20f997ba1a25085d763b0743242daa","sha1":"3002a8c71d307bbfee9ce7f49247dea5bd560fd2","sha256":"e74005abd61dc1b78cacbb93a8cbf1245011612dcfc6d5d90e59701a11a6a3f3","sha512":"67389acb719ac99df8617197a293c1fa1412258366c960fae6be21a379d206839957e998a9b9c27a5b86dc86c15462985a9f70688c1ea91d00eaf9ee151ddc9d","ssdeep":"","tlshash":"dae072668561ac25400ac292c248fe18e8ae209f8e26e940c0ba13321389e9bcc6331c","size":293,"data":"","first_seen":"2026-03-22T09:00:30.202492Z","last_seen":"2026-03-23T09:43:38.776809Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"493fb5f9a02f564fd72d08ce8b790129","sha1":"18a0947829b056b1f39cd0b9852eb51002173ebc","sha256":"f8949f32bf4dcab7ec756d6d2f0fc0f1ee681bc64fb7c35984e0da73db8b3044","sha512":"1c7d933fca47e82494e98668087ef532dfc31ee7aee96400094be13fb676e3d877f4b6185032ccceec402df9acf5c76cb316dbb0f9beb8e3721bc49c3ce6a0ee","ssdeep":"","tlshash":"f6d09730c8c100aa163361c3e06a35dce850300fc8d0a020eaacc2d203e1d59246694c","size":246,"data":"","first_seen":"2026-03-23T09:43:14.179098Z","last_seen":"2026-03-23T09:43:38.765123Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9ead319a8315077ec25bb74a8b7076d6","sha1":"b909bf37c354cb8eefabdcb82fe414798d9112c9","sha256":"9f0e556a7af39079253fbd2cb692a346da22dfd9aa12e0f16b56af35d8648af2","sha512":"4380f33312bec0b27a3d7e2a6b9e9f408ab09a205c50bb1045a6fa5986d75a9f3c22173d6ec73e799336d40f9df6baa64f0d9704ac4952c5453fd8a19bbe1e78","ssdeep":"","tlshash":"10e0277d44e7d4df1c0b04a0e054ba1c4d453c4785110bd065781151cbd24be3235089","size":297,"data":"","first_seen":"2026-03-23T09:43:31.178083Z","last_seen":"2026-03-24T11:52:21.663277Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"add32ac5b6988c110952b66b75c55783","sha1":"16a05dfca1a0003545556623f266b3e35c63b507","sha256":"963809f7d870ef34f8404a0bbc002f58876e720687d5a3316b72e72d6d71dfb0","sha512":"b6f0956301d916ddd8ad53dddb6ff1c3291aebcf30f69d5fad37a7c80c76ee4373773632bbe9ce748be67b935180d6d17b5b6761e4b1e463eceaeb26c32df373","ssdeep":"","tlshash":"6a90022484e1051141ca4953b223068d2382f70d859311061155454246c19808c40412","size":46,"data":"","first_seen":"2026-03-23T09:43:14.164921Z","last_seen":"2026-03-23T09:43:38.81401Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"ee80ded42f3f39531aafc7425204af73","sha1":"01bf353376248d0d9f2a2ba36d6531054a5514fa","sha256":"a138ff825a98b66c4a0c7e5d939b5cd2a4b132e68bcd336990a8968f292befe0","sha512":"d1cf97de1712d861248a541956769dbb63222c85baa6953eb8307c881d875680a7f6b4aeebd977716d9cf89faf51def2408c451cc275f820301453c04b72877d","ssdeep":"","tlshash":"dee0277e44e7d4df1c4b14a0d054b91c4d453c4785110bd065781151dbd28bd3235499","size":297,"data":"","first_seen":"2026-03-21T23:10:35.466642Z","last_seen":"2026-03-23T09:43:38.772809Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d8c7b9f3ced2efd69335dcc1fc0eab60","sha1":"cb210d1b833dc6a0c124d56cf58964ade9be5051","sha256":"7cb3f11771f57c7b72179a0dddc473daa044e94b516d5b314d82eeff12e6b88d","sha512":"06ee5039901feda25294c26bea04b15bcff7db5feec69456f529cc0f8bc8018ccb268ee071d10e1da3d9d4349894e03396284b90d734a55135635bcecbd69be9","ssdeep":"","tlshash":"afe0277d44e794df1c0b08a0d054ba1c5d453c4b85210bd4657c1151cbd28ba3235189","size":298,"data":"","first_seen":"2026-03-23T09:43:14.160665Z","last_seen":"2026-03-23T09:43:38.773382Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"dfc190f20d4a2745d02ce94969372282","sha1":"bab1659753c024cee765d044c26eabffb52930ba","sha256":"e3d8db3fd8360a06ff060f81f04501a19d3863502ae3752daee08861c9615f25","sha512":"30e481056bdb7afa1a47bd9c4eec965ad890229bc76886ca1ec436d97d20da36c35f4d289ccb48479785b7a4b48bb8ceae8532db844448fd7dac73666491cfa5","ssdeep":"","tlshash":"efd09571474658559607c6f2e468fc04a0d2104f9f61c404c9fe03732148d5f4c5346c","size":250,"data":"","first_seen":"2026-03-19T11:05:59.821815Z","last_seen":"2026-03-23T09:43:38.815573Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"be77318cab22632af129556d45824ee2","sha1":"793a0242c5be495bb625b18fee7f907208a6be58","sha256":"5128ecb3c1144aa11f369aaeb74a3e00a6038988125eca92bb7470081bbcbd71","sha512":"b19b79a5842633889d01e28dda3a972cd9eff349cb62033326f004180b88750c08640b6f001b72ee44ad5fddefbbdf7c66494a8d33c06ef584be4383a8081b53","ssdeep":"","tlshash":"a4c08c53d2d710a3c07245e3012a974c30a3c401cb020a0a92ab35c20688c82341a814","size":154,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.389016Z","times_seen":634,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e5f3d7c8bbbddc28dd787b594ea749f1","sha1":"052df94f5b0e4e7d85585db539ccbef4437fa01e","sha256":"7e23e0545ee0dd240e915ccf5e3bdbdde7ccd77431618e306816674260474d35","sha512":"5d1b2c73053be51d62207881f5346c420612a006f528dc5dca9b938a2e715339971e3b4b03715781ea5af1844e2569c696af6f905b9e927a08e1daa74d4cbdd4","ssdeep":"","tlshash":"3dd09762c49408b6353ab2c3c2687f94d481308fcc877639efb443e313c6d2a68a340c","size":251,"data":"","first_seen":"2026-03-23T09:43:14.159583Z","last_seen":"2026-03-23T09:43:38.828646Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7ae51421e62901ffceb0e8f1e2b444bd","sha1":"0439ebf8622c1c747c34a4af62767a2984f4669e","sha256":"2da4e423098fd51cc03f7d24fb6995d4c49896082ac495cb58d972150c03ef90","sha512":"4f9f68fdfd8afa9715cde49091ec354d70798108f267a594904b98f8d77a4d23247d1571c941e050b210471f9f752a41d1724eeb628d469173d843a616d9bb4c","ssdeep":"","tlshash":"79d0977184c508ad3231e5d3e2b82948e080200fccd3a001dff811e213c6e2e38a184c","size":242,"data":"","first_seen":"2026-03-19T11:05:59.860171Z","last_seen":"2026-03-23T09:43:38.768757Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"79e5239052c51b490bf5f83d276bc3c4","sha1":"ddd1e6b21cfff452458715f4ed128bb8db81690e","sha256":"a58dc2dbf186883f9426ebd0bccbdcfa290a0da4220e727f2715d4c53527efa7","sha512":"692a7bcba9dd6ba05f44a684a697f4a8df7d18bf16d878d04b29aa61d34415696d67bd9c4772b30c8d67f3a4986f4270b526c21040fcf3b1c8d38f969bba5d24","ssdeep":"","tlshash":"85700020200c0022008b20e32003020322a022088803800200e22b200208c000200c00","size":25,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.389669Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"520e2b2fe06ee244e2f94e2798d76747","sha1":"a68cd2952569e1310a7dbb750194d62c10e2d3d7","sha256":"8e054be4687382dd7d5dc930839f63ff6737b497867be466ffd19e2095b8f596","sha512":"ff070dcb89106568f2c204be69f7f4d7dd8661f13a9f186d2200594987274fdc10305300538025dd4c109a33f4c986e630e1b39c7ce1bf228d3fe8617714da4b","ssdeep":"","tlshash":"37e07d750056f89f3c4b00d2e049fd544d551d0746210fd485380053d7c697a613c00d","size":308,"data":"","first_seen":"2026-02-10T21:21:57.63089Z","last_seen":"2026-04-02T08:13:27.097699Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"a0490c52765e752288b64ed39b30a729","sha1":"7397f8e0004ccc458bd3529f94b820b822d6b728","sha256":"157d444f0d7c647b48c04ccdba7351e1b8f3fd721348567f3272392bbeb6af85","sha512":"7c05617f98f68e7e20da7f4c3071c871554e1c26581736f189554ed1eff8a6eaa08c5e287fe44098d1bed30d5cae6d6a2fefb8d3fce1f29b725a58c2fa88ef06","ssdeep":"","tlshash":"bce02bbe84e7a8df2c4b08a0d058ba1c4d453c4785220be0a6782252dbd28be3239189","size":298,"data":"","first_seen":"2026-03-21T23:10:35.41964Z","last_seen":"2026-03-23T09:43:38.78751Z","times_seen":15,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"121ed942357e9afd923ca270d3f9de2e","sha1":"dfd14095f579b90411d27234b57ca3f86e72cb2c","sha256":"6f000dc710c5fb3d9fd70114bf21c844836ac2ff6a9ffae6579f9a07ca35e500","sha512":"9ae57aab3099ec8720871e4e5205d07b85c5dbd73aa810b69a0f3559b9fbc24bcf45f10f6bc3b1bab6398a1b8ece8255aa8b68439b89669af67793f46eef4ae7","ssdeep":"","tlshash":"b8d02329c3c9404b1e105dd3f5a9f8ccc843714b4f53dd56dc54055001d01e2c05954c","size":205,"data":"","first_seen":"2026-03-23T09:43:14.161494Z","last_seen":"2026-03-23T09:43:38.794802Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d3cf59df9baeb40562ba6e5c8c7bdf8a","sha1":"6ef8dbb4529b0dd79e869da26b2fc71333bf703d","sha256":"b9eba0c84ae75f13013160a2e01dab7d2d4e43e42ba913de0067487b77800b52","sha512":"8e316400a166b956d1faee0c0c2e48e2b5c3b6a1b974d38a9b8817f3476aa74c4b0bef6c16fd6d972c9770ccb587c7b1048978f0776ff8c9d6dbe7e7744939f0","ssdeep":"","tlshash":"c7c02b53d1d71023c03ed5e7213e674c30b38200c3220a08937e31c51bc9ccb3495814","size":156,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.397569Z","times_seen":633,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7620cb2afb831717164b8fba61f81244","sha1":"8c4dde12efdac9161c827c1e6940394c5a1ff083","sha256":"8c4578574be3f89d7ff2783d0b9a352b040ddf20d51573cf7b738ae10a6c8ef5","sha512":"bd0f4eee9ff182259d4b64cd02d797485677d500b04ce0831da667d979b14cb6b39bcd19b25f4f716b144e1649a963d600e927f561b679c7a34e0aec412c3fee","ssdeep":"","tlshash":"06e07d31d1526c66605ad6c29015fc38d45910ce4f337208d9b642321249ea7cc5315d","size":296,"data":"","first_seen":"2026-03-21T23:10:35.455294Z","last_seen":"2026-03-23T09:43:38.827844Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2babd66bd50552405f973ad736cebfb5","sha1":"163f5595e8942a3204d117e1bf5f4acaeb9df684","sha256":"5c78aa5250eb474321d7797e28a0e34841be9a5bd0ea8fae578b516b3c3257ea","sha512":"cba21ee8bdb15fac663a7c45a1ffd9a29d4625c81525a380bd096f3cc5a807112f7d1aa9bcab370f0b118787c43195fdcb852d0ef306a859998548353b47784a","ssdeep":"","tlshash":"efa002136484688e83e95c6f54308f99a653a26c25024d4524489de459d2558cd04c65","size":59,"data":"","first_seen":"2025-11-06T06:18:09.957771Z","last_seen":"2026-04-04T19:02:37.989242Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d2051232f76f4e260d05cb89be7fa7d5","sha1":"0271f94c8c7bbaee3bd5578fe3502cc49ea28253","sha256":"f633986e2167c550e1be88cdccc28d691e2cc7cce1ce31c91de9c1daf13b8869","sha512":"0be3038ffe16a0325ddaed6613df0f9cbc0d4084dd9e9659ad6935e501f0f0e3f2b0ced942f8837389c03dc522a5f0840c386801152ed216e8f936e630025601","ssdeep":"","tlshash":"e0d02b7b50f6a89f2c0700d0e048be585d462c0745210bc1d6781152cac28b62235089","size":276,"data":"","first_seen":"2026-03-23T09:43:31.191439Z","last_seen":"2026-03-23T09:43:31.191439Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"af539a6783f59a5566aaccb01fa47f49","sha1":"4e9799a104cbc5690b5ecc0e3e0c535a1b962a8d","sha256":"0e3be15e3b1b634f74a59fa8dfdb173efcf7e3ebb96d603242c512c242b788dc","sha512":"8b682e9b95a88cd31dbb43a63bc8cb7907f4af45971f7a52da0e928eca97344589f93db73e4e739ceba59cb9967db99f94f1e5388e2b017ef2018879f745ce53","ssdeep":"","tlshash":"0ae0277d44e798df1c0b04a0d054ba1c4d453c4785110bd4a57c1151dbd28bd3235189","size":298,"data":"","first_seen":"2026-03-23T09:43:14.180785Z","last_seen":"2026-03-23T09:43:38.784235Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"312c2ef3576c201869d3f65466227a71","sha1":"cdb649511689a70b649d36a42a5309d1dee47016","sha256":"828062a4b394c488fd443a753d9b7dcc20d6b002a2ab1f0270e8019de257813f","sha512":"f2032202def097b76ce7848697a2687efcb8ab2f92d28d4620f42be27482dfadf09deab9b315e0e66dd4c548bb1dfd1ba6c742efbdf56997013ca3e52ec46ba4","ssdeep":"","tlshash":"f0d0eb30c289e08a862280c3c0acbaccc082308fcb12c04fc834a023a181e230c020de","size":276,"data":"","first_seen":"2026-03-23T09:43:14.166983Z","last_seen":"2026-03-23T09:43:38.814804Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"4998daf62566b668575ba317054d9411","sha1":"17890916ac8d8f3f80c1d6806a0337a31cba2971","sha256":"2801370ac48996d7a98bc5fe9b90d3869a81999de7e9eee993ecbe07a568c93c","sha512":"b9e369f07024a16d927f5a72316155fca73d8923179df09c347041c9a3e612b5687c5edfd04c8f258e40b113cab7cabf8ffecdfdc38bfbcd1a44dad51f0eb9c3","ssdeep":"","tlshash":"6cd07d31d281b476d11561838059fc28d04110cfcb17a24e8db181136281e6348130de","size":291,"data":"","first_seen":"2026-03-21T23:10:35.446213Z","last_seen":"2026-03-23T09:43:38.793982Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"bb620d51e34222de7e4e52c57199c87f","sha1":"ec5abacf00d628d7b050acc10f7b62b9100a371b","sha256":"0e4dcb2984053ec4e2b16343b52eecca6ef1049703498218ce38f99d8d5e7c48","sha512":"76999446cf455e3aa4395afe740b02912cdae256b018ea7d66c760161cdbcb113213eccde0f0d0020c82670e236725c6e420d71d39158fa7d8fc2d00b27abe44","ssdeep":"","tlshash":"d8d02377d185414926d15d87e5ace4ccd493714f4b539546dc42198751d0157c00d14c","size":208,"data":"","first_seen":"2026-03-23T09:43:31.196765Z","last_seen":"2026-03-23T09:43:31.196765Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"929cf1627dd5655725d8a902014f4a83","sha1":"582cc84eb7f87a801c9c88a75bced78f88e1284d","sha256":"678e8ef343c4e6fb6f5b72679075691e8c2cfbcb585fefa3eb72ad25f4d1c448","sha512":"043fe78a4f04df05bbc122e591333249e2d8b74970e6f6844d6340887cd7c97e229022fe4531a83613cedee5fd7b12c900669aea9125b1f9e960e759d7994657","ssdeep":"","tlshash":"ddc080765185405a36019ad3f678f84cb4c3145f4f93d915dcd546d111e415b848555c","size":175,"data":"","first_seen":"2026-03-19T11:05:59.827445Z","last_seen":"2026-03-23T09:43:38.811174Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c292815388e3b47f50aba2302b15d06e","sha