{"report_id":"b1935068-5d97-4205-acc8-17e0fc10044b","version":6,"status":"done","tags":[],"date":"2025-10-26T23:28:15Z","url":{"schema":"http","addr":"tz.wx-gujdtq3.com/app/register.php?site_id=2228\u0026topId=1193503","fqdn":"tz.wx-gujdtq3.com","domain":"wx-gujdtq3.com","tld":"com"},"ip":{"addr":"8.214.162.128","port":0,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"title":"大满贯","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5PjwvYm9keT48L2h0bWw+"}},"submit":{"url":{"schema":"http","addr":"tz.wx-gujdtq3.com/app/register.php?site_id=2228\u0026topId=1193503","fqdn":"tz.wx-gujdtq3.com","domain":"wx-gujdtq3.com","tld":"com"},"ip":{"addr":"8.214.162.128","port":0,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-30T23:28:15Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T23:27:57Z","timestamp":1761521277,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.27","port":54370,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-10-26T23:27:57.184386+0000\",\"flow_id\":1834615387836482,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.27\",\"src_port\":54370,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-26T23:27:57.184386+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-10-26","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2935868","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null},"summary":[{"fqdn":"api.kmhcgj.com","ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-09-08T16:59:47.974307Z","last_seen":"2025-10-21T22:41:14.215667Z","alert_count":0,"request_count":10,"received_data":8027,"sent_data":5257,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"tz.wx-gujdtq3.com","ip":{"addr":"8.214.162.128","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2025-04-03","domain_rank":0,"first_seen":"2025-04-11T20:44:29.903616Z","last_seen":"2025-10-21T22:41:14.200809Z","alert_count":0,"request_count":1,"received_data":428,"sent_data":529,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"dmgapi.jxgaozewl.com","ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-05-15T03:35:49.543029Z","last_seen":"2025-10-21T22:41:14.406569Z","alert_count":0,"request_count":10,"received_data":7903,"sent_data":5317,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"ir-sdk.dun.163.com","ip":{"addr":"47.245.158.179","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Germany","country_code":"DE"},"domain_registered":"1997-09-15","domain_rank":384622,"first_seen":"2023-07-19T12:57:32Z","last_seen":"2025-10-21T15:27:35.53138Z","alert_count":0,"request_count":2,"received_data":1050,"sent_data":916,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cstaticdun.126.net","ip":{"addr":"47.246.50.195","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"domain_registered":"1998-02-28","domain_rank":474446,"first_seen":"2017-06-21T07:31:41Z","last_seen":"2025-10-20T05:20:23.440759Z","alert_count":1,"request_count":3,"received_data":769091,"sent_data":1219,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"ws.1ugqib.com","ip":{"addr":"18.162.240.158","port":22228,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"domain_registered":"2024-09-09","domain_rank":0,"first_seen":"2024-10-07T14:11:12Z","last_seen":"2025-10-21T22:41:14.851449Z","alert_count":0,"request_count":4,"received_data":552,"sent_data":2236,"comment":"","tags":null,"fingerprints":null},{"fqdn":"c.dun.163.com","ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"domain_registered":"1997-09-15","domain_rank":567732,"first_seen":"2018-06-27T10:02:17Z","last_seen":"2025-10-20T11:52:01.429634Z","alert_count":0,"request_count":2,"received_data":1690,"sent_data":1605,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"line.hrqhq.com","ip":{"addr":"8.214.162.128","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2023-01-23","domain_rank":0,"first_seen":"2024-09-16T04:30:43Z","last_seen":"2025-10-25T01:14:21.955922Z","alert_count":0,"request_count":1,"received_data":1556,"sent_data":452,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"dmgapi.kmhcgj.com","ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"domain_registered":"2024-08-29","domain_rank":0,"first_seen":"2025-05-19T05:43:22.310204Z","last_seen":"2025-10-21T22:41:14.966661Z","alert_count":0,"request_count":11,"received_data":11685,"sent_data":5803,"comment":"","tags":null,"fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"dmg16.jkchdu.com","ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"domain_registered":"2024-12-11","domain_rank":0,"first_seen":"2025-10-05T19:43:04.407445Z","last_seen":"2025-10-21T22:41:14.190653Z","alert_count":0,"request_count":25,"received_data":4987335,"sent_data":10507,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-26T23:27:57Z","timestamp":1761521277,"ip_dst":{"addr":"74.125.250.129","port":19302,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.27","port":54370,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)","source":"{\"timestamp\":\"2025-10-26T23:27:57.184386+0000\",\"flow_id\":1834615387836482,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.27\",\"src_port\":54370,\"dest_ip\":\"74.125.250.129\",\"dest_port\":19302,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2033078,\"rev\":4,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2021_06_03\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_28\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2025-10-26T23:27:57.184386+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cstaticdun.126.net/ir.2.0.10.min.js?v=29358687","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.195","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"05aa39cef9ae9940d13c744af73c1225","sha1":"0f9b8ef16b9a0e8adffda962f4e1e53d82182729","sha256":"4cf09ec09e25415ceda63117f73fea342fbdba99fe961a4798c4b219084b80b9","sha512":"acf542f1079b4c50065a48bdc5db476fc5645e4d84128b8a0f1648e83ded13ae09a9ec66cd8fa9c93b01715c3c231fd6fb51cbf957fb450ecfa5c11e8b8a7e2c","ssdeep":"1536:JbU2w5q3TYqoKg18Twg+8jJXOYakBGvwT9k:Jbg0MK7F+8jJlkvQk","tlshash":"50a3e6d9b5c2b066131b6532023f102b352e5ed6791e9580d533a2993d3c37ee1abfac","size":98563,"data":"","first_seen":"2025-03-03T01:23:51.737737Z","last_seen":"2026-01-26T03:29:20.135965Z","times_seen":4540,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"b4739958501b7d2138dc62bc20fc8e4e","sha1":"a5f0ad06eabbbf52effdbcd1926a800d8e721bbc","sha256":"5c8353e7dd41ea5fdd5b4eb1ca641af3ef7c4c273bce90a70159ab52221e9ad2","sha512":"a0d12a06b201d4f1aeddd568fa756ac0fb08b8cddbcd97a73907ccee251121a92707160193774c23ddc950c15355e6ef9bcde45010f5600ef7d208ab68777b3d","ssdeep":"","tlshash":"c68000ceb082b00082022028003b8c0ba32b08c88a08c0028200008238a0088a02ba88","size":28,"data":"","first_seen":"2023-03-07T12:09:31Z","last_seen":"2026-05-04T09:24:41.657631Z","times_seen":8612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"Function","is_inline":false,"md5":"7701a36957c0eea730b19a40415da8c6","sha1":"e62d71bc086ca98fb4092765269a64cd47cf5d2f","sha256":"b93ec6a2de1cbbabb98d1fefd1def5ecd187f61245602b6ea73873828a3d16bc","sha512":"e844433e36c4366ac1fd9c5e0d970d590cccc77951b2c2e9eb4503a6715a72b990601aac4e79652829c5ff08f352c9f5bddbb00ec74e046a3a9094527a738745","ssdeep":"","tlshash":"19b02bd13881226c8933a910803fef3310e90e1025c28140430089e004714a0a10133c","size":123,"data":"","first_seen":"2023-04-14T22:41:32Z","last_seen":"2026-05-04T09:24:41.651945Z","times_seen":5442,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"3791a54970a804481904ead0a1229558","sha1":"65d94e775951e37b8b2d77866f3618a36d128dc7","sha256":"865e5fffd0a1b4f918ef2aeb49beca76cd3acb3af62cef52aa079a7934c2464d","sha512":"aafe8fa79dcc5e29ef90697b6a7a9f13fb77853865e0005071fba32c7e830da3680e3588444689ac32970630499b97b47398872b483c9631ad513ab29e0bafeb","ssdeep":"","tlshash":"9ab0121c10e341450a0b38094629765871410023094d8c10344d08047f003412ac838a","size":104,"data":"","first_seen":"2023-04-17T02:00:03Z","last_seen":"2026-05-04T09:24:41.653239Z","times_seen":4887,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.dun.163.com/api/v3/get?referer=https%3A%2F%2Fdmg16.jkchdu.com%2Fregister\u0026zoneId=CN31\u0026dt=U1JATc%2FeE8BBVlQFUUaWzRxM5sfSNynp\u0026id=ccd7870d2f7145d3bdb62ff3e03712b6\u0026fp=Kz4%2FEae0VYSu185%5C87SzaMgotGzrTQqWeJAh7a8eBgR5UMhC%2FpqULE56Mxp0TTzaQcVZX7%5CR2rCmgETPDiCkTkkxx0GgKq7cAHU5lZ3VjPAyg%2BHsTdRrQh3q%5CGveAZyLsOKx%2Fl1N4rloRcQ0%2F1ioJIN6eqQ%2FEhVzqA1gYtDDnDiCwD1g%3A1761522177085\u0026https=true\u0026type=\u0026width=\u0026sizeType=undefined\u0026version=2.28.5\u0026dpr=1\u0026dev=1\u0026cb=lAWi%2FywZ9DsgdEyWfwihB92kUcqT%2BC3Qpcwl09N56lw39nAtLkmLEvDMHxuaX1WMk8RDLjowR%2FctbNoPN6RnidSdj%2Ff7\u0026ipv6=false\u0026runEnv=10\u0026group=\u0026scene=\u0026sdkVersion=\u0026loadVersion=2.5.3\u0026iv=4\u0026user=\u0026irToken=7xJYNxg1DiZBNkRVFFOHyQgIppKW2Z05\u0026smsVersion=v3\u0026callback=__JSONP_mpq92ss_0","fqdn":"c.