1":"34f9194e674dc89d63db821da45752aca6630f16","sha256":"1128ab6614963ad228261fb5379d74174cd962fed5c990031405289688526602","sha512":"7895978bdf210fbcb1d0e7cdb9814391607005fb62b932ded08b1bbdab8ca019a6da8bef5ff8b2efc2be3a491737fc44a26e49c6e9b92beda2beb705aaa7d6c3","ssdeep":"","tlshash":"849002244000a47d204344c051103a3d51c195078593459957710147c9e192a891450d","size":52,"data":"","first_seen":"2025-06-02T23:36:48.295996Z","last_seen":"2026-04-05T00:12:49.385506Z","times_seen":877,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"fb862e1000eba7f335acfbcbeb6f3687","sha1":"5e8a0d1c569221490cfafd74a8a089938f854118","sha256":"d2a23844743a108b9f813f17d9734623322011b41e4e34aecfb71c4cbf207d43","sha512":"76d37775c52ff87af9e30ac6a3426b5a31b094288c44d1c8b679a918d3868fabbba2c1629f650e0c7d402829b2d71d37ba2a363e616711459b391959db345722","ssdeep":"","tlshash":"83a022803e80c0ee00a080a302fce80f88080a880022e8a330c22000e8083f83e02c0b","size":71,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.408728Z","times_seen":646,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T03:47:03.156897Z","times_seen":13357702,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5bd530ac33ea6d4f2b33848445441e00","sha1":"ee1f4bd90bb90dc1be92523babd7f987bb90d552","sha256":"4dac6b47449fe4fa86650cf9112af1bf7ba965c1e0cbd0d672026cb7d2571409","sha512":"6da4a412b4e4c751af70f3297ef580253983b0e2862186de0487ff1106767f77b7c8677865069de91c4c6b219ba9ffc43f11bf37768cdcf2090a509af59d5e4c","ssdeep":"","tlshash":"37d097a1c481009c0a72a8cbd5a8699cd091305fcce27001dea881e362f2c1e345604c","size":252,"data":"","first_seen":"2026-03-23T09:43:14.174283Z","last_seen":"2026-03-23T09:43:38.813122Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"6bcddc616b9581f363d8bc5f1c57b65f","sha1":"c8b823a3c769b301d9614eaab01ca3d648902097","sha256":"e24653829a6d67e83a3fd0438b34ee124c25c5c026ad4f38f6764a5bc0f725f0","sha512":"6ce5ed32c213cfa7a10e59d605aaa92f46b042c8ec62452b7d2f96fbc33532239bef5ceafd59dc8a84311082e0020bd2b0b8a14eb05c10223097398818f747bb","ssdeep":"","tlshash":"24a0220ffc03cccc80000ec8c0fae828c008aab8c200fc8c82e2808c2b82fcc0c00088","size":82,"data":"","first_seen":"2023-03-07T14:03:47Z","last_seen":"2026-04-05T00:12:49.428518Z","times_seen":787,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"194667faed62442465399ae6c5630df3","sha1":"55ae5ceec03244f09ef8f8d8bf063b61b4dc2444","sha256":"f32db0f682966ba99150844dddb9e6becb9255c4f0a938039b315477de8d7fc7","sha512":"1a764ed570994b8a1f8ac46920296f5fba0c4beaba4624dc44655d8a095750e92469d2095319762656a1a7cc6dbce850571b796c175b8f04c2033775e6ba604f","ssdeep":"","tlshash":"4b90045154511013c0771c5013140f47d1d0444543ff53040153010f03c7c5c5f40544","size":43,"data":"","first_seen":"2024-12-09T15:24:25.171861Z","last_seen":"2026-04-05T00:25:09.288249Z","times_seen":1592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"c654e277075eb221b4739046c23ab010","sha1":"1abb5d078a3ffed8dde4811e4ab60bf13a93d7f5","sha256":"cc7f1414c195974289a83fc9b51afcf152f5181fb01fc32d5fa5c72f72160001","sha512":"f930763482d9e49cfdbf7959342c4cfc5c285e268bd0e9b94313a8dab31bdac889f1c94ae0456482dee963d94f01e21ae3cd3b532abc4defc20cc371e290e346","ssdeep":"","tlshash":"7dd09772c08b0b9d033191cbd2512994d061308fccb27120cef987f793cee2e28aa04c","size":261,"data":"","first_seen":"2026-03-23T09:43:14.145218Z","last_seen":"2026-03-23T09:43:38.819655Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2fddbc8b699825510b1eb173db8985e1","sha1":"3bbb16567d63929ea06a524f191fc2e92c339368","sha256":"5f653d44c8008dbaca46d20495eaac795747dd2e3f4816d980bc84ddd02c3b7a","sha512":"70162e86950823653d853c1d47c12d8115d75baba2d3bf1b57e3193b59d16a47a9b34694b4599788301b8ea5dda55e4cb9c617c26982bea09eba30d9d1d3db81","ssdeep":"","tlshash":"71d0722ac284e598c1088083c0d87e1ca84a109fcb13e68accb1522363c1f6a9cb22ad","size":284,"data":"","first_seen":"2026-03-21T23:10:35.447322Z","last_seen":"2026-03-23T09:43:38.822088Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7b24cbcaf4cb0c1902ddb8602a3954fe","sha1":"1652c45cc7f8778e0fd8044852e13d56815b2f19","sha256":"4f43360065e2f58cee087ed65561d7b3ac9d2f19f4f6a4e54521904b5d28b470","sha512":"e8058237bee4c9c0cdd3e1bdae71dc534f31cac326f17714cd0dd009bf6f225b0b378da459a2e24953e1797e61a20b9a9e255cfbf1bcd067a1784624704d9425","ssdeep":"","tlshash":"6fd0eb61824294880202c8bbd088bc48d893700f8f32d008d9b600336008c9f8c0309c","size":274,"data":"","first_seen":"2026-03-23T09:43:14.170876Z","last_seen":"2026-03-23T09:43:38.816242Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"5737a1b9d109c6c10538e2fbd8d64077","sha1":"fe83d8518b4273ac106ea14ccc3fcca13f5c1211","sha256":"59c17b05990eab5abfc57bc2e1c3ed79f5f3c2d1ef48b05a144a6c85fc4a66ae","sha512":"0c44caee1a281315b3b483a0bcb9fdccc3dbd36fdcf32e96c7e89ac71746e1631ea5403cb232c53967342fcdde26ee7e595d824e046e3f686ec52bd5b588231c","ssdeep":"","tlshash":"4bb0122c483a70006366a1437ac55b0062b24b67d733455411b0892372cdd1500ce9ed","size":89,"data":"","first_seen":"2024-06-08T10:58:31Z","last_seen":"2026-04-05T00:12:49.38767Z","times_seen":636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"1a44e79b8487bf8969327e68eee0aab8","sha1":"b92da90df8a2e8e5224605c84f8b17d4d705ab95","sha256":"8812c0fb9d40be5bb88c4b2113c7c32add00eb66ae6f56688468cfe67ee058ac","sha512":"32a337fac74ca34e4c6ddff8e899a3c29ed232099284313fe65b4ee56a29bb9b947f5e8c5c32040e582e3d39ae6042405f30e546f3fb896bd158c27602fd2a2b","ssdeep":"","tlshash":"10d02ba5c96a5c5a4136c5d3f0a9fe98c46a304f8f31e409d5ba6332554da97cc5318c","size":281,"data":"","first_seen":"2026-03-23T09:43:14.172919Z","last_seen":"2026-03-23T09:43:38.77883Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7dd8de3dd4f5d83ff1dfb5fa64ac98ce","sha1":"ef0c53b267323051388c771294f249b95d9d155b","sha256":"64be2217a6702cd654b81f76fc7890f28c0567cf84a5031568e6019d97d464b7","sha512":"b6ac3f7d66dbec678bc6a5db3bebf34c7b79a27f0b1b88e330ea131a4d511435b7bb3c763c7740d8277b881309c04b96567e24f08f831e2022d4ba03544040ca","ssdeep":"","tlshash":"99e0277e44e7d4df1c0b14a0e054b91c4d453c4785110bd065781151cbd28fd3235099","size":297,"data":"","first_seen":"2026-03-23T09:43:14.198373Z","last_seen":"2026-03-23T09:43:38.82048Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9f0bc92ff20e4b60840a4284a25988e1","sha1":"79ae7749f1fef66fc679a8e2bf7e1f5688059c6a","sha256":"c730be65a526e28180c92e767e75348bf030400f8b9e5bbe01905d8dbf970216","sha512":"dc28860ecece8c4e29eafeb5e0cb2463b59c60daaa850153f5e849dab0927f026935fbd0a8990aeba074e4b2178c7dea675738a0970b3a46109d8170cabde3c1","ssdeep":"","tlshash":"9790041541511c37114f515370130d341dc1c31c4141334c4cd70cd54101fc45000500","size":41,"data":"","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.476416Z","times_seen":648,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"24dce5552ede50eb264bf12f32190249","sha1":"f9be2c1a6dfead9f573f481131cc3eab85935310","sha256":"d8827ac8b2fc495d61a2f1bb8895ea2b9356291c46e8968bca1ef86450c22263","sha512":"9a3ce9e07e2523ef63bdbfa475f36b9100301c4f1d071a37985298662a40161c0fb5a2cfd2cb44d7a704d7f1ac490836c8ccec6dc0422fda012523c7243ad6d0","ssdeep":"","tlshash":"1a51cf2f5a13110c791554b8df96174f233ea003e20bce5b7ea99298ef851ec95b2b8d","size":2929,"data":"","first_seen":"2025-04-15T22:54:10.194003Z","last_seen":"2026-04-05T00:12:49.410452Z","times_seen":482,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"2080afa21fb659675cd94bdf579af7ac","sha1":"3ddee6fc1914e60cb10a6d72e7426e8ec04f1a0e","sha256":"180d089f51aaa9d23def8249d2524f647a487ca3a142894c7524c3c8e38f0809","sha512":"40b6b43fc7491ca129c739c77454a05bc5f90e64577fcc1a4f59fe3a26c8c82a2083a82718422d8cde54820362431c2fbc51400126b6742da2f32b96b5efd072","ssdeep":"","tlshash":"da70008000a020220032088002288e8fa880000280ca220000b0000202cec082000280","size":23,"data":"","first_seen":"2024-12-09T15:24:25.219875Z","last_seen":"2026-04-05T00:25:09.261772Z","times_seen":1592,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"9b7f80cd95688523a45b0eee41ecb741","sha1":"0b6f0c5ea4e4098c5bf9e8e9549250954cd7c8c9","sha256":"0e5206da97907b1b3d542bc6637fefe0c0be4af7a5147ae43b3241cce64a5572","sha512":"b6a4758789bee9a5e4d5c3e57ac01fe6bc6e156fdf86ad82bc4bc4771834b59991594f624dabb87d80a1bed2ed404ab73dfe37bbd8bf8c6e468554a332643b63","ssdeep":"","tlshash":"4de0277d44e7d8df1c0b04a0e054ba1c4d453c4785110bd0a5791151cbd24be3235089","size":297,"data":"","first_seen":"2026-03-23T09:43:14.192718Z","last_seen":"2026-03-23T09:43:31.211093Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"f75a6b2400903f2363ebe2a58ee1a428","sha1":"5c34639e3fe4ebaded4504bb0201b3671c77a98d","sha256":"3cb40be669357c01dbd29e3aa55b816ad38ded2afd6f8de4a3ca1f36bab731b9","sha512":"35d0aa06b589b9ae297e8972a96318038223e92aefd8ae2c33d00e32f95355d6c5c48f653081971d5bdfa39749eb1e13b73addddb412789164de439ce2fa5903","ssdeep":"","tlshash":"71d0227251cc407322828ad3f5b8fe08a8c3605f8f82860eccee46e121a4a1e890246e","size":215,"data":"","first_seen":"2026-03-19T11:05:59.832119Z","last_seen":"2026-03-23T09:43:38.825559Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-23/901.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/901.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:11 GMT\r\netag: \"69ab4187-45cf\"\r\nserver: openresty\r\ndate: Sun, 22 Mar 2026 16:19:00 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 62648\r\ncontent-length: 17871\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 7718177760110020234\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17871,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"3add2622bbb12ca2fba0d83af250ed19","sha1":"42a104bbf40306780486db556bd1fa3506420d75","sha256":"21cd030449568103eaf6e5c0e4e28fcbca7ba25150d6b287139d63077264778c","sha512":"494284b3dba889f486204f9b65eaf034a020efa2241484caa8f585efe61bbca0510b896a471bd2bfb74f5399bd6f05654acc2db9ee48abc6a6f5cdad132c826c","ssdeep":"384:F4hYyWkuNUORNzLx0AHq7Y/WCYWsvK0KBdKllfT4y3o3JL56DA6xr98g5eh:F4UubE/jYvK0KBdmT4Qo3h5608tU","tlshash":"eb82d0c49c0f10579b7d885e8023b9bbbcfb2497e1ce2009af1463a8ad5a47537467e4","first_seen":"2026-03-23T09:43:31.053404Z","last_seen":"2026-03-23T09:43:31.053404Z","times_seen":1,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":37,"dns":12,"connect":24,"send":0,"wait":39,"receive":5,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/favicon.png","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:51.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/frontpage.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:51 GMT\r\ncontent-type: image/png\r\ncontent-length: 1747\r\nlast-modified: Mon, 26 Jan 2026 16:33:02 GMT\r\netag: \"6977973e-6d3\"\r\nexpires: Tue, 24 Mar 2026 09:42:51 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 87 x 106, 8-bit/color RGBA, non-interlaced","md5":"0ee79d01b12c2d1d3b00034fb524ffa4","sha1":"fb46d568086a8830b43de200bef82fe4eabdb8a4","sha256":"6af8eb66e8e8999a644c3686783934cde248df5f36c56d4611f02e8eb08182ee","sha512":"4d758f21bc9b479eeb25a6aaa41fec4cc810f22c4e8e190c8e1e1f73b8eb3bd2ba4996e6caba8e04d885d85148f92c4758775cf489df4200acf5d481517e8b95","ssdeep":"","tlshash":"0d31b4c34436bde489825ce34125c57c26cab4da7948cd29ed08a363237a72d7e17cc3","first_seen":"2023-05-22T11:51:11Z","last_seen":"2026-03-25T23:26:36.830121Z","times_seen":634,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":163,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/cookie.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /js/cookie.js HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 12 Jun 2025 01:32:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"684a2e38-97b\"\r\nexpires: Mon, 23 Mar 2026 10:43:07 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2427,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"6a03d97ef3c0c2af25173f367da6d3b0","sha1":"2d689478fab5f3d86e45aca0e6345ea5eafdb178","sha256":"24c7009e8cbd0e9ee4c82320cdfe3de0c42373ee9d603a9c242afb3e3f6692cd","sha512":"a9f173184707eeaae3a92670ecd49eeb6d9eff10bb95705128f57ba7c3bb58b5065996aa97f9d64eedc81f6252a4bbc75252fe027ca6edd0742b862df0314b59","ssdeep":"","tlshash":"474120943c837b099536f171cb3e6348f9f252279229de50380db3b09f009218cae1e5","first_seen":"2023-03-07T14:03:47Z","last_seen":"2026-04-05T00:12:49.310894Z","times_seen":1169,"resource_available":true,"data":null}},"time_used":2141,"timings":{"blocked":868,"dns":1,"connect":296,"send":0,"wait":376,"receive":0,"ssl":597},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/mobile.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/mobile.