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"88c481badea4520fac120d793ab57c63","sha1":"19226e9de92c816c6cbdacb7a88c715ba9ff688c","sha256":"b6b3556e5382508f75729ad74a0f1a674b5c38623bbc1a2fffe99da2968cc0a3","sha512":"c693dcd631ee3c6f16fb21216cf9ffd1c32133024b03f803bba880c3d299b80dff51791ccd1fb58a6ba1a295d74b85d0e141401d5a54a7077bf1675065b7b162","ssdeep":"","tlshash":"9ac02b0f939cfc730c40c108084a880d872ff457c45f8643b0cf2ca2470c5f95308919","size":151,"data":"","first_seen":"2025-10-26T23:28:29.881122Z","last_seen":"2025-10-26T23:28:29.881122Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"f0ffd3b7c2574ac324603ed00488c850","sha1":"623e76c36aa2a886542011e28412cc761d7ceb01","sha256":"c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154","sha512":"436f9fb4816f6975fec0d965dfc0db4c3c38c53632dd4dc99a6c1a2dd9562fbd67176d0118549ff573c97e3394bad4d601c425cf670acab249ebc8d260591fa2","ssdeep":"","tlshash":"1540000003c00000300000c0000000000003c00000000000c000000000c00000300030","size":7,"data":"","first_seen":"2023-03-07T01:03:35Z","last_seen":"2026-05-04T15:45:46.942699Z","times_seen":68851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/load.min.js?t=201903281201","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.195","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"969c6247996d8ce25014b17976bb38bf","sha1":"1d487ef5c46e944bcf13108e523951196ebd0fa7","sha256":"82472743649d956636d2fd9422adbcb43e7225c4dbbdb97937037fec87ef6cca","sha512":"6a2e0764e7ef991f9525e68ef5bf38117ee9baccf5bc19c6997fb6a1161e64f7e97c58b4f02bd2d350c48078d368780e4f36056d6ffeef3888a997af583cef52","ssdeep":"768:9KHK1+h00zI0RAcKZErsQsLiz0I+uQtzfS5+8hf/VCMiE:9CdrsQaltjS5D5/EE","tlshash":"4ff2d68cb690f4bb4ba760b0813f920be13b5614b499c0e4b155e4e4adbd8ce5627f3c","size":36115,"data":"","first_seen":"2025-10-09T05:40:00.358164Z","last_seen":"2025-11-11T13:16:41.974914Z","times_seen":1899,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/cry.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"21f7e297e083483ea77556009c9e4248","sha1":"323d86b1a0009d1d858c9cdeda17f1bd2ec2ba90","sha256":"60612b721712130e3bd32165a0687b262406772b80b848a91ee203a05b707a87","sha512":"16df416adc54fa4163cdb31b467a735bc4f76f2d30c563f664ab3aca78f2b968e8831664731447fe1ca63a03dda1f9ce07a456726c52739884c9debdfa2a3fd8","ssdeep":"768:fTd8ROKXlIEoLz23bhwV/1GVbmpRyet0uhzX3CM9OT81nLCK/r/AMD:fBVKELSLho9GVbiy00CrLWM","tlshash":"76332bc132a912a163a76490457f700bb06375b24b0de95cb55df8dcefeca9a8036e3d","size":53519,"data":"","first_seen":"2023-03-10T00:57:38Z","last_seen":"2026-05-04T08:33:47.55706Z","times_seen":3380,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"fca912633e54289c893e8ffa5e49a44a","sha1":"a3a0e95b486569c47dd51f568e2fdeeae9f51e3b","sha256":"c90ef4f8f8b0bb74e4843808ae63784ec94ed19a16ff658b95334f85d539118b","sha512":"4344468fdc4cd33f293de0454da8e26b57f835edb54d33dd0bc768a0ddae2d5a636acdb6fa4b323bc1b0ca11f7f6eee02f6b7bad0c8ed3bbef2c20e46354588c","ssdeep":"192:a01V1KLMUj8pKN0/MvZw29vCro/tr1OOzaALH+nCL/nIfn+cM2loo8vG:X1qMUA8TZPCgjzaALHPDY+cM2lovvG","tlshash":"40727472a385f8ba1b516d5b605efba3649b2ab33d30a6b4038d937497904f8130bd47","size":17131,"data":"","first_seen":"2025-10-25T06:59:34.727622Z","last_seen":"2025-10-28T13:33:25.854142Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-bf2c2eb4.13af4e71.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c170cbb63f5c10724f7bd807cf62238","sha1":"0ff35a7b81422f309b0c2bb15359978f81891b3e","sha256":"36a9335aa5fc8376533b3e08045441f5de5222879d8398f0ac0c58ef18769e41","sha512":"e28ae24028b6e4074178fe03b6d3bc77a6f89abcd9f14196a20a2c04359652c52980b3121624835ebd2a8f5eeccfeb1880c994b63119ecf30c93c9166be7cf98","ssdeep":"768:yLRGUPxicEcccFccccccCYGOiDXRHh8VjiBQgX0kexam6Q:eRRPuzex","tlshash":"cdc24a017790f0680753ed6b7627f0f9e83b08bd399826c6f035fb829a58f19a786175","size":27827,"data":"","first_seen":"2025-10-25T06:59:34.711024Z","last_seen":"2025-10-28T13:33:25.837123Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-commons.f822c471.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1ac9531751a8d1f6ca135c95072db1e2","sha1":"8479d53234992467ed185aae1fe82e09ea2d56b5","sha256":"7491136a1ccd319d6eb884af83ab6561883fab167ed36d1c8ae95e3afd8860ba","sha512":"d5c64b10b38de15dc0cf7d2f474986b235f95ebd298fe8d868690bc619fb85ebc26882b13de8381c2f724f432278a32748a7d54e8e0814e67ce0e9d0026b9853","ssdeep":"768:m3kqo/ruII69mlelG9LSsnBcETgfpfUtX3ULnt1fwG2rQex1v1CjMYjQfE2BFqdI:lTlILpUMYjgQdpziTMciMH+acPJtv2eg","tlshash":"f783850526e4a6ec17875f75322ab0fce1271d5a3448084ee334bc64a67563faff2639","size":88215,"data":"","first_seen":"2025-10-25T06:59:34.709941Z","last_seen":"2025-10-28T13:33:25.849066Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"b4739958501b7d2138dc62bc20fc8e4e","sha1":"a5f0ad06eabbbf52effdbcd1926a800d8e721bbc","sha256":"5c8353e7dd41ea5fdd5b4eb1ca641af3ef7c4c273bce90a70159ab52221e9ad2","sha512":"a0d12a06b201d4f1aeddd568fa756ac0fb08b8cddbcd97a