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 3750\r\nlast-modified: Mon, 26 Jan 2026 16:29:35 GMT\r\netag: \"6977966f-ea6\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3750,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"9e2d4cf271f1ed5f9b41ce8108cafb25","sha1":"b0157b4a3b37221d7783af918397c12cb8443231","sha256":"5b7de9a13c6c91059394808a063bd6aef0f71f939378e89ce83ccfbe71e1f1c2","sha512":"3756de5fc233f97f2dfd16c2bc71807f307981bab84f359f0d161df4e4b7f432a0ff972d76f832b5c4cb45836818d19d4b19393e19870a85a5bdd5bc1002bbb7","ssdeep":"","tlshash":"bf717419bae95236896b22b72affc7443470e0035982dc04be4dc0a09f90d261dadfec","first_seen":"2023-03-08T13:02:56Z","last_seen":"2026-04-05T00:12:49.342669Z","times_seen":660,"resource_available":true,"data":null}},"time_used":340,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":340,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/images/iphone.png","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /images/iphone.png HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nCookie: laiguo=true; guid=659a3d342fb025b3357ab4af4bd17649\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 32333\r\nlast-modified: Mon, 26 Jan 2026 16:35:43 GMT\r\netag: \"697797df-7e4d\"\r\nexpires: Tue, 24 Mar 2026 09:43:08 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32333,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 565 x 411, 8-bit/color RGBA, non-interlaced","md5":"533ed46c5606d46a42910c780c7d6d6d","sha1":"9514dbb3506a5d635cc0c73ba71e04fb70c1bf63","sha256":"cb0b2a98a02f4005c41361f4cc0a852f67efbfbe2d201ceb2a1357b3dd95e364","sha512":"0cfec5f6d1f96b7b7d2b0fe3cd23ded63fd90c8119c5f396c96b894748eae5275cd0737e90e2ed07b67f1dd266ff58dcd4ce8c1fafa6a65c55ca3d1a048a93c8","ssdeep":"384:VAO6M8m55BidN4HBQlhpxGEliR3WFALlGrX47N2uWKOgQTUnaCEHtGk:x6HllMaA5Gj4R2utOgRaCEZ","tlshash":"efe24c106fe3f8e988cb2570258b7b41892a475ff9a0cd21369f4519bf2073e7d2d989","first_seen":"2023-05-07T20:07:09Z","last_seen":"2026-04-05T00:12:49.317503Z","times_seen":601,"resource_available":false,"data":null}},"time_used":388,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/style/css/1e3.css","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /style/css/1e3.css HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 25 Jan 2026 09:50:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6975e74e-1ed97\"\r\nexpires: Mon, 23 Mar 2026 10:43:07 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":126359,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (12708), with CRLF line terminators","md5":"021458b3531f40f51cf751acc4863919","sha1":"2ca74b4c3020e2f71d5017d770f9ff2e63a74ac2","sha256":"bbb868dafbeefd1d0e05dba7832693b540b45a98322f80e7aa5b774a7ce3cc13","sha512":"cee6d0435b38d52bce517f7ffb755f3185b369cfac9610ac2df9f379747c32b81cb016356dc373c0e7ff8a813843d390c8e6a5414cab1719b932f4be7f1e99cd","ssdeep":"1536:G/guaDP2OVh6w+z3GGtk183ETTDWAfXYb1yECVfIJJvJ:caDeOf+C+38DWAfXYb1yEUfIzvJ","tlshash":"d1c3e731e854b5dd132a4b01fff15ba56f2ca0bbde4b199ef6267b2ccbe25453522080","first_seen":"2025-12-07T17:04:53.961695Z","last_seen":"2026-03-30T02:06:52.440991Z","times_seen":159,"resource_available":false,"data":null}},"time_used":1453,"timings":{"blocked":615,"dns":0,"connect":207,"send":0,"wait":209,"receive":0,"ssl":419},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/images/logo/992kp-logo-162_50.png","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /images/logo/992kp-logo-162_50.png HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://992kp-js.com/style/css/1e3.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: image/png\r\ncontent-length: 2644\r\nlast-modified: Thu, 12 Jun 2025 01:42:03 GMT\r\netag: \"684a306b-a54\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2644,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 162 x 50, 8-bit/color RGB, non-interlaced","md5":"f0b28ba2fc7ec0893cf3dc991274dd6e","sha1":"6b522271e1e02d547349997a37020d6a7a95b9cc","sha256":"93e02d002e52d6f957675fea90f76d3f48ae4bdee4dd51a768ffe6c8a4c90f9f","sha512":"b78f4b34fabb5f8600175102c8e36644d826f723c95ff2c0178c60c044a860db538f4a8975f402fe38f6db0aeea963efe577d907ed82d4cc6195c51de4d2f1ad","ssdeep":"","tlshash":"79515cb38b41981051bca7d9d80a6649fc5d33744837721e310cd6359769ceb89aa1a3","first_seen":"2025-02-26T14:20:57.620992Z","last_seen":"2026-04-05T00:12:49.30864Z","times_seen":535,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":206,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hgetryn.sgsjlxgw.com/99yl150x150tp88pt.gif.js","fqdn":"hgetryn.sgsjlxgw.com","domain":"sgsjlxgw.com","tld":"com"},"ip":{"addr":"23.224.225.139","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sgsjlxgw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 19 Jan 2026 06:53:17 GMT","end":"Sun, 19 Apr 2026 06:53:16 GMT"},"fingerprint":{"sha1":"EC:97:DB:CF:13:D2:BD:6E:09:22:65:33:53:C5:8B:F2:92:99:24:E6","sha256":"21:F0:59:CC:D2:60:1B:02:B6:C4:63:82:D7:8E:5F:BB:01:7B:77:8B:39:2C:22:16:40:8F:3E:C9:B5:31:93:1F"}}},"request":{"raw":"GET /99yl150x150tp88pt.gif.js HTTP/1.1\r\nHost: hgetryn.sgsjlxgw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 129080\r\nlast-modified: Fri, 24 Oct 2025 16:20:30 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":129080,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 38594 x 49664","md5":"64494fbacd3bd034d026c97e50aeeeb0","sha1":"74a4ab8e14cc479121bd63b3e3d58bb1087f36bf","sha256":"7753f5bcf2afa37c3d998cf20055c9d970079f925f4a4abdcb7a880950b28872","sha512":"aaa6ec4233a40ee82caeee66f9643c8156e1bb169c7b61b92bf579303d60a9e23ac746aba2f8145c9be4ab1cb57a890bc99b5443662d0cf185f1d7b243a4a7c8","ssdeep":"3072:S0vs2v9ia4aPy1YqtSMVbUExRRoUmhD0KhD0KhFfEDwxuAKkVP/kKnFc2byArGBu:7F/vqtMExReRhD0KhD0KhlhAA3nkIFIw","tlshash":"ef04e106a6c8f724d23a63faed1396e15006eb5ce397ad05c83569e05cc953d378e8e3","first_seen":"2025-10-25T10:26:55.454715Z","last_seen":"2026-04-05T00:25:09.212232Z","times_seen":541,"resource_available":false,"data":null}},"time_used":1210,"timings":{"blocked":-1,"dns":0,"connect":157,"send":0,"wait":561,"receive":193,"ssl":291},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hgetryn.sgsjlxgw.com/gfsr4ds5454re541fd45ret4y51dfs1r1sret254s.gif.js","fqdn":"hgetryn.sgsjlxgw.com","domain":"sgsjlxgw.com","tld":"com"},"ip":{"addr":"23.224.225.139","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sgsjlxgw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 19 Jan 2026 06:53:17 GMT","end":"Sun, 19 Apr 2026 06:53:16 GMT"},"fingerprint":{"sha1":"EC:97:DB:CF:13:D2:BD:6E:09:22:65:33:53:C5:8B:F2:92:99:24:E6","sha256":"21:F0:59:CC:D2:60:1B:02:B6:C4:63:82:D7:8E:5F:BB:01:7B:77:8B:39:2C:22:16:40:8F:3E:C9:B5:31:93:1F"}}},"request":{"raw":"GET /gfsr4ds5454re541fd45ret4y51dfs1r1sret254s.gif.js HTTP/1.1\r\nHost: hgetryn.sgsjlxgw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 37794\r\nlast-modified: Wed, 08 Jan 2025 02:54:06 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":37794,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 38594 x 49664","md5":"32da23df6a58530640a3f65ca47530ee","sha1":"8bf94d9f9d00ef54b9a1daeb19897d28375bef3a","sha256":"2ae320efd18ab686fd9ff720d3f872cd28c00c265c6fa2dc0bcbc0949307e303","sha512":"232069028a8e8f3050bfd83e9fa3a92a4ee5184e9ac3f8a828107701be9206546d53f08cc7ee27a210d525b6345c418100f7c7df7e4322e436a4bc9009d6593e","ssdeep":"1536:27gMimX3SG7AaDMqUg90p53YZlHIIpYdRnNrU5neUII:2MRmXC4BFUlP3YzocaRlUJ3II","tlshash":"d333e003e7e6a3b5c075b3d00e4211e22946dae0e6d3dd01fe296d516c9157cbbdd2d2","first_seen":"2024-12-25T02:04:14.016193Z","last_seen":"2026-04-05T00:25:09.164811Z","times_seen":920,"resource_available":false,"data":null}},"time_used":647,"timings":{"blocked":38,"dns":0,"connect":162,"send":0,"wait":155,"receive":224,"ssl":172},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kp-i25372.com/game/jc-02-h5-1.png?2","fqdn":"kp-i25372.com","domain":"kp-i25372.com","tld":"com"},"ip":{"addr":"23.224.70.154","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.189Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kp-d25713.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 24 Aug 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"79:8F:40:A0:21:6A:25:A6:16:E2:59:BB:8D:D9:4D:4B:90:9C:70:D1","sha256":"69:95:B8:DC:16:E6:F3:9E:1E:2E:6E:F7:3C:47:0F:5C:4F:15:F0:C8:82:C2:D9:61:FB:94:A9:52:AC:85:2D:C6"}}},"request":{"raw":"GET /game/jc-02-h5-1.png?2 HTTP/1.1\r\nHost: kp-i25372.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 16766\r\nlast-modified: Mon, 29 Jun 2020 15:27:06 GMT\r\netag: \"5efa084a-417e\"\r\nexpires: Mon, 23 Mar 2026 10:43:08 GMT\r\ncache-control: max-age=3600, public, max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, If-Modified-Since, Cache-Control, Range\r\naccess-control-max-age: 86400\r\nx-resource-origin: Edge-02\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16766,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 190 x 190, 8-bit colormap, non-interlaced","md5":"5a5f9f09ea9acab52565364016d78578","sha1":"a431edb4fb55f8a472fdef37a89286583f0e21f6","sha256":"7e59e2f10f07e91a3c36556df6c75fdd555ddec2d5a41261888bdbed0040cd8d","sha512":"33f636974167aecebbe54643afd17f12c4b5f9ece244c750b6872eeb70ea97522d3ba69493fa0793e63276d8e6b855603b8c68240d5bbbb779d4ecf1ff6948e9","ssdeep":"384:DFQIgjqDr0NBZdUC/IvCyf7OYfNq2tcgVMA5Zrv6qnA4cOHUA5F:aJO/0T75wXfPfNq2tconA0f5F","tlshash":"8272c04100d3fbbf316a607e34686d2d2bb922ece571d9738cb5e8aa3c5641a54dd838","first_seen":"2023-12-05T01:35:27Z","last_seen":"2026-04-05T00:12:49.318302Z","times_seen":456,"resource_available":false,"data":null}},"time_used":1125,"timings":{"blocked":374,"dns":37,"connect":170,"send":0,"wait":304,"receive":53,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/frontpage.html","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T09:42:49.411Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /frontpage.html HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:49 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 08 Feb 2026 03:53:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"698808d3-3730\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:2.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14128,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"90994a0d2fc8e26c19178dd30f7155f6","sha1":"1131427cb4342c0b7ae51138b9e5a437d8d53323","sha256":"b2c95eb0e9ff4ccc0aa748a7478dff9b9fb3aa88858baad8decaacb5b40cfbd7","sha512":"5e0cc53c05fbd9ab6dc883a951e0bb892dbcef367ed407e825b592ad40dfb4f5f5ddb9d346f2971bcd5249cb84091fe88eb9196c1dd594507b63f69e7b8b56b6","ssdeep":"384:E5uZE1MtuQRpusWWhChcZm+gR/AyNNsNRNkj49:E5uZAKHkhtNNsNRNkj49","tlshash":"5652fb743b6f804c86852383727e7689e1acd4331612d07af54cc5399be4a186b29bde","first_seen":"2026-02-09T03:37:13.588515Z","last_seen":"2026-04-05T00:12:49.265729Z","times_seen":89,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/getIp2.php","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:50.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /getIp2.php HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/frontpage.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.0.33\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":92,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"78811e9c4bc301dc32f0b8bd8995943b","sha1":"26e01a93c71794a6be59eea1f6e34ac4b14438a3","sha256":"e9588a6ed446a44fe0296831c4b171d229d484d1cfa23892f6d55071f47d782f","sha512":"49817e990f996ce4d3dba5b57d04629da0e02a3d26b48574ee9bc470e961b488ede8f24d27b9060178abd11786890b659ddc057663bfae84814b73a6a61d8eea","ssdeep":"","tlshash":"fab01221195803185699604d20013f78c960680a008110495746f700d007d7541c3192","first_seen":"2026-03-23T09:43:31.071804Z","last_seen":"2026-03-23T09:43:38.692202Z","times_seen":2,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/jquery.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/jquery.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 26 Jan 2026 16:29:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6977966f-4a5f\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19039,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13051), with CRLF line terminators","md5":"099252b1110599275168a9206f22a0e0","sha1":"347387ac377957d941ab005198cd7624809e889b","sha256":"c5e0f7bfe63244b6249ad14cdc7f799975228d1065e0c4fefbcbe9b282c251d2","sha512":"c9a0b5677251bebf20935e28baeaf4b45a81919f8f303d51d817e1b5f6ac6399209e8e68013341c32cbe44d86d00e72d4e39a8affbb0301e9eb131b26a2edc2b","ssdeep":"384:QdNIUOrHADf1Zjy5v2P7eMlyMTuITjTOdXmQ5xUN8damYIkZc15cRsFzqSTETI20:SNIUXf1Jy5v2P7eKyyuITjTqXN5xUN8d","tlshash":"b4827400fad5fa3663575da7732f12c5fc6a0ce729838c82d0bcb6546a592a2d1f07b4","first_seen":"2025-07-08T20:46:45.981514Z","last_seen":"2026-04-05T00:12:49.295403Z","times_seen":441,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":189,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1E7KLDCG3P","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"172.217.20.168","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Feb 2026 18:19:44 GMT","end":"Mon, 18 May 2026 18:19:43 GMT"},"fingerprint":{"sha1":"5D:21:36:26:B5:1D:67:14:0D:6A:68:D3:7C:EB:39:6E:A1:45:8C:29","sha256":"BC:A5:DD:5A:08:3A:33:49:76:BB:EB:18:9C:45:17:80:A1:3E:31:5F:BA:F9:93:28:C7:76:A0:97:FF:E9:3F:1C"}}},"request":{"raw":"GET /gtag/js?id=G-1E7KLDCG3P HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\nexpires: Mon, 23 Mar 2026 09:43:08 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 149062\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":441612,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"4c3231431b2500f7303aa61c4344dcc7","sha1":"585fe38e4e4722aa2b4f2b01c97b7f1b22e6973d","sha256":"404541b2c08be944aa263cd3789e4bfccd1b926a28b12cbadf2cde07cdb34d86","sha512":"fca8152df20477d1ce865e18dd68d985399749e204d8067747af48912c0d3c7f30ef0e88adbf23e4a9ac0825e7ecd0ccc0ca0f302b48cc82589c35d10d72d48c","ssdeep":"6144:OJ8B4fKAfICc93KwiKHnm8SBtS5K2wzO3Epan8GH/UywU2yIS+a:94tfICAbHm8KetUY","tlshash":"2f94f8cdb3da74264396f478903f018be57b28a2b44cc899f189c8e42d7469a4277f7d","first_seen":"2026-03-23T09:43:31.075518Z","last_seen":"2026-03-23T09:43:38.7376Z","times_seen":2,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":-1,"dns":0,"connect":21,"send":0,"wait":35,"receive":64,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/notice.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/notice.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nCookie: laiguo=true; guid=659a3d342fb025b3357ab4af4bd17649\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 3397\r\nlast-modified: Mon, 26 Jan 2026 16:29:35 GMT\r\netag: \"6977966f-d45\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3397,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2760), with CRLF line terminators","md5":"be418c13f5745234342386c91843588c","sha1":"1d5d62bcd7b9b26c4257ffe4fec00e98d867e8db","sha256":"c287f1c177124dd745863cd7c7da06bbfec7d87cb31deefeed18310c50841d65","sha512":"2cf4721f682fd610e8b9c4f69508d5154c6bc5dafeb76374729a0f87e0f89bb318944f14660a6e40366640b98e6282f1a6b12f33aa5c53ed467367a065be9cc7","ssdeep":"","tlshash":"8061b65b0b05251c356b2c8efd229f8c53a1100cfb1ee130a0afa464b2deab20163b8c","first_seen":"2025-02-22T04:56:39.855316Z","last_seen":"2026-04-05T00:12:49.306565Z","times_seen":478,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-22/912.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-22/912.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:06 GMT\r\netag: \"69ab4182-51fc\"\r\nserver: openresty\r\ndate: Sat, 21 Mar 2026 16:33:52 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 148156\r\ncontent-length: 20988\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 7046598877893179920\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20988,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"ba6715ba1f49e6776399d8514296b6c8","sha1":"e705b66af7a0e514db46315928e912a11b1767e4","sha256":"27b1c42ee69777898c41ae26041ffae67be401baa9fe89e3725681d4b5015ee8","sha512":"ae39ea429fa8a904492c4cc5cb693c2d35a5b0b9d0feffdb860df00f0e8d4a58577d41a1200fbf888f0128e999a75824757b5a361259daa44a4635cc977dbfa0","ssdeep":"384:WVp/cLkNe/cbxgAkpaDqoF9J5+congzjicu3mRErRJISvLQvHQzL4Ul3S+3odML5:80mepazjJ3Sgzj1RRwoSv8vwzj3z3odc","tlshash":"e792e1db0e5fd275f77802a80c56c94f42bbb7fa932a52d6528820c483988fdec49719","first_seen":"2026-03-21T23:35:02.223099Z","last_seen":"2026-03-23T09:43:38.713221Z","times_seen":16,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbxmrg.univqi07dr.com/rgpcsa.gif.js","fqdn":"zbxmrg.univqi07dr.com","domain":"univqi07dr.com","tld":"com"},"ip":{"addr":"23.224.225.141","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"univqi07dr.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 09 Jan 2026 01:28:57 GMT","end":"Thu, 09 Apr 2026 01:28:56 GMT"},"fingerprint":{"sha1":"31:BD:FF:C6:AD:5A:9A:C6:0C:30:EA:CC:19:C5:00:79:56:1F:88:8E","sha256":"FD:1A:57:82:8F:A0:4F:BB:86:FF:84:C6:0D:06:EB:F3:F2:4F:EA:15:DD:5A:AE:87:29:57:37:C6:72:FC:7A:88"}}},"request":{"raw":"GET /rgpcsa.gif.js HTTP/1.1\r\nHost: zbxmrg.univqi07dr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 43141\r\nlast-modified: Thu, 13 Nov 2025 18:33:33 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43141,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 38594 x 24064","md5":"36cd7ce16db554f9c1606448bf904ef4","sha1":"b5df2de51eff9a36d9239cbb581b37ccb85ef9bf","sha256":"c03792fb2ee25d4c8791495281c031d9d184bd6d46ff16a08e2556e9aea674a0","sha512":"fe3872461c79fa61b2818dbf1513a95aa315f4a73efdb79ff75ead06b2d371b84b1a2c86df803a1104e23d2448af0263aa2327d9f1dfa81e9b304ff8a9062322","ssdeep":"1536:AZ7tW6K0/hplkgKnE1HdcihzHBRmD1tL2jIyrTMqN4V:ArXK039cihr6SIyrYqG","tlshash":"c153e1179320e390c67122fdaa3552f0ba4a87e8c18b9905dd78e6d10eaf13d729d6c3","first_seen":"2025-11-14T10:16:11.12287Z","last_seen":"2026-04-05T00:25:09.211601Z","times_seen":529,"resource_available":false,"data":null}},"time_used":1209,"timings":{"blocked":27,"dns":0,"connect":155,"send":0,"wait":613,"receive":147,"ssl":296},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/images/logo/992kp-logo-162_50.png","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /images/logo/992kp-logo-162_50.png HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 2644\r\nlast-modified: Mon, 26 Jan 2026 16:35:41 GMT\r\netag: \"697797dd-a54\"\r\nexpires: Tue, 24 Mar 2026 09:43:06 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2644,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 162 x 50, 8-bit/color RGB, non-interlaced","md5":"f0b28ba2fc7ec0893cf3dc991274dd6e","sha1":"6b522271e1e02d547349997a37020d6a7a95b9cc","sha256":"93e02d002e52d6f957675fea90f76d3f48ae4bdee4dd51a768ffe6c8a4c90f9f","sha512":"b78f4b34fabb5f8600175102c8e36644d826f723c95ff2c0178c60c044a860db538f4a8975f402fe38f6db0aeea963efe577d907ed82d4cc6195c51de4d2f1ad","ssdeep":"","tlshash":"79515cb38b41981051bca7d9d80a6649fc5d33744837721e310cd6359769ceb89aa1a3","first_seen":"2025-02-26T14:20:57.620992Z","last_seen":"2026-04-05T00:12:49.30864Z","times_seen":535,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":198,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/Tpl/x1/cat.png","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /Tpl/x1/cat.png HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 14992\r\nlast-modified: Mon, 26 Jan 2026 16:33:43 GMT\r\netag: \"69779767-3a90\"\r\nexpires: Tue, 24 Mar 2026 09:43:06 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14992,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 20, 8-bit/color RGBA, non-interlaced","md5":"1cc57b964f1a62c9833324d480053198","sha1":"5f28ff66c0f8ef83e896b3ea77c680065439a322","sha256":"ebe324c2c41a3d8d25b9a97a34fd22778ce993ef8fa50cd587f37b701da8c264","sha512":"f2535a417502d72e559f0a619d57f8d9a0e74cf2733d17a3d12a38173809a423b44c170cacac4a021bd36ff67ace07ca5ec55e256d52d71ff9c5765085497a5d","ssdeep":"48:L/6qKgh8k29WJsEvUSlETu24BLPExN+Y97sc59770ryt:LSo8kEWm9n5xNX7sc5d0e","tlshash":"95623da4fdf1b9a49199e5321ed229099c230683e9c0ac85b7cd4c1b6f15be94c4f5c3","first_seen":"2023-05-22T11:59:00Z","last_seen":"2026-04-05T00:12:49.343618Z","times_seen":669,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":324,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hgetryn.sgsjlxgw.com/awrgkleiugdjgnkhgndchdbfasjgfasdrvdgsg29863365.gif.js","fqdn":"hgetryn.sgsjlxgw.com","domain":"sgsjlxgw.com","tld":"com"},"ip":{"addr":"23.224.225.139","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sgsjlxgw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 19 Jan 2026 06:53:17 GMT","end":"Sun, 19 Apr 2026 06:53:16 GMT"},"fingerprint":{"sha1":"EC:97:DB:CF:13:D2:BD:6E:09:22:65:33:53:C5:8B:F2:92:99:24:E6","sha256":"21:F0:59:CC:D2:60:1B:02:B6:C4:63:82:D7:8E:5F:BB:01:7B:77:8B:39:2C:22:16:40:8F:3E:C9:B5:31:93:1F"}}},"request":{"raw":"GET /awrgkleiugdjgnkhgndchdbfasjgfasdrvdgsg29863365.gif.js HTTP/1.1\r\nHost: hgetryn.sgsjlxgw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 210604\r\nlast-modified: Thu, 24 Apr 2025 07:51:12 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":210604,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 38594 x 49664","md5":"3822e531c2d7831df229e57f6915d384","sha1":"06b8952477636efe5610fde8de2a58cac00e0f53","sha256":"1504af5864a30ba54ef650df1494cb5bca1d49debf56c47e49a466110eb70c3c","sha512":"de083dac28feaded5b9cfe3f4530cc9d839a07527ff87131ff9b19bbd35f72b76c40ace31b8d47bcb9514d206d5cc4d8e6efa6a033d3974ac9d2c0f01dd31bc1","ssdeep":"6144:d4MoCIWdsuQaRGp6zEECHFkHVqlrKOBqYkHVqlCKOBY:d4MoCIW6ocwiHL8OnhOq","tlshash":"b654f102d7d4f3b0d276a0fa592027e1b20a87a4e3c7ad95cd38d5522e9f21db78c5d2","first_seen":"2025-04-24T08:44:46.903061Z","last_seen":"2026-04-05T00:25:09.212799Z","times_seen":671,"resource_available":false,"data":null}},"time_used":1377,"timings":{"blocked":-1,"dns":0,"connect":161,"send":0,"wait":675,"receive":236,"ssl":300},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ku2.mk3.syqsvvqr.com/150x150icon.gif","fqdn":"ku2.mk3.syqsvvqr.com","domain":"syqsvvqr.com","tld":"com"},"ip":{"addr":"23.225.112.99","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ku2.mk3.syqsvvqr.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 04:33:22 GMT","end":"Sat, 13 Jun 2026 04:33:21 GMT"},"fingerprint":{"sha1":"BC:B1:14:C0:8A:07:61:44:7C:38:14:66:C9:DE:0A:5F:7C:6F:C5:5E","sha256":"A5:63:E1:55:1F:94:BB:B8:DE:A9:0D:DA:38:B8:86:1A:15:98:11:6C:CA:12:B2:BD:9B:81:80:53:82:43:D6:21"}}},"request":{"raw":"GET /150x150icon.gif HTTP/1.1\r\nHost: ku2.mk3.syqsvvqr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/gif\r\ncontent-length: 86490\r\nlast-modified: Mon, 16 Mar 2026 10:05:20 GMT\r\netag: \"69b7d5e0-151da\"\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":86490,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 150 x 150","md5":"66d04a8f756dcce4c22b5647c44e00d6","sha1":"4b8b7a8e5261d610666c1982d6e00f34921610ef","sha256":"305548c7b4783b65c0d3856371a7de10d94d4b5aba01924d5b09cc3e4b3a609b","sha512":"f63ecafb55bf091d386ef287ec7f0d8b5a323b3c4fd7f18d4e5f5d2786c5cad03d13ba8168b3c8a97e4be48d23498b8862f3f2e12714f5f96f273fd2d836903a","ssdeep":"1536:R6q+pUjNhpUjNqphM9TPf9Lo5MdccslqAu3Wf6ephM9TPf9Lo5MrNccslh:R6q+p0vp0hNVLo5MdccDLVjNVLo5M5cn","tlshash":"5283f17a4ed61c826498e9327a6c52029d43ccd4f1dcacbe3df954d2a30f57b2d9483a","first_seen":"2026-03-17T06:21:49.116183Z","last_seen":"2026-04-05T00:25:09.177769Z","times_seen":90,"resource_available":false,"data":null}},"time_used":1034,"timings":{"blocked":-1,"dns":2,"connect":153,"send":0,"wait":170,"receive":367,"ssl":363},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/images/live_weixin.png","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /images/live_weixin.png HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nCookie: laiguo=true; guid=659a3d342fb025b3357ab4af4bd17649\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 33283\r\nlast-modified: Mon, 26 Jan 2026 16:35:43 GMT\r\netag: \"697797df-8203\"\r\nexpires: Tue, 24 Mar 2026 09:43:08 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33283,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 565 x 411, 8-bit/color RGBA, non-interlaced","md5":"744dc03bf8a0769e6c488c87f8a11df8","sha1":"73407e1be941a45ad3aa4115fa6b4c6eb533131d","sha256":"bffda8469c8c15ff94adcdcd32b5dc518441f9614c21dadff82ce29b63d744aa","sha512":"1afa46c9f80f575f654191adfa6ea534455566bc90eae44a30611500f66a4ff64f6d4dff222035df2846bbf1153018597bed3ef863bbbdbaa1a93858cbc0d805","ssdeep":"768:bpdRooItu7bppXAwKoRXmL9B2Xch9ZxUbRZFloO:bnK87bppXeoRWX2XgZib33b","tlshash":"76e2d1547ad374c6c49e6e70172b8341863e00a15ee4eceb4377682e38e77edadd8948","first_seen":"2023-05-13T08:00:52Z","last_seen":"2026-04-05T00:25:09.200625Z","times_seen":1557,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/jquery-2.1.0.min.