73907ccee251121a92707160193774c23ddc950c15355e6ef9bcde45010f5600ef7d208ab68777b3d","ssdeep":"","tlshash":"c68000ceb082b00082022028003b8c0ba32b08c88a08c0028200008238a0088a02ba88","size":28,"data":"","first_seen":"2023-03-07T12:09:31Z","last_seen":"2026-05-04T09:24:41.657631Z","times_seen":8612,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"47da56a2bfe0828f637be6415200904a","sha1":"e2cd440b257e827cf3608ef397451081d809c331","sha256":"a566430ac061e192f5e40d70252fdc6c66be0ea9b602bc304380929feb3584e4","sha512":"b1a98b157136e319f452b2294708336a26b7940771dd89187cfb24fc5ddd71361761302016c674edce27f9e6cd0700e92668c0f23bae5438843ede083b7fff74","ssdeep":"","tlshash":"9e214cd425abe56357ec4c579936baeb32b38876d08e7b0387e4b90e06d8207cc9584c","size":1191,"data":"","first_seen":"2023-03-10T00:57:38Z","last_seen":"2026-05-04T09:24:41.65713Z","times_seen":5563,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"f0ffd3b7c2574ac324603ed00488c850","sha1":"623e76c36aa2a886542011e28412cc761d7ceb01","sha256":"c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154","sha512":"436f9fb4816f6975fec0d965dfc0db4c3c38c53632dd4dc99a6c1a2dd9562fbd67176d0118549ff573c97e3394bad4d601c425cf670acab249ebc8d260591fa2","ssdeep":"","tlshash":"1540000003c00000300000c0000000000003c00000000000c000000000c00000300030","size":7,"data":"","first_seen":"2023-03-07T01:03:35Z","last_seen":"2026-05-04T15:45:46.942699Z","times_seen":68851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-ec39dc02.4785a9e7.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"45feb0800b9c6664405cbf485590572e","sha1":"03685c8d40637e825c8f86051a59b6d8b941966e","sha256":"5c2f9f15880f8991de20b791beee866e6548591d7d2cd94db0d4fe4d606a35ad","sha512":"0b977efad4a347120dc9e44db4e709130348a634b59d7f4fe75c0a971e84f4a1c767bcdea4f572bcbd79b2e91997d2292ebf37a9b7c02e8765aaa5736a096df3","ssdeep":"","tlshash":"225134407e8479dc13cf57361e2771def82a8c6a34948441e17099713a1e51bc7e2b39","size":2676,"data":"","first_seen":"2025-10-25T06:59:34.68957Z","last_seen":"2025-10-28T13:33:25.833216Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-18ec333e.a207e0df.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"a43f80d9c456c29c87f2ef8a9ec4196c","sha1":"5ab519837ad2c4a022c72cf408d3a769bad53d53","sha256":"00621114f121883ab63482da8510a2d355f3f646fc2568fe933bc8d367aaff45","sha512":"071d38b1bdc0f7915630a5c1850fb4313c7855a8e2574f397898c6d2631207068a9e24881fcf18acaf667c6362f2720de548d39d82d3cdfa7d85800bca365a9f","ssdeep":"768:6ULQYcWJBvtbP8TSMOL4VIIOt97FZg9ZNwAtwoSRoUGnPK77v3IBT1BSg3J:XJB1ATSQoLIOpwHSg3J","tlshash":"72238e253ad2bc84159f0a67790ba5cfd83772bf6814858b9322fcd0f528609dba743d","size":45840,"data":"","first_seen":"2025-10-25T06:59:34.721176Z","last_seen":"2025-10-28T13:33:25.819512Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/home.3d1c40d7.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a2566eb82f74b9faa610ebf0cd7e6a1","sha1":"16b30e948aa3422c0603dce70a37474d59bce546","sha256":"43f48c7f378aa8d683373f1fe2780167532d2676509160e1183365189da240b6","sha512":"62c94c07e5ced5aa6f36721ba1ab7d1298a29486a977ed39d3085704dc86a97817fc20d32578d7dc00e475038327c849d81dc1031132d1a2245445da2a49e2ad","ssdeep":"6144:jRFReMTfijx/xlfkBJTh2J9f9Jss1wRBCneAy2MD4eBjiclLDKVQrNKzqhBt8:jvEQfijx/xlfkBJTh2J9f9msaRBCnxyG","tlshash":"ab74f91472a0f4a803875bba332f74eae81b085e3458494af135fc51e1e971beee553e","size":360851,"data":"","first_seen":"2025-10-25T06:59:34.699604Z","last_seen":"2025-10-28T13:33:25.844885Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/guagua.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"82bca47c3735cc1a21be2ea5fd3ac1f7","sha1":"a5e29189998e09335e478adb3fc6453d3a1424bd","sha256":"e23cc5fdf65147d0f21e27a726fc7d40ecede75a11e2a0ddd2eec84b90ebdb4c","sha512":"045f99f8948ccb1c0920fbffdf40a0593573e3773a56dede6e889276932878e2521bf6e4490047bf28f311270482f2483668f3ac9e17e822a8419dfb18efba94","ssdeep":"","tlshash":"e851421ebab7036844a7b15907ffb408f2f484175609ec093a1ed7491fa8c2a6572ef2","size":3118,"data":"","first_seen":"2023-03-14T19:58:23Z","last_seen":"2026-05-04T08:34:20.182336Z","times_seen":4891,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":true,"md5":"0dce2eae6b1a0fa004a253d10fbcf184","sha1":"df7f6c50a4a9642a59f78d811487d8000e5bfa63","sha256":"78ed228f2ef5aa010cc4fff60160bb882c9656bafd1eaffb869b7ad8743789b5","sha512":"af03790a449287913ea426bed12e1a437aa90db94dde8798b845b8c25ebe27eea5c18724e5052f8903d944dd92ca70095b6fa539b23381ebff533cb7bccc7bb6","ssdeep":"","tlshash":"fee0cd29577488f511dfb3bee78f9785357204cfb00425457e6c8f885f2093751a199a","size":314,"data":"","first_seen":"2023-04-17T02:00:03Z","last_seen":"2026-05-04T05:23:46.955073Z","times_seen":2794,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-libs.94dcaa4c.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7dcbec4368c39c2388e035791a60c3e9","sha1":"95038748e259b5d7350af4ae94ec7c4ff229a78a","sha256":"4464be9b66560089f94c25fe61aa6ec69dca60d02afe73340872b0e4cc7f56e3","sha512":"b5f8e5a9c4825e9c1e93f0b1303b2349f98f212b6e4e46f19c98ac223053d9dbc50f53f54c0f7b56604e7db7264754b29094f5fa3d1f577a6e729f95e8c46110","ssdeep":"24576:+xVcAINmEsTrITSq0r3ec+/WI8lbCXlqGJHfBp5LYcMC4K/7j:+WV","tlshash":"f185944473c0a88913d75fb6731fb1d6f41e08af3d59488be211fca066a562bfae1931","size":1753817,"data":"","first_seen":"2025-10-25T06:59:34.732851Z","last_seen":"2025-10-28T13:33:25.858071Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2935868","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.197","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e37138d619d162c07ec319f394979e5","sha1":"d0eeddeecb8b2ba5a2d293b495ef81f6b3df8103","sha256":"de1b1412257aec714dfc50b49e249f925197647dddef3d178ba791612ffc38a2","sha512":"34a91174fe301d3ba732b7f2d9ea39045343be849befcd3d50f20e17fd9302c9b1d85e59accae3f02d9881cda5768e04c9a2045d3296c8b1ee1bbc411c9819b4","ssdeep":"12288:xWHScRo5KuiykhWGajMXiPafixLRdGUN0ZinzYybkZhd1Bp8XXCFK2STS81cts6Z:A0RdGUNQin0ybkZhd1B6XXCFK2STS81S","tlshash":"ffd4b360afc0641d22d74b37722b66dce8570977b940c4679114ff6caaa3729fea8c31","size":631406,"data":"","first_seen":"2025-08-11T01:40:48.887978Z","last_seen":"2026-05-04T09:24:41.645306Z","times_seen":3227,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-10-26","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2935868","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/aes.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"2467c9934de1a26061318afc2b701cf5","sha1":"0690894ef7838d1dcfc5c31d8edcd66f13a6c680","sha256":"8ae8d4c89096b1e346a6957933c2597548dd65fd35cd43e71b1599c2323e288a","sha512":"e95f1a95c56f1aca76a4534eb74e4062920d5b05e199f7a12f694327738cc4dc91e12c0ab294aa2ef1e4ace16200d1c11fe42d50c49d56984c609fd157b29329","ssdeep":"","tlshash":"fc814de565b3a08767bc4c439eccbfae10675523b084b24bdbf4face105814bd998984","size":3943,"data":"","first_seen":"2023-03-10T00:57:38Z","last_seen":"2026-05-04T09:24:41.622318Z","times_seen":5621,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/mdmin.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"3bc01d96e978a3e7212446842937a8c6","sha1":"8a59dcd5bf49df1aae5218f40fb2801d2c41bb15","sha256":"52afefc68cd389273883a5ac6a08c8fc1b91f4b1159e85da357cb97328519fe4","sha512":"5ef5371d1378aee5ea90798577f7a720fec1ac90b9bd219dffd3035e557916324c910414496a5d861a7d3003471aca93c009a3d93c19505b3fca693297bdcabf","ssdeep":"","tlshash":"5871fe55e8a01c27b6ae699088dff8cbb134f844680d1c0172fb62deb594aff053989d","size":3735,"data":"","first_seen":"2023-03-14T19:58:23Z","last_seen":"2026-05-04T09:24:41.629558Z","times_seen":5235,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"f0ffd3b7c2574ac324603ed00488c850","sha1":"623e76c36aa2a886542011e28412cc761d7ceb01","sha256":"c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154","sha512":"436f9fb4816f6975fec0d965dfc0db4c3c38c53632dd4dc99a6c1a2dd9562fbd67176d0118549ff573c97e3394bad4d601c425cf670acab249ebc8d260591fa2","ssdeep":"","tlshash":"1540000003c00000300000c0000000000003c00000000000c000000000c00000300030","size":7,"data":"","first_seen":"2023-03-07T01:03:35Z","last_seen":"2026-05-04T15:45:46.942699Z","times_seen":68851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-vantUI.86105e3c.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"12ae793ad248aa1051009342d0d2f06f","sha1":"d39b1216f85091cc901a31db7bee5a1473a23e5d","sha256":"c31835569a9f12eec2edf400eaaa6d32ad9fd6ef359d9cc5c4732c3c8d1ee127","sha512":"098175695d60277d6803fece665ad75b2fedce50160150ccc711f8734108a5268f34bd011e456abf9a6bf17389e6dcbf952deec3ec0ebbd9cd1b589c7ea216e6","ssdeep":"6144:wrCEXFWlSF7Qq0l4d1tXEuVB72S2uCDEdIod:8Xsbtwt2Ed1","tlshash":"2974b54076c0b45d03975bb5722fb0daf02f086e384c489af171fc6496ad726eafa935","size":342784,"data":"","first_seen":"2025-10-25T06:59:34.716646Z","last_seen":"2025-10-28T13:33:25.83619Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-77825824.b904e45e.