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /js/jquery-2.1.0.min.js HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 12 Jun 2025 01:32:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"684a2e37-1469f\"\r\nexpires: Mon, 23 Mar 2026 10:43:07 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83615,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"5ca7582261c421482436dfdf3af9bffe","sha1":"98884258cbdb0d939fa2c5e74fc7ac9e56d8170f","sha256":"f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d","sha512":"aa9dbb9ee532954830059247b269b75bb925c2e3398247b8a6b4ef3e89375f9ce2e74cb7328f1c8297977a0596add7ee5f217651d2d62bf5826f932fec228770","ssdeep":"1536:XPpEy5BMibZGOj/bEe8v+/UWf4IhvAQPFZ93E8ud44d+ROvcpbRNkVPEWW9MtXaQ:uIOKpETQRsFrta98HrP","tlshash":"af83c6d9b2c6b162d77730b850bf450bb13a98dab80c8c60f0a5d5e47db4a89507bf2d","first_seen":"2023-03-07T01:17:22Z","last_seen":"2026-04-05T00:12:49.300153Z","times_seen":2586,"resource_available":true,"data":null}},"time_used":1755,"timings":{"blocked":628,"dns":0,"connect":210,"send":0,"wait":489,"receive":0,"ssl":425},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/getIp2.php","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /getIp2.php HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nvary: Accept-Encoding\r\nx-powered-by: PHP/7.0.33\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"c16f543b7d0bf4da1c3e3b08539cf419","sha1":"46614ab80d5c150f6ae0209e8e1fd77c2d5b4535","sha256":"258357b2eea665ee4a8c4ec5b31547f6e7be11187b25d7695f5378627ad65217","sha512":"ca6cbcc5e01722948476da1389bb8737314d0be456a69aa8331b41c9ce6c367e1900f81d128b6f54b51c59ed5853440c307afba08f1ad05758eca39600532e83","ssdeep":"","tlshash":"1ab012210e5401285a8d644c2040377c8920780a00411049974af741e017d7589c3153","first_seen":"2026-03-23T09:43:31.087118Z","last_seen":"2026-03-23T09:43:31.087118Z","times_seen":1,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ku2.mk3.sdtxihoh.com/5768-150.gif.js","fqdn":"ku2.mk3.sdtxihoh.com","domain":"sdtxihoh.com","tld":"com"},"ip":{"addr":"23.224.225.141","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ku2.mk3.sdtxihoh.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 20 Jan 2026 11:16:01 GMT","end":"Mon, 20 Apr 2026 11:16:00 GMT"},"fingerprint":{"sha1":"4E:AB:D8:81:15:11:E7:4D:76:CA:19:80:5A:4D:4D:1A:D7:1D:1E:D6","sha256":"76:06:79:76:FA:78:C1:39:A7:6F:81:70:EA:AA:D6:22:83:85:BE:74:EF:79:F5:B2:D7:A9:12:E5:F3:15:14:31"}}},"request":{"raw":"GET /5768-150.gif.js HTTP/1.1\r\nHost: ku2.mk3.sdtxihoh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 142971\r\nlast-modified: Mon, 09 Feb 2026 10:18:20 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":142971,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 38594 x 49664","md5":"7200147f65a5250915682933788dc4a4","sha1":"5ab008cab2a01acd15a7ef16c9ba97be6b578f8b","sha256":"15d5c6f1cefa503bcf0ffa5bd0a9c50dd88f937b713b435f89c32668d07fe039","sha512":"559a3c3e9159a583d4d63a158afec580b5addb97a21f3eb8655c3830225f8239e08b5247b38e53d0fe874e38528ec1d76259d8872cb48e6704a52950630c03d0","ssdeep":"6144:nwN1v3qm0TEhqsUknJp6pz0ZPmHrWBh8XwI:nQ1/P0TSv6pz0FQGh8XwI","tlshash":"0014f10352a1f334c2b667fa8d261ad49a59d6b8e6c77e50c138a2710cdf434b79e4e3","first_seen":"2026-02-09T17:41:54.95559Z","last_seen":"2026-04-05T00:25:09.170608Z","times_seen":178,"resource_available":false,"data":null}},"time_used":1139,"timings":{"blocked":-1,"dns":1,"connect":159,"send":0,"wait":159,"receive":531,"ssl":288},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/js/index.js","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:49.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /js/index.js HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/frontpage.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:49 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 405\r\nlast-modified: Mon, 26 Jan 2026 16:29:27 GMT\r\netag: \"69779667-195\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":405,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"4d87a4619c0f51b639fa591716de2bd3","sha1":"8d46d22da40e875810ee644c097e5865877ce2a2","sha256":"3667f2b9746f19719a50bb65c8f2dcadfe9ef5b69c95a71c2da6b945beff5ba5","sha512":"6e7b6db1b538cc43593578fac64c78a5beb4df7b8b1f3859a04878f0c2948fac04f3bef8209e6d33f306d166a85fc03f336b3ad1853aed796d63bbe8d72cc015","ssdeep":"","tlshash":"6be061215d4d2e7d4355a17b2c38df1a73d7181ca89180494d94b87575b2ac655c1388","first_seen":"2025-04-24T08:44:46.831208Z","last_seen":"2026-04-05T00:12:49.268859Z","times_seen":553,"resource_available":true,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/analysis.min.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /js/analysis.min.js HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 12 Jun 2025 01:32:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"684a2e37-1259\"\r\nexpires: Mon, 23 Mar 2026 10:43:07 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4697,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4360)","md5":"8f2f21edcdfba40db44db4e5f2260d40","sha1":"1d425cde5ff40bd89aa2e94f0f85aebbdd19a43e","sha256":"6fb1186e5a3874abafc0a5c61170f23a77df40536afceb7defd72a42f248ec45","sha512":"e8d65ed00561d3225b783ec987ec131e15ade0662b204017d0e84cc638f21f010fb8cbe6fc266f90e53a57309a258e88be43fb3b437046f7372cb719093b05ef","ssdeep":"96:ov2h31vGabU1YvHO0aBxzHz0mahqaKZxmNo++ms5MAd3N4FpPOetjlf:9h31v54YRQxzHz0bhqa9No++miMAvrOh","tlshash":"0ea1fbed728a36344628fad736af79087d37c40179c9b88bb1d2d811eca0543463fd89","first_seen":"2025-01-06T22:23:29.196081Z","last_seen":"2026-04-05T00:25:09.172046Z","times_seen":1476,"resource_available":true,"data":null}},"time_used":1908,"timings":{"blocked":647,"dns":0,"connect":221,"send":0,"wait":590,"receive":0,"ssl":448},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kp-i25372.com/Uploads/vod/2026-03-23/1131.mp4.gif.webp","fqdn":"kp-i25372.com","domain":"kp-i25372.com","tld":"com"},"ip":{"addr":"23.224.70.154","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kp-d25713.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 24 Aug 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"79:8F:40:A0:21:6A:25:A6:16:E2:59:BB:8D:D9:4D:4B:90:9C:70:D1","sha256":"69:95:B8:DC:16:E6:F3:9E:1E:2E:6E:F7:3C:47:0F:5C:4F:15:F0:C8:82:C2:D9:61:FB:94:A9:52:AC:85:2D:C6"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/1131.mp4.gif.webp HTTP/1.1\r\nHost: kp-i25372.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/webp\r\ncontent-length: 19124\r\nlast-modified: Fri, 06 Mar 2026 16:23:48 GMT\r\netag: \"69aaff94-4ab4\"\r\nexpires: Mon, 23 Mar 2026 10:43:08 GMT\r\ncache-control: max-age=3600, public, max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, If-Modified-Since, Cache-Control, Range\r\naccess-control-max-age: 86400\r\nx-resource-origin: Edge-02\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":19124,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 854x480, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9335dbd781adcafa2492447e2ded6c32","sha1":"d216800e632150a7f7e2306590dc5e554f8c747b","sha256":"4aecc33c66c52c6d6fa095b9e0da91522fdbf445727769aff581ff7601c37e45","sha512":"1f3b1af4300dd0599223a8edf12dcf96cbd6e68b24e8a6fcc0b230435240dbf695067d18c64db87e2e47982198d4a223eeee8875a862f97a671c7e89c161d796","ssdeep":"384:h9HS6qggTyKw7AwxF9zN6EmbCtWvYDOzWk0U1HZcFqQ1HIrVHta6:nbMWFVN/tdaHuFqQVu3","tlshash":"cf82e18793c042a7a1f817e4d8eab16f1de62397c834052ed174460d991fea5c037bf5","first_seen":"2026-03-23T09:43:14.114527Z","last_seen":"2026-03-23T09:43:31.092458Z","times_seen":2,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":-1,"dns":18,"connect":155,"send":0,"wait":167,"receive":146,"ssl":166},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/js/jquery-2.1.0.min.js","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:49.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /js/jquery-2.1.0.min.js HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/frontpage.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:49 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 26 Jan 2026 16:29:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69779667-1469f\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":83615,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"5ca7582261c421482436dfdf3af9bffe","sha1":"98884258cbdb0d939fa2c5e74fc7ac9e56d8170f","sha256":"f284353a7cc4d97f6fe20a5155131bd43587a0f1c98a56eeaf52cff72910f47d","sha512":"aa9dbb9ee532954830059247b269b75bb925c2e3398247b8a6b4ef3e89375f9ce2e74cb7328f1c8297977a0596add7ee5f217651d2d62bf5826f932fec228770","ssdeep":"1536:XPpEy5BMibZGOj/bEe8v+/UWf4IhvAQPFZ93E8ud44d+ROvcpbRNkVPEWW9MtXaQ:uIOKpETQRsFrta98HrP","tlshash":"af83c6d9b2c6b162d77730b850bf450bb13a98dab80c8c60f0a5d5e47db4a89507bf2d","first_seen":"2023-03-07T01:17:22Z","last_seen":"2026-04-05T00:12:49.300153Z","times_seen":2586,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.992kpjs.com/js/qrcode.min.js","fqdn":"www.992kpjs.com","domain":"992kpjs.com","tld":"com"},"ip":{"addr":"192.151.192.162","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:49.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kpjs.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:53:36 GMT","end":"Thu, 04 Jun 2026 07:53:35 GMT"},"fingerprint":{"sha1":"C8:A1:22:13:11:36:CC:D0:59:BE:1E:14:CF:F4:E2:FE:9E:1C:9B:30","sha256":"69:BB:B6:08:67:35:A0:95:BF:A0:54:82:7E:ED:24:1D:5F:FA:51:B7:22:79:B4:2A:DE:CD:D0:7C:D9:3B:65:E8"}}},"request":{"raw":"GET /js/qrcode.min.js HTTP/1.1\r\nHost: www.992kpjs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 11 Jun 2025 16:26:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6849ae24-4dd7\"\r\nexpires: Mon, 23 Mar 2026 10:42:50 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (19927), with no line terminators","md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-04-05T03:50:08.980852Z","times_seen":48115,"resource_available":true,"data":null}},"time_used":1467,"timings":{"blocked":627,"dns":1,"connect":208,"send":0,"wait":208,"receive":0,"ssl":421},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/get_ym.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/get_ym.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2531\r\nlast-modified: Sun, 08 Feb 2026 04:03:04 GMT\r\netag: \"69880af8-9e3\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2531,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"a7ebc6a3a9e8f3485fb579907ea430d9","sha1":"8e09a0a3aa63c239a57e8dabf3ba8bddafd65d37","sha256":"0f5b9c6eb38289f77a38426d930135a542205993850a145a95c0fba61e86287b","sha512":"8254be57a2556d6a76fe15795f7b01d832f54f84172c9c1c45aeb8a5b479eb87e5988f0c90345cef1101c97b514775caae3f7d07633f9dee2ea90cc604b0c2f1","ssdeep":"","tlshash":"375145b8652b245d4b8137121dbd1408ac2bfd353d6cc19dde08d4287cb8e38747aa97","first_seen":"2026-02-09T03:37:13.556948Z","last_seen":"2026-04-05T00:12:49.315767Z","times_seen":90,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/pop_layer.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/pop_layer.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Mar 2026 08:25:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c0f8e3-38d2\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14546,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"78083d165d995eb143b1c9e40bd92e3a","sha1":"4ef100345a3eda042266f711900c601673b13c80","sha256":"fbfbf56cba21264e36f233380fa3400adf9c892e98eb831099f32fa19af1c9f4","sha512":"6e995b83cc6d33881b950bd45564a1ec3900184d7e28062908496a26533bf28504f7e74acf48f7e4206ed79bd9905950ac4701db439d656e43df2b05f8da195e","ssdeep":"192:v3kyTc0PR/2c5XKbS9pzXZ8R4sJ9XCmC5CBQVp3I+Zo3riCn8XTxyYeUftj4Egyx:vNw0PRVxKb8zXOrw+8xvgypsR+ssSI","tlshash":"af62752146c11415137383aa9f3b7a5dff2740a78242454bbaed4283aff2d59c893abd","first_seen":"2026-03-23T09:43:14.120623Z","last_seen":"2026-03-23T09:43:38.714257Z","times_seen":3,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kp-i25372.com/game/5768_100_100.png","fqdn":"kp-i25372.com","domain":"kp-i25372.com","tld":"com"},"ip":{"addr":"23.224.70.154","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kp-d25713.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 24 Aug 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"79:8F:40:A0:21:6A:25:A6:16:E2:59:BB:8D:D9:4D:4B:90:9C:70:D1","sha256":"69:95:B8:DC:16:E6:F3:9E:1E:2E:6E:F7:3C:47:0F:5C:4F:15:F0:C8:82:C2:D9:61:FB:94:A9:52:AC:85:2D:C6"}}},"request":{"raw":"GET /game/5768_100_100.png HTTP/1.1\r\nHost: kp-i25372.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 9546\r\nlast-modified: Sun, 23 Feb 2025 09:18:03 GMT\r\netag: \"67bae7cb-254a\"\r\nexpires: Mon, 23 Mar 2026 10:43:08 GMT\r\ncache-control: max-age=3600, public, max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, If-Modified-Since, Cache-Control, Range\r\naccess-control-max-age: 86400\r\nx-resource-origin: Edge-02\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"1a2b0f6ca1bfc02af8729f6909e58a75","sha1":"519380dad58e4657cf78de800f234a8db950587c","sha256":"aaf0f36212fa0e8ed7284875ec7de317fc239f2c236474fab36f7d75e3a81a0a","sha512":"1033020e23b6cf8b13ae219643a69e7bd49d9f1348236df438735e203a46a832cd0f0ae26e512213e92bdd75d429843ef871834282c770c1cf44a8495ba4be22","ssdeep":"192:jQA1pn20knYI/B+k1akzBT4bXVBnmRmDu8n2bYj:dp2XnYI/BrzornmWF2bYj","tlshash":"f4129d00e5c1dca8a440f3efd5c06245d56286155bc2eb8dbe898c6b8f662f0df7d05a","first_seen":"2025-02-26T14:20:57.658641Z","last_seen":"2026-04-05T00:12:49.260274Z","times_seen":326,"resource_available":false,"data":null}},"time_used":1161,"timings":{"blocked":374,"dns":37,"connect":170,"send":0,"wait":365,"receive":26,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kp-i25372.com/game/jc_01-h5-10.png?2","fqdn":"kp-i25372.com","domain":"kp-i25372.com","tld":"com"},"ip":{"addr":"23.224.70.154","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kp-d25713.