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac6b2d7b8d75fa2a65f7149348f2f217","sha1":"027aad91389ff2ffa25485cfef71a915023a3082","sha256":"7f89df50c5ba1300c5d2ccc3a28124bc72cfca0d12373bac899df95bfac6953f","sha512":"54aed81a835f9f44c2fd58817eab0157b594e6d357c5e4ddca2a8c45c6bf8e5b7b5f03607a2a13b671b9a414472f5d9372c26d2de6a87068df254bf62384fc7c","ssdeep":"384:WiuOsgqFTmzOSSsZyKCSsXusme4z+3Y4hCOJq/:ZuOsgqFTAOOj83C/","tlshash":"35a2b6541f84b0f81b834f76322bb4a5e14740593c788787f139ea14abd8726ebe563e","size":22538,"data":"","first_seen":"2025-10-25T06:59:34.695172Z","last_seen":"2025-10-28T13:33:25.828205Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.dun.163.com/api/v2/getconf?referer=https%3A%2F%2Fdmg16.jkchdu.com%2Fregister\u0026zoneId=\u0026id=ccd7870d2f7145d3bdb62ff3e03712b6\u0026ipv6=false\u0026runEnv=10\u0026iv=5\u0026loadVersion=2.5.3\u0026callback=__JSONP_86zvvfh_0","fqdn":"c.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"72600ae0a79d541d5e7ee017bb52ba84","sha1":"0ac65441249a7bb063705aac51c4ce29423e5d88","sha256":"db7d7b51be8dbef829f9f81cd51e7681051765945b8866c65caeb3c3540623ed","sha512":"d4b0ec440842ff1d7724159d1745ccbaf74ee03b54d0753d7410e3bf3b904ad560921f63405cfe742e56b2640a192cce0748fd08f31f6454eab50d6230f39c68","ssdeep":"","tlshash":"5701410d016888bd8c96c9c8aa091c016b34e472bf29fb4ecb165846c36e3bc234389b","size":811,"data":"","first_seen":"2025-10-26T23:28:29.891687Z","last_seen":"2025-10-26T23:28:29.891687Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"eval","is_inline":false,"md5":"f0ffd3b7c2574ac324603ed00488c850","sha1":"623e76c36aa2a886542011e28412cc761d7ceb01","sha256":"c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154","sha512":"436f9fb4816f6975fec0d965dfc0db4c3c38c53632dd4dc99a6c1a2dd9562fbd67176d0118549ff573c97e3394bad4d601c425cf670acab249ebc8d260591fa2","ssdeep":"","tlshash":"1540000003c00000300000c0000000000003c00000000000c000000000c00000300030","size":7,"data":"","first_seen":"2023-03-07T01:03:35Z","last_seen":"2026-05-04T15:45:46.942699Z","times_seen":68851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/app.0b06cdd1.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4efc3538d909549dd32673794269320","sha1":"1fa9cb9bed9c08d449a0f3885d2c142f748aa82c","sha256":"9ce3c69eb17406fe751e4564592e512e7f79bec99b43b5f50877319b6e06a842","sha512":"8843c4efe5ad4fe7ce25b8bb856adcf02c7f6f5d19306a4130bff0a364a8d6a8414e8d9655b5187f95ef7eca2496770858bdb19d3e7cfcf04f6eeb5edc40ba30","ssdeep":"12288:trRMSdJhZ96WbDJEpuT8scoupgO5cdfk7osWCk7Cpo608R/cGeFrnZ3HNNViyTsi:taS3hb6WZEb1c//608aTs/l+GrG","tlshash":"ec85d74477c0a89903979bbb732fb0d9f46b08af3994498bf201fc6065a931bf9d5631","size":1765177,"data":"","first_seen":"2025-10-25T06:59:34.735978Z","last_seen":"2025-10-28T13:33:25.859194Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/token","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.052Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"OPTIONS /api/v1/token HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: n104-166-141-012.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 17615212776623e6a3c43535b177aadd83e3da0b06\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=422, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":2019,"timings":{"blocked":1,"dns":174,"connect":34,"send":0,"wait":458,"receive":0,"ssl":392},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/socketUrl","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"OPTIONS /api/v1/socketUrl HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: n104-166-141-012.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521277f1cff113c1b79b31a3deaf877c653c71\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=400, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":595,"timings":{"blocked":80,"dns":3,"connect":31,"send":0,"wait":433,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ir-sdk.dun.163.com/v4/j/up","fqdn":"ir-sdk.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"47.245.158.179","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dun.163.com","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 31 Dec 2024 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BE:6A:44:CA:C5:A7:6A:EE:B7:1C:6D:F4:2D:45:D4:20:E1:40:92:70","sha256":"0E:55:D9:9F:EE:9A:BA:3B:E2:46:3C:74:58:77:57:DA:81:2F:BC:96:FA:4F:34:DE:F4:54:F9:18:AD:39:6F:97"}}},"request":{"raw":"POST /v4/j/up HTTP/1.1\r\nHost: ir-sdk.dun.163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: text/plain\r\nContent-Length: 2078\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":202,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"17472fba4bf350cf68bdb580d80b1c80","sha1":"122366adced29be3e5cf37ddf601095e9fa4ef9b","sha256":"d6ea953cef008aaab5785756616d4ade4a8157aed423861586d0bee549cbe861","sha512":"8fbec01bdbec744e78a88401abb8be335c2790564f8a851fb6a5dc5ca4a6d5d2ceaf960fb8ecc64df0d8403ce36bd44c0a501664d52ef54b1496ed02226c6794","ssdeep":"","tlshash":"c3d0234aac6c0164c555938013ff353344b136635015dd04cdd47c644d154f90913c55","first_seen":"2025-10-26T23:28:29.847723Z","last_seen":"2025-10-26T23:28:29.847723Z","times_seen":1,"resource_available":false,"data":null}},"time_used":559,"timings":{"blocked":140,"dns":70,"connect":22,"send":0,"wait":277,"receive":2,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/mdmin.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /js/mdmin.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3735\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-e97\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04JlJ51:6 (W), 1.1 PSrdsdgemSTO1sw92:17 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_23029-53547\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3735,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3698)","md5":"3bc01d96e978a3e7212446842937a8c6","sha1":"8a59dcd5bf49df1aae5218f40fb2801d2c41bb15","sha256":"52afefc68cd389273883a5ac6a08c8fc1b91f4b1159e85da357cb97328519fe4","sha512":"5ef5371d1378aee5ea90798577f7a720fec1ac90b9bd219dffd3035e557916324c910414496a5d861a7d3003471aca93c009a3d93c19505b3fca693297bdcabf","ssdeep":"","tlshash":"5871fe55e8a01c27b6ae699088dff8cbb134f844680d1c0172fb62deb594aff053989d","first_seen":"2023-03-14T19:58:23Z","last_seen":"2026-05-04T09:24:41.629558Z","times_seen":5235,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":35,"dns":1,"connect":21,"send":0,"wait":246,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/chunk-ec39dc02.e9c40bbe.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/chunk-ec39dc02.e9c40bbe.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 2034\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:18 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-7f2\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59616\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_21841-52898\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2034,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2034), with no line terminators","md5":"7466a7fcbd2aa960e33d6ac2767bb3a5","sha1":"e664403a667e87584ed4c80b1d8729d999b9e07e","sha256":"83c8c841d0ff05a00bba1e8cd8ce624859445b316e46d1b212db0cb21ff48478","sha512":"d994b782bddb229b1e4e5436e83d91d8d108e877c0d9ca1b1db05ea6e86fc3e26caabe3badccb7c1dc859728a74c5f41c71bf11eb9e66d1990e7543b95034a41","ssdeep":"","tlshash":"da41ab271994a74db12bc9a12ee03f9c8a5cc407e1221e7cf62bf9f2560e089007a643","first_seen":"2024-06-21T07:57:57Z","last_seen":"2026-05-04T05:23:46.931362Z","times_seen":1335,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/img/loginBg.1373ac4a.png","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:55.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/img/loginBg.1373ac4a.png HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:55 GMT\r\nContent-Type: image/png\r\nContent-Length: 127820\r\nConnection: keep-alive\r\nExpires: Mon, 03 Nov 2025 22:38:44 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Wed, 17 Sep 2025 07:18:10 GMT\r\nETag: \"68ca60b2-1f34c\"\r\nCache-Control: max-age=2592000\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:13 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 1903751\r\nx-ws-request-id: 68feae7b_PSrdsdgemSTO1sw92_21841-52914\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":127820,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1242x2688, components 3","md5":"1373ac4ad7cd3d524cf4699a6a6d5734","sha1":"0f9aff6c2a5d4876b25a098b5d04c971f1bad6d3","sha256":"f43a66b61ff003bc77cd069b31bb174d9acac38356cc746d963d6604c884eee2","sha512":"9eb81d52d51cbd06b5789e5a05c28b47b24f864bbf234ff6b0069ecb30ed9777006edae21177efbe10a6d08fa9c1db912e907dd30b78c09816e65262722a49b7","ssdeep":"1536:kq/9Phcmzy2gZeVXopqD/uj8N/Leo8M0NpuWt4OmdqUN8l/PH01b6BVQPL2d7ET9:PEOpgsVXuqDOIe14KUiQ2eyhRjIHay","tlshash":"9cc30232db056a5bdf25a7b49dcb171c9723a07cd2a8466df81d0b3aa4c43783e882d5","first_seen":"2024-12-08T02:12:54.569716Z","last_seen":"2026-05-03T23:23:24.961515Z","times_seen":291,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/heartapi","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:55.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"OPTIONS /api/v1/heartapi HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: n104-166-141-002.