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 24 Aug 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"79:8F:40:A0:21:6A:25:A6:16:E2:59:BB:8D:D9:4D:4B:90:9C:70:D1","sha256":"69:95:B8:DC:16:E6:F3:9E:1E:2E:6E:F7:3C:47:0F:5C:4F:15:F0:C8:82:C2:D9:61:FB:94:A9:52:AC:85:2D:C6"}}},"request":{"raw":"GET /game/jc_01-h5-10.png?2 HTTP/1.1\r\nHost: kp-i25372.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 36451\r\nlast-modified: Mon, 29 Jun 2020 15:27:13 GMT\r\netag: \"5efa0851-8e63\"\r\nexpires: Mon, 23 Mar 2026 10:43:08 GMT\r\ncache-control: max-age=3600, public, max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, If-Modified-Since, Cache-Control, Range\r\naccess-control-max-age: 86400\r\nx-resource-origin: Edge-02\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36451,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 127 x 127, 8-bit/color RGBA, non-interlaced","md5":"727b09ab5e8b8fcdcb4352cfe9b08af9","sha1":"dbf939dfd25d8e3a633a592145f0ef3ac2a8d54f","sha256":"d0f7ef85d1adb6dcb1c46851f694b9560bb5a359e7315449787f1a656efc75da","sha512":"580e78fe279e00082f121e7e5a91569daa69b5892e07b05071ff442bffb367ccda44578be8194b48a4aa2f6fa2721f06fb70133467b8478e5429e34d139eaf14","ssdeep":"768:pCi2tjMf7TBqHq2WAQLRKZ6JsE1+5oeIo7pjTNrrUIW6x0Ri:qtIfHp2WAQdqZE1+5H97pfNXUxXc","tlshash":"c5f2f1aaf433ab005b783636151a7ba483f2a3824144cfde964ec979ed61a594309adc","first_seen":"2023-12-05T01:35:27Z","last_seen":"2026-04-05T00:12:49.285151Z","times_seen":447,"resource_available":false,"data":null}},"time_used":1125,"timings":{"blocked":418,"dns":0,"connect":0,"send":0,"wait":466,"receive":76,"ssl":165},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/huanyuan.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /js/huanyuan.js HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 12 Jun 2025 01:32:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"684a2e38-17d3\"\r\nexpires: Mon, 23 Mar 2026 10:43:07 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6099,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1133), with CRLF line terminators","md5":"e5ff1933a9c51f5ed95dafb400a7e5b4","sha1":"8d7ab3bfb25e099322caedd04d5be039e9155af7","sha256":"18b0ce86190047070a14bfc871001d8b54c7923bd32be46d078187ada3fa372a","sha512":"c2c411bc69f69456e43de47268470af98590f6fe2f14fade431297caf57e19124b53ba8315606b2b5ca73c4948624bc170be6c1eb4fd7fec5ed065d2b42e79af","ssdeep":"96:mLsDsicvR6fmVVSxSc8TxsAz4h8DeCh7CL+h89HmrEgBSBMrvqkjwtODSrzMJtW8:mlicvEfFSxsw4IcSm94SMxjIrctWRmYE","tlshash":"21c1538873dc620b95df7623ce7f8564a179982a4294ac0fa64cf1dc58b542dc678cfc","first_seen":"2023-09-07T08:54:49Z","last_seen":"2026-04-05T00:12:49.307991Z","times_seen":738,"resource_available":true,"data":null}},"time_used":1448,"timings":{"blocked":615,"dns":1,"connect":206,"send":0,"wait":206,"receive":0,"ssl":417},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/tj.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/tj.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 686\r\nlast-modified: Mon, 26 Jan 2026 16:29:35 GMT\r\netag: \"6977966f-2ae\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":686,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"0597a2aa50f4f4c0eab271975024f5c2","sha1":"48ff227e1f426dfded6438356e2abaaac01d2b9f","sha256":"4c1476659e12d605dd0f3916f9e2aec04449248c7ebbbb07d06a1dd9bd47f0cb","sha512":"4844825ac64667af8a0d6a55f6a047cbce71d2ce204279e81f10f6fd5a48d51a684055e23f633a6d1e3f47ac3288b25b7c1769c5d231832c0558be6b06b1cb83","ssdeep":"","tlshash":"eb01dd457e32cef284a94bc2767ae96cb4fa6020e443f260c4ce681c5123fda6d00cd9","first_seen":"2024-06-08T10:58:31Z","last_seen":"2026-04-05T00:12:49.276069Z","times_seen":638,"resource_available":true,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ku2.mk3.sscilhjb.com/150X165-2%202.gif.js","fqdn":"ku2.mk3.sscilhjb.com","domain":"sscilhjb.com","tld":"com"},"ip":{"addr":"23.224.225.138","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ku2.mk3.sscilhjb.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 15 Mar 2026 04:34:39 GMT","end":"Sat, 13 Jun 2026 04:34:38 GMT"},"fingerprint":{"sha1":"3D:7D:10:EE:EB:5C:92:18:E7:51:3E:15:CD:24:14:6C:CD:EA:4A:55","sha256":"81:00:4D:76:2D:A5:C3:13:AF:F5:22:F5:35:8A:66:58:21:B7:89:F7:D9:FB:C1:6D:65:E6:98:AF:16:B9:4D:67"}}},"request":{"raw":"GET /150X165-2%202.gif.js HTTP/1.1\r\nHost: ku2.mk3.sscilhjb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 121383\r\nlast-modified: Wed, 31 Dec 2025 07:46:55 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":121383,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 38594 x 49664","md5":"b5d373669625f31c7f5fb482a088ada5","sha1":"4022783995408fe2dc1de8074e1aa6daa3f9dabc","sha256":"e714d573b2e573c569e3c84b2ca102c1b54439465306df9d42eca042991daf32","sha512":"76c2e5d7679d1d367e43616f44a11fd5d307ead20ec7cc80f4b2513079c76d4bfc5dcd55d29332ca0a5b501e7d16332e14fac1df7bc59c140d480922c20e1f0e","ssdeep":"3072:/S5/5HORIJcmmLgva/IKD8w4RMOareEIg+UggfwXuaf2dC4d4hCoYmDUX/PI:/q5HOqJcwvaf4FarefUggfuNKC7Ymq/w","tlshash":"f804e143a211f378c35a36fa74114be4d8429fd8f6d6adc0ca39d2621c5a63da6dd8c3","first_seen":"2026-01-02T02:59:33.119668Z","last_seen":"2026-04-04T19:02:37.869783Z","times_seen":65,"resource_available":false,"data":null}},"time_used":1203,"timings":{"blocked":330,"dns":0,"connect":0,"send":0,"wait":161,"receive":481,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kp-i25372.com/game/jc_01-h5-12.png?2","fqdn":"kp-i25372.com","domain":"kp-i25372.com","tld":"com"},"ip":{"addr":"23.224.70.154","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kp-d25713.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Sun, 24 Aug 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"79:8F:40:A0:21:6A:25:A6:16:E2:59:BB:8D:D9:4D:4B:90:9C:70:D1","sha256":"69:95:B8:DC:16:E6:F3:9E:1E:2E:6E:F7:3C:47:0F:5C:4F:15:F0:C8:82:C2:D9:61:FB:94:A9:52:AC:85:2D:C6"}}},"request":{"raw":"GET /game/jc_01-h5-12.png?2 HTTP/1.1\r\nHost: kp-i25372.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 42897\r\nlast-modified: Mon, 29 Jun 2020 15:27:21 GMT\r\netag: \"5efa0859-a791\"\r\nexpires: Mon, 23 Mar 2026 10:43:08 GMT\r\ncache-control: max-age=3600, public, max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, If-Modified-Since, Cache-Control, Range\r\naccess-control-max-age: 86400\r\nx-resource-origin: Edge-02\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42897,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 133 x 133, 8-bit/color RGBA, non-interlaced","md5":"8f986bb16b186de6a2da750ee17075f9","sha1":"1042d8d957637367474d4c71875b00d73d4e86d3","sha256":"ce3ec9e64e223762dacfdfb4e7b2028b4b52c719dc7e0af31017e8e89272f744","sha512":"cc41d8ac75a79d52d438f9ffaef02a9d62d334a683c24d86db751b4ce0218e82cf4e2454f29749b142b7e4ee5dab05f9d103e1be1548b8464b258180293182c4","ssdeep":"768:nbmfuXIP7Us5ZnpD1H/WFilPRy4k58ta1vjphHX8qUiytETpUXHU4y4r9Q0UM4K5:nKfWIP7Us5XpCiTyxi81vj/HXlm+KPQG","tlshash":"b013f1fd294b226cea22dd49962c52da99b1f54ea133c739f17fe82c8db389510498c1","first_seen":"2023-12-05T01:35:27Z","last_seen":"2026-04-05T00:12:49.296237Z","times_seen":447,"resource_available":false,"data":null}},"time_used":1276,"timings":{"blocked":372,"dns":39,"connect":169,"send":0,"wait":399,"receive":111,"ssl":164},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-23/911.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/911.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:12 GMT\r\netag: \"69ab4188-2f9d\"\r\nserver: openresty\r\ndate: Sun, 22 Mar 2026 16:30:39 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 61949\r\ncontent-length: 12189\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 3648762285290069122\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12189,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"4e7972df5b6e4358c67f960effd7b3be","sha1":"e2b3ff96701c5cb17220687c12cb55d563e5ceef","sha256":"17089c0e554efabf7b61e245c9b53fe3e86e8789be381c91f35a3f9aebb5bf37","sha512":"48ecb4922f1cf698a62d8b64556bbd837a990ffd96793ce6dce457e6532a0b8c7f2f7e46cf0791b60f91296546b7cd0015f489f307de36b65be2efbc9ef55d5c","ssdeep":"192:tmp6d9tCJ8MnBlOHXybh3Qm0m3qMDDF7TOyhpf62/JIQexZdwRKWX5SVZMdygaTR:tm0dXC7Xfh3Qm4MDJfOyn62xIQIwRKcK","tlshash":"e742bf2185d49dd81bc62136bb20726dc04f448d186ab9e6c6fc8c1ac26ef10eb8fa4d","first_seen":"2026-03-23T09:43:31.10357Z","last_seen":"2026-03-24T11:52:21.590958Z","times_seen":3,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":19,"connect":27,"send":0,"wait":23,"receive":1,"ssl":121},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-23/892.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/892.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:10 GMT\r\netag: \"69ab4186-a383\"\r\nserver: openresty\r\ndate: Sun, 22 Mar 2026 16:13:27 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 62981\r\ncontent-length: 41859\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 9331062787284458165\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41859,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"023e27f57e7426c2b200feb0aead3c8c","sha1":"fd34b89681b9ae4f57a65a444864d7a4a6cc16f0","sha256":"f31cde04ec77bdd7a6c50b122a5ac69df007efa9460ae9cc729fb53956e8aa85","sha512":"3bead0c603f611a46980a925fdf782c11c951bb24c392cbaf93a5f78a3278cd800e04c782b7f214885c5d52fd827796072c3e539e5275ef46a3486fd2b436bf4","ssdeep":"768:sa0GfBrZoa2BmNGcSS+arobpKMbr2AZB7Bvh3KEQgdZ7K2S0e6weKxQ:ztBr2a24GcSero/rbZfvh3ZQV/Z6B","tlshash":"b613029b54e63a40dbdfebd0073d536708aa5a5a80d781fc9286ef60a2c3fc40b93d50","first_seen":"2026-03-23T09:43:31.105726Z","last_seen":"2026-03-23T09:43:38.689915Z","times_seen":2,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":7,"connect":29,"send":0,"wait":20,"receive":14,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/shangshan_dasiqq315.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/shangshan_dasiqq315.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Mar 2026 08:25:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c0f8e3-1bb3\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7091,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (329)","md5":"00f28f067d3e8e606b0c35c5a6157845","sha1":"2d6ba5e5ac39da82b28be0c4b8d079b08f479892","sha256":"ed9a25764f2abe2b5b70b6cad35110ba9b08eb8afece76421c8aecf136864800","sha512":"64247cd3d1c65b8b65426779cfc3d1312aafe455a9ef0c5a1aee7c1394672a1ebc8046977684af8b31184e0e276f9fd8f1570d0c68b6a8ab76f444b0010815d1","ssdeep":"96:HQ9bzSrL+w3S7kFbzSC5kw3SYHi7NaO1agMGShaMaYad5a9Ka+V3STvtR:HamrvC7+mCDCYEbUBsCzn","tlshash":"0de1f07d97a6585a023385f4e068be6cf8b9703fdd629421d9ff03b1118aed68c9344c","first_seen":"2026-03-23T09:43:14.111169Z","last_seen":"2026-03-23T09:43:38.70966Z","times_seen":3,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zbxmrg.univqi07dr.com/xctbqa.gif.js","fqdn":"zbxmrg.univqi07dr.com","domain":"univqi07dr.com","tld":"com"},"ip":{"addr":"23.224.225.141","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"univqi07dr.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 09 Jan 2026 01:28:57 GMT","end":"Thu, 09 Apr 2026 01:28:56 GMT"},"fingerprint":{"sha1":"31:BD:FF:C6:AD:5A:9A:C6:0C:30:EA:CC:19:C5:00:79:56:1F:88:8E","sha256":"FD:1A:57:82:8F:A0:4F:BB:86:FF:84:C6:0D:06:EB:F3:F2:4F:EA:15:DD:5A:AE:87:29:57:37:C6:72:FC:7A:88"}}},"request":{"raw":"GET /xctbqa.gif.js HTTP/1.1\r\nHost: zbxmrg.univqi07dr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 200708\r\nlast-modified: Thu, 13 Nov 2025 18:33:35 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":200708,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 35011 x 49920","md5":"b90f18d5e743a088d75bac1d50f97a65","sha1":"fbf4ce22a9c5b438d5db36ea41e4d35a56ccb9e9","sha256":"e2e3707f1076731752f88b1dfd948d176f64649e667d0ecd662c329ad8b09446","sha512":"6f0eb56d6b650662ce74dea953a71f29966a8380236c2b14a2d8b9f87a834eae2e1049d038118e52cb8edf06742c8d6544d62e731b0fbe260a584a3751f452dc","ssdeep":"6144:PxJWcKUlBeto5eeZspBpH2EY0+QVw5bZcy6VrIrKj9iiSCdV7gaSA:PxJWcKUbfsCspBpHzYHQIbZcyaIrKjzV","tlshash":"1654e1035255f3b4d2e7d6f6280106e426458ba6b68abfd1c134d1a13d9b22c7bef1e3","first_seen":"2025-11-14T10:16:11.180854Z","last_seen":"2026-04-05T00:25:09.19946Z","times_seen":399,"resource_available":false,"data":null}},"time_used":1326,"timings":{"blocked":9,"dns":0,"connect":157,"send":0,"wait":158,"receive":806,"ssl":236},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/menu.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/menu.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Mar 2026 08:25:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c0f8e3-39a0\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14752,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (324), with CRLF line terminators","md5":"694cb34dd524b79a65e4174a9ea1c5c0","sha1":"a9105caaf0a555de5e238ce1b5cb5714705fbaa4","sha256":"2ca76878793382176a485939f4e57e77df1038c1b37e67c4c822b9ee9f494cbb","sha512":"da43f4d63656ff0133b89131895639bf835b33310ce12b542f58198f593b8ac4108c9c528f5a56f306e81b5ec177c71e00bb28b56cb4f8cdb8e32d438b2bc8eb","ssdeep":"384:12wXdUQ2DxQ5DgnvrCyvc3mQvONmOvqIVR+lE88Pz7E:HX6/SG88c","tlshash":"dc62a55efb81c44682b22f7af57abc7df8b6a0751f43cc59ea4964a7e5106f6108108c","first_seen":"2026-03-23T09:43:14.101652Z","last_seen":"2026-03-23T09:43:38.688188Z","times_seen":3,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-23/912.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/912.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:14 GMT\r\netag: \"69ab418a-4306\"\r\nserver: openresty\r\ndate: Sun, 22 Mar 2026 16:30:39 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 61949\r\ncontent-length: 17158\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 17357445358562287273\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":17158,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"3f53bd304e5ed4e52b2b7339ff26d762","sha1":"4d765a0bb114f99f27c3df9802668dc917a103c2","sha256":"9d44a693f9958d93be60951a0e8bfb450115590293440f6def9c327f46e158b1","sha512":"719329f71717d809fc7fbe48ae6385618982f586e446ca156d5d628c11b2bd318e7ed2496b20bd4811cbb18b7eb19ba24f8af77bf817b4ce0c954c82270a24b6","ssdeep":"384:dl0O/ZA4u0msZF/ROyLnR0znTCWeXHIp37QxYRkk9sTv:Hh/Ztu0msZFJOyjR0LTte4pAYR+","tlshash":"b372d0609df3200c759aa82ba0f10d0672555f6a934beb19fd93f0c91ba1f69a67f084","first_seen":"2026-03-23T09:43:31.112426Z","last_seen":"2026-03-23T09:43:38.699414Z","times_seen":2,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":4,"dns":5,"connect":31,"send":0,"wait":35,"receive":7,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-23/1141.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/1141.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:09 GMT\r\netag: \"69ab4185-4045\"\r\nserver: openresty\r\ndate: Sun, 22 Mar 2026 16:31:27 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 61901\r\ncontent-length: 16453\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 6420188621886922125\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16453,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"3a0927d155c7e0d6595b9c65c0cc7f05","sha1":"a7bb773e0ec58366b02157a0e84dbb0a6feeeba6","sha256":"4c630f88810fd7bbed347be822730e3750b52bb3546c38f538e3746418b158a5","sha512":"73fa6027cfeda0088ce89a5d280e9d2ce97ed300cbe8046ded3d3baf37dd16b65c5f8dda77270879a5a04fd49f61acc8a3ad44bec5600877013fac80b4a10c73","ssdeep":"384:vZlBND/5o0hmJspGATQroAHvrPTjb3R564uQm1h7q:hvNdo0gJspWJ56b57q","tlshash":"d872cfb9f9c6ae10cf260344834c1151811718c932f79cb876e29d7fed499721e9361e","first_seen":"2026-03-23T09:43:31.114167Z","last_seen":"2026-03-23T09:43:38.700778Z","times_seen":2,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":146,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.yiqitongji.com/matomo.php?action_name=992kp%E5%BF%AB%E6%A8%82%E7%9C%8B%E7%89%87\u0026idsite=1\u0026rec=1\u0026r=851857\u0026h=9\u0026m=42\u0026s=51\u0026url=https%3A%2F%2Fwww.992kp365.work%2Ffrontpage.html\u0026_id=c7d467b6b3e2e669\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=o6I0mt\u0026pf_net=0\u0026pf_srv=164\u0026pf_tfr=0\u0026pf_dm1=963\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024","fqdn":"www.yiqitongji.com","domain":"yiqitongji.com","tld":"com"},"ip":{"addr":"107.148.148.129","port":443,"asn":399195,"as":"PEG-KR","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:51.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yiqitongji.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 21 Jan 2026 02:14:36 GMT","end":"Tue, 21 Apr 2026 02:14:35 GMT"},"fingerprint":{"sha1":"C5:D9:59:49:95:5A:11:31:39:87:43:DF:CD:78:52:40:FD:6B:D0:8D","sha256":"82:CC:C7:E3:7D:E8:90:0A:BE:1D:82:22:C0:A6:5E:B8:43:58:73:4D:7E:72:29:D1:C5:25:5F:4A:F2:CA:4C:7E"}}},"request":{"raw":"POST /matomo.php?action_name=992kp%E5%BF%AB%E6%A8%82%E7%9C%8B%E7%89%87\u0026idsite=1\u0026rec=1\u0026r=851857\u0026h=9\u0026m=42\u0026s=51\u0026url=https%3A%2F%2Fwww.992kp365.work%2Ffrontpage.html\u0026_id=c7d467b6b3e2e669\u0026_idn=1\u0026send_image=0\u0026_refts=0\u0026pv_id=o6I0mt\u0026pf_net=0\u0026pf_srv=164\u0026pf_tfr=0\u0026pf_dm1=963\u0026uadata=%7B%7D\u0026pdf=1\u0026qt=0\u0026realp=0\u0026wma=0\u0026fla=0\u0026java=0\u0026ag=0\u0026cookie=1\u0026res=1280x1024 HTTP/1.1\r\nHost: www.yiqitongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=utf-8\r\nContent-Length: 0\r\nOrigin: https://www.992kp365.work\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:51 GMT\r\ncontent-encoding: none\r\naccess-control-allow-origin: https://www.992kp365.work\r\naccess-control-allow-credentials: true\r\nreferrer-policy: origin\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T03:47:03.156897Z","times_seen":13357702,"resource_available":true,"data":null}},"time_used":421,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":421,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/index.html","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T09:43:05.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /index.html HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 22 Mar 2026 16:25:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c01804-c812\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:2.1.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51218,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (377), with CRLF, NEL line terminators","md5":"279c2e86d7f053634cc38412c98ac408","sha1":"e134d3228ebd1d9009f2fb2b5903655e7f50ceb4","sha256":"1d92514b88b150e9c2172d165f16c5270cf728b88a0257f49528b8fbe0a90fd4","sha512":"5e87c48fd17abeebe37edc484d66773db856315448c7842d4536bfb0acd0dc76eaef319adbe3817de29a86008fa936ebec47687cc51f34ddd97b3b62c9f360bf","ssdeep":"384:CeFRzl1Yd737kY/qdRxaVuQKLVm49ss7inW5TaS+e8U4aVxtnIqfiw8C:I+81adx4C","tlshash":"88333f3958c0432b01b78591f972eba8fa915257c2035b94b3fd22a7dffad3259230d9","first_seen":"2026-03-23T09:43:14.098104Z","last_seen":"2026-03-23T09:43:38.709029Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1298,"timings":{"blocked":571,"dns":89,"connect":157,"send":0,"wait":157,"receive":0,"ssl":321},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/cfg.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/cfg.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 21 Mar 2026 06:05:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69be3514-1640\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5696,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"6b2c9140f99992362528bd46caf8cf55","sha1":"14380413193d205bfad9abcc508911a3e109bfb3","sha256":"88251da0ba0c91a9e95ceeacfdec626fd82b8b5b7a0c7e348ff8fd53d17a2b69","sha512":"abe90f809158c5472871e2cc11b7bbffd60f76710bd446fab0e347f5ee4a9de55e4fd1fb63645e59f767fc1e3649a0922b965a4ed6320a5ace93b2fa6a362e45","ssdeep":"96:pi/AZ8xw1fofHCu7FexoJbqYoZj3rA9t7MtVaZympSJYf48Q1moKik1gH:pi/AZ8iofHCuJbqYW7osmpSJYf48Q1m0","tlshash":"edc1338f58866c279bb817b96b3e258df9b6e41b0944ce45b90d72409fbd069e170ccc","first_seen":"2026-03-21T23:10:35.346974Z","last_seen":"2026-03-23T09:43:38.713759Z","times_seen":20,"resource_available":true,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.yiqitongji.com/matomo.js","fqdn":"www.yiqitongji.com","domain":"yiqitongji.com","tld":"com"},"ip":{"addr":"107.148.148.129","port":443,"asn":399195,"as":"PEG-KR","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yiqitongji.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 21 Jan 2026 02:14:36 GMT","end":"Tue, 21 Apr 2026 02:14:35 GMT"},"fingerprint":{"sha1":"C5:D9:59:49:95:5A:11:31:39:87:43:DF:CD:78:52:40:FD:6B:D0:8D","sha256":"82:CC:C7:E3:7D:E8:90:0A:BE:1D:82:22:C0:A6:5E:B8:43:58:73:4D:7E:72:29:D1:C5:25:5F:4A:F2:CA:4C:7E"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: www.yiqitongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 18 Mar 2026 02:44:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69ba1189-10988\"\r\nexpires: Mon, 23 Mar 2026 10:43:08 GMT\r\npragma: public\r\ncache-control: max-age=3600, public\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67976,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"b032bad4d0d4a7048ffb383d9ecca10c","sha1":"b79ca8828403f0094f8af46ddff72681d3ca7e1b","sha256":"643dc9512a4efa9959a6475a7e7fcdf906b492aedd5c423e83867f8f153dd13e","sha512":"3d80873cc8e92fac5db40bcaec79386d04bcf9135b48747bfdfc0961c054072a476b81f3e75e148f0063525cef414613997a26a13c76d23c6b9bb3a639c4a081","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmlMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fucXYy1PGJ9d5","tlshash":"d063d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","first_seen":"2026-02-09T02:52:16.040273Z","last_seen":"2026-04-05T03:52:52.735071Z","times_seen":948,"resource_available":true,"data":null}},"time_used":1798,"timings":{"blocked":620,"dns":1,"connect":282,"send":0,"wait":558,"receive":0,"ssl":331},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-23T09:42:48.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:49 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nx-powered-by: PHP/7.0.33\r\nlocation: /frontpage.html\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.0.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":14128,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T03:47:03.156897Z","times_seen":13357702,"resource_available":true,"data":null}},"time_used":1835,"timings":{"blocked":836,"dns":335,"connect":163,"send":0,"wait":163,"receive":0,"ssl":336},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/js/huanyuan.js","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:49.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /js/huanyuan.js HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/frontpage.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:49 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 26 Jan 2026 16:29:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69779667-17d3\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6099,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1133), with CRLF line terminators","md5":"e5ff1933a9c51f5ed95dafb400a7e5b4","sha1":"8d7ab3bfb25e099322caedd04d5be039e9155af7","sha256":"18b0ce86190047070a14bfc871001d8b54c7923bd32be46d078187ada3fa372a","sha512":"c2c411bc69f69456e43de47268470af98590f6fe2f14fade431297caf57e19124b53ba8315606b2b5ca73c4948624bc170be6c1eb4fd7fec5ed065d2b42e79af","ssdeep":"96:mLsDsicvR6fmVVSxSc8TxsAz4h8DeCh7CL+h89HmrEgBSBMrvqkjwtODSrzMJtW8:mlicvEfFSxsw4IcSm94SMxjIrctWRmYE","tlshash":"21c1538873dc620b95df7623ce7f8564a179982a4294ac0fa64cf1dc58b542dc678cfc","first_seen":"2023-09-07T08:54:49Z","last_seen":"2026-04-05T00:12:49.307991Z","times_seen":738,"resource_available":true,"data":null}},"time_used":312,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"992kp-js.com/js/index.js","fqdn":"992kp-js.com","domain":"992kp-js.com","tld":"com"},"ip":{"addr":"162.209.140.67","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp-js.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Mar 2026 07:55:12 GMT","end":"Thu, 04 Jun 2026 07:55:11 GMT"},"fingerprint":{"sha1":"C1:40:19:02:85:64:77:C6:08:5F:86:EA:D8:FB:2C:36:82:69:EC:CA","sha256":"8E:6D:F3:9E:02:B5:C6:15:F5:E8:DC:B9:C5:18:D6:AE:51:5B:98:CD:E8:74:85:12:58:15:AE:31:E7:57:A2:1D"}}},"request":{"raw":"GET /js/index.js HTTP/1.1\r\nHost: 992kp-js.