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521276c6d2cd671182848b9c45b71de06e3c7b\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=422, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":1660,"timings":{"blocked":599,"dns":180,"connect":31,"send":0,"wait":456,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/socketUrl","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"OPTIONS /api/v1/socketUrl HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 dx10:1 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms dx10HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6476\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":712,"timings":{"blocked":55,"dns":1,"connect":26,"send":0,"wait":595,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tz.wx-gujdtq3.com/app/register.php?site_id=2228\u0026topId=1193503","fqdn":"tz.wx-gujdtq3.com","domain":"wx-gujdtq3.com","tld":"com"},"ip":{"addr":"8.214.162.128","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T23:27:51.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tz.wx-gujdtq3.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 20 Oct 2025 18:12:09 GMT","end":"Sun, 18 Jan 2026 18:12:08 GMT"},"fingerprint":{"sha1":"28:74:61:E3:39:8C:9C:45:E7:3F:95:D3:99:13:2A:67:79:61:BC:53","sha256":"8C:C2:58:B8:22:06:33:AC:C1:73:82:9B:23:96:0D:04:40:24:9E:77:B2:40:D3:88:3E:0C:3A:72:DF:31:31:CB"}}},"request":{"raw":"GET /app/register.php?site_id=2228\u0026topId=1193503 HTTP/1.1\r\nHost: tz.wx-gujdtq3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sun, 26 Oct 2025 23:27:52 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nx-powered-by: PHP/7.4.21\r\ncontent-length: 170\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP:7.4.21","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":188,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"34501df5310dcd32be7265fe142be5c2","sha1":"314f797825ef0f967dd65ccc439af68560146bdc","sha256":"06596bae736c247429198dcf0dc4fe5a97bead5d082d32acd1eda42a2e5272d9","sha512":"0e44ab91e2dfab8dbbb2c815857f80739dca58e8040a80359c6e200740d09eb2e577cdc49bdaaa4e82029bca4e9326a522ce9261ed48345f73a867d640b7eeab","ssdeep":"","tlshash":"4ac022eb4e01d18d87b224adce20f40c200a90a6ad48d4059182c880a68029b8b2a200","first_seen":"2025-10-26T23:28:29.866411Z","last_seen":"2025-10-26T23:28:29.866411Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1515,"timings":{"blocked":638,"dns":266,"connect":182,"send":0,"wait":238,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/guagua.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /js/guagua.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3118\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-c2e\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:14 (W), 1.1 PSrdsdgemSTO1sw92:5 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_19080-64978\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3118,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"82bca47c3735cc1a21be2ea5fd3ac1f7","sha1":"a5e29189998e09335e478adb3fc6453d3a1424bd","sha256":"e23cc5fdf65147d0f21e27a726fc7d40ecede75a11e2a0ddd2eec84b90ebdb4c","sha512":"045f99f8948ccb1c0920fbffdf40a0593573e3773a56dede6e889276932878e2521bf6e4490047bf28f311270482f2483668f3ac9e17e822a8419dfb18efba94","ssdeep":"","tlshash":"e851421ebab7036844a7b15907ffb408f2f484175609ec093a1ed7491fa8c2a6572ef2","first_seen":"2023-03-14T19:58:23Z","last_seen":"2026-05-04T08:34:20.182336Z","times_seen":4891,"resource_available":true,"data":null}},"time_used":340,"timings":{"blocked":36,"dns":1,"connect":20,"send":0,"wait":251,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/heartapi","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:55.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"OPTIONS /api/v1/heartapi HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 x179:7 (W), 1.1 bl21:5 (W)\r\nX-Px: ms bl21CDG, ms x179HKG(origin)\r\nx-ws-request-id: 68feae7b_bl21_16858-2161\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":1050,"timings":{"blocked":214,"dns":150,"connect":27,"send":0,"wait":622,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/ir.2.0.10.min.js?v=29358687","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.195","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:56.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.126.net","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Dec 2024 00:00:00 GMT","end":"Fri, 05 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"30:5C:D3:4E:23:AA:39:FF:39:07:86:35:9F:B4:8D:C4:81:28:72:6C","sha256":"06:50:53:EA:17:C7:00:F4:0E:28:29:EF:5A:92:76:B8:B6:DD:50:EB:47:3E:85:05:BB:C8:7F:84:AF:21:D3:14"}}},"request":{"raw":"GET /ir.2.0.10.min.js?v=29358687 HTTP/1.1\r\nHost: cstaticdun.126.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 41204\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 13:36:33 GMT\r\nTiming-Allow-Origin: *\r\