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:07 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 405\r\nlast-modified: Thu, 12 Jun 2025 01:32:39 GMT\r\netag: \"684a2e37-195\"\r\nexpires: Mon, 23 Mar 2026 10:43:07 GMT\r\ncache-control: max-age=3600\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept\r\naccess-control-max-age: 3600\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":405,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"4d87a4619c0f51b639fa591716de2bd3","sha1":"8d46d22da40e875810ee644c097e5865877ce2a2","sha256":"3667f2b9746f19719a50bb65c8f2dcadfe9ef5b69c95a71c2da6b945beff5ba5","sha512":"6e7b6db1b538cc43593578fac64c78a5beb4df7b8b1f3859a04878f0c2948fac04f3bef8209e6d33f306d166a85fc03f336b3ad1853aed796d63bbe8d72cc015","ssdeep":"","tlshash":"6be061215d4d2e7d4355a17b2c38df1a73d7181ca89180494d94b87575b2ac655c1388","first_seen":"2025-04-24T08:44:46.831208Z","last_seen":"2026-04-05T00:12:49.268859Z","times_seen":553,"resource_available":true,"data":null}},"time_used":1885,"timings":{"blocked":630,"dns":1,"connect":211,"send":0,"wait":613,"receive":0,"ssl":427},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/images/android.png","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /images/android.png HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nCookie: laiguo=true; guid=659a3d342fb025b3357ab4af4bd17649\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 38600\r\nlast-modified: Mon, 26 Jan 2026 16:35:43 GMT\r\netag: \"697797df-96c8\"\r\nexpires: Tue, 24 Mar 2026 09:43:08 GMT\r\ncache-control: max-age=86400\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38600,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 565 x 411, 8-bit/color RGBA, non-interlaced","md5":"61ed753841595bb913a0191f7ac278fd","sha1":"385662f868d440e4459fbca03dcacbb64002b5cc","sha256":"3294e8ef217bfcb67ae649213c5db073c78f5048fc141f9fa10ecb3d7cd58db3","sha512":"4dd0e94df6a92ade58571998b2506da902b853be8648bc455cf5606dd12137401f5f199797267e1ee47e997eac996d194602e3d495a9cd324000e4be81f1ea94","ssdeep":"384:VAltJ5BWZg7ex+jiTOq3Vt/+7LlAqyht54QRSez/RVKZq2hImahsasoxFhW1onIm:CtUT67LlAqy5R8W/RV12hOhnsolNIlQ","tlshash":"9f03ae107ea1398bd4ae6470165667c44e8a0fa3ea314d453a3e451e3f61b7fbe8ec42","first_seen":"2023-05-22T11:59:01Z","last_seen":"2026-04-05T00:12:49.259367Z","times_seen":568,"resource_available":false,"data":null}},"time_used":328,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":76,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-23/893.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-23/893.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:10 GMT\r\netag: \"69ab4186-1caa\"\r\nserver: openresty\r\ndate: Sun, 22 Mar 2026 16:31:27 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 61901\r\ncontent-length: 7338\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 424537590936807777\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7338,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"04643aa339e0e81a1ed1482eca83268f","sha1":"688a58a4dbb5c834161405c163c9a7a2f56dcc6d","sha256":"939f229a893506391ac99801d7adb50c466eaec132f0620e31a77e93e35c701b","sha512":"917e413f020422a844e7e3f133802116c0d09ebad9a0fc89a136898df00314bce4173aa4a7e91f2a00dd99cfe462ee3cf3d6254c03b38ec7d26ab56d3d1c152b","ssdeep":"192:EmLE7MPb+4Xn8L1Vb5F0bBSSN5zsRKS5+66/p0:vkA3il8BSSjzuK/g","tlshash":"23e19d8daa97bd97c63d18d822b3fe9f1189e06cbd0ce42caf4c84456221954681b88f","first_seen":"2026-03-23T09:43:31.119643Z","last_seen":"2026-03-23T09:43:38.677779Z","times_seen":2,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":54,"dns":7,"connect":21,"send":0,"wait":39,"receive":2,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com/Uploads/vod/2026-03-22/911.mp4.gif.b64","fqdn":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","domain":"jinanrqz.com","tld":"com"},"ip":{"addr":"43.175.36.11","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:08.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2tug88zcb5mnc2ry6ckuhek.jinanrqz.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Mon, 02 Mar 2026 00:00:00 GMT","end":"Sat, 30 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:F3:AB:18:6A:C4:00:2E:B3:81:E6:7D:AD:21:99:E1:0F:A6:3A:4D","sha256":"18:F4:E5:3C:E7:BB:86:93:3A:07:ED:D4:03:4D:49:26:3A:5E:EE:77:D0:AF:D0:76:10:2D:8E:CD:55:BE:63:95"}}},"request":{"raw":"GET /Uploads/vod/2026-03-22/911.mp4.gif.b64 HTTP/1.1\r\nHost: 2tug88zcb5mnc2ry6ckuhek.jinanrqz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://fp7.992kp179.com:7443/\r\nOrigin: https://fp7.992kp179.com:7443\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Fri, 06 Mar 2026 21:05:04 GMT\r\netag: \"69ab4180-28ae\"\r\nserver: openresty\r\ndate: Sat, 21 Mar 2026 16:33:52 GMT\r\ncontent-type: application/octet-stream\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\nexpires: 1h\r\nage: 148156\r\ncontent-length: 10414\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 10963284919071535137\r\nx-cache-lookup: Cache Hit\r\nstrict-transport-security: max-age=86400;includeSubDomains\r\ncache-control: max-age=1209600\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10414,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text","md5":"9a504089f208867e3eca8279555882a3","sha1":"5509f14982d6ef0125947dc7cbad0cafb517b2ac","sha256":"ee8a83d865f93cff35012508533d15856c9d29a6865fa4304988e8dc32c6a961","sha512":"e83bb8cd8224e9940813976dcdb30435cb32abb8f6defab3a55008c257dcfcf50d29ca29e0a44a94ee93dba1887874cd0835c7488fb40eae72563b157ab58c7d","ssdeep":"192:LxromovWqeTh1YUPDeFx1wn42PdvSI90PkSxe717JYLtNRmx4u+DZK:LxNovWDh1TPyo42Pdvd08oe71GvAx29K","tlshash":"6422b026e160ebcdc48a603d345539a88321b01d4bd42e2ed9fd6d1c9a066dedfb02f7","first_seen":"2026-03-21T23:35:02.214038Z","last_seen":"2026-03-23T09:43:38.678554Z","times_seen":16,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":50,"dns":8,"connect":21,"send":0,"wait":36,"receive":1,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.992kp365.work/favicon.ico","fqdn":"www.992kp365.work","domain":"992kp365.work","tld":"work"},"ip":{"addr":"23.224.132.10","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:50.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp365.work","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Feb 2026 08:02:18 GMT","end":"Fri, 08 May 2026 08:02:17 GMT"},"fingerprint":{"sha1":"24:B2:C6:01:F2:8D:23:8C:97:07:52:77:5F:B1:93:F3:C0:1C:19:70","sha256":"D7:D9:43:26:53:62:27:A0:34:47:A0:B9:F7:F1:F6:AE:43:B3:55:BB:B5:14:64:F7:4D:38:19:E9:24:85:4F:FE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.992kp365.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/frontpage.html\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:50 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 4286\r\nlast-modified: Mon, 26 Jan 2026 16:33:02 GMT\r\netag: \"6977973e-10be\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"74589f5ad498edc6e5cf028a9771b292","sha1":"a14ec07c97c990c9d1a2a82c8b4e72e31d4acf5f","sha256":"d1c82f12fef7057d77f02a942e4a3f2f110ea29a398d13985c7f5d333db3a1f6","sha512":"8d469d9fa8c429dd0abe8f49f68f13f977d4a1200c6a36e3d18a092dac4e96051803b9b9a723d6e238fc91e8ac6f75c3ec3c08f1a8cc7ab1d21cb33108671b68","ssdeep":"12:su0Em++++j+++++f3+zZ+h+++d+++++h+++++Z+++d+Hz+f3+++++j++DmtvxuOP:subztGlK","tlshash":"5691c5023302d058c4540db0cc0ad7fd05957f61da100143359dbd8f3ff23a4356228c","first_seen":"2023-05-22T11:51:11Z","last_seen":"2026-04-05T00:12:49.290253Z","times_seen":743,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":166,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-23","alert":"Sinkholed","trigger":"www.992kp365.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp7.992kp179.com:7443/js/xiashan_dasiqq315.js","fqdn":"fp7.992kp179.com","domain":"992kp179.com","tld":"com"},"ip":{"addr":"23.225.91.220","port":7443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:06.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"ECDSA-P521-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"992kp179.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Feb 2026 08:08:31 GMT","end":"Tue, 05 May 2026 08:08:30 GMT"},"fingerprint":{"sha1":"3D:06:90:8F:2E:0E:E5:AA:0A:DF:52:0D:13:84:FA:8F:A0:2E:CA:62","sha256":"16:E0:AF:D9:5C:D0:FE:16:AD:C0:66:9C:02:48:3D:52:44:D0:25:7C:4E:A6:44:BA:AE:37:D3:79:C4:98:8B:7F"}}},"request":{"raw":"GET /js/xiashan_dasiqq315.js HTTP/1.1\r\nHost: fp7.992kp179.com:7443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/index.html\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:43:06 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Mar 2026 08:25:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69c0f8e3-42f9\"\r\nstrict-transport-security: max-age=31536000; includeSubdomains;\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17145,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, ASCII text, with very long lines (324), with CRLF line terminators","md5":"0785e246891b376b05be2a5daf822f87","sha1":"28fc85d322332a3e347e7811340b9b5ac4486f4d","sha256":"92872adcbf3618abc2de1ca7c045a805f8a63857acab0f09ee2e1070c7062a51","sha512":"eb1a87685e99e86029becb64854df830bb37a61c5032af8532ea4498124394a6bd9cae002ad3037a35730e712ff6695f485f2577c97fc10bb67a85d2746d375f","ssdeep":"384:2cVyLhKdYz/qTJoLFuRrm5ym+7Hfru/004cCAD+aSOUBurJt6Pr5dD:BVyLh8igG5qrIPq/rgzzCAD+aSOUBurm","tlshash":"3072213e638651120732a5f1f6f8fb8cf4b6907fdf234609f4af0a916199996448b8dc","first_seen":"2026-03-23T09:43:14.102547Z","last_seen":"2026-03-23T09:43:38.728343Z","times_seen":3,"resource_available":true,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":325,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hgetryn.sgsjlxgw.com/dfgasjdhfnajsdfnajsdnfasdjfnhadjshfdsfd47874151.gif.js","fqdn":"hgetryn.sgsjlxgw.com","domain":"sgsjlxgw.com","tld":"com"},"ip":{"addr":"23.224.225.139","port":443,"asn":40065,"as":"CNSERVERS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://fp7.992kp179.com:7443/index.html","date":"2026-03-23T09:43:07.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sgsjlxgw.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 19 Jan 2026 06:53:17 GMT","end":"Sun, 19 Apr 2026 06:53:16 GMT"},"fingerprint":{"sha1":"EC:97:DB:CF:13:D2:BD:6E:09:22:65:33:53:C5:8B:F2:92:99:24:E6","sha256":"21:F0:59:CC:D2:60:1B:02:B6:C4:63:82:D7:8E:5F:BB:01:7B:77:8B:39:2C:22:16:40:8F:3E:C9:B5:31:93:1F"}}},"request":{"raw":"GET /dfgasjdhfnajsdfnajsdnfasdjfnhadjshfdsfd47874151.gif.js HTTP/1.1\r\nHost: hgetryn.sgsjlxgw.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fp7.992kp179.com:7443/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Mon, 23 Mar 2026 09:58:54 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 116410\r\nlast-modified: Sat, 15 Nov 2025 02:18:29 GMT\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116410,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"GIF image data, version 89a, 41155 x 25601","md5":"df8610f36d98bd7ec03988630c27e358","sha1":"54f6e1b6125c5b2a944a66296474e8eacbe62bb5","sha256":"10d9b42b14b49729985f88a2ee43f815dd5747671ad50dd11804559da1eb6155","sha512":"d5541516a2467bd153959a97483b241e1a695824f763e70fb876397ec5a582a14839a735265731bc9b77746b084efcdc1b006a4c84741696bf8f9cae9321beeb","ssdeep":"3072:iaL6T6WRo5qAhT7O5SM9PHt7POG3wbJgKuO6JQrfsh2B3h9oZlUSl+NgsCho7cP8:iaGT6WR0BS9/tDOGAbJHu63AKSl+N1Ld","tlshash":"36f3e102a790f7f4d2a266f26d1505f07a476f70d7d3aa40c53ca291298f22c7b9d4e7","first_seen":"2025-11-15T14:50:48.247344Z","last_seen":"2026-04-05T00:25:09.176372Z","times_seen":472,"resource_available":false,"data":null}},"time_used":1632,"timings":{"blocked":531,"dns":0,"connect":0,"send":0,"wait":630,"receive":207,"ssl":264},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.yiqitongji.com/matomo.js","fqdn":"www.yiqitongji.com","domain":"yiqitongji.com","tld":"com"},"ip":{"addr":"107.148.148.129","port":443,"asn":399195,"as":"PEG-KR","country":"South Korea","country_code":"KR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.992kp365.work/frontpage.html","date":"2026-03-23T09:42:50.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yiqitongji.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 21 Jan 2026 02:14:36 GMT","end":"Tue, 21 Apr 2026 02:14:35 GMT"},"fingerprint":{"sha1":"C5:D9:59:49:95:5A:11:31:39:87:43:DF:CD:78:52:40:FD:6B:D0:8D","sha256":"82:CC:C7:E3:7D:E8:90:0A:BE:1D:82:22:C0:A6:5E:B8:43:58:73:4D:7E:72:29:D1:C5:25:5F:4A:F2:CA:4C:7E"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: www.yiqitongji.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.992kp365.work/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 23 Mar 2026 09:42:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 18 Mar 2026 02:44:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69ba1189-10988\"\r\nexpires: Mon, 23 Mar 2026 10:42:50 GMT\r\npragma: public\r\ncache-control: max-age=3600, public\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67976,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2923)","md5":"b032bad4d0d4a7048ffb383d9ecca10c","sha1":"b79ca8828403f0094f8af46ddff72681d3ca7e1b","sha256":"643dc9512a4efa9959a6475a7e7fcdf906b492aedd5c423e83867f8f153dd13e","sha512":"3d80873cc8e92fac5db40bcaec79386d04bcf9135b48747bfdfc0961c054072a476b81f3e75e148f0063525cef414613997a26a13c76d23c6b9bb3a639c4a081","ssdeep":"1536:ATgnSINAJrRJqerEKlFXhuXEjmlMNfwS9h2BLy1z71B8I6fJIKIQaFLa:AT+Z2fucXYy1PGJ9d5","tlshash":"d063d8ce72c2753a4bcb6075a43f114ab27e9caa1448c4b4e62ac4f6383491d657bf7c","first_seen":"2026-02-09T02:52:16.040273Z","last_seen":"2026-04-05T03:52:52.735071Z","times_seen":948,"resource_available":true,"data":null}},"time_used":1629,"timings":{"blocked":544,"dns":1,"connect":265,"send":0,"wait":539,"receive":0,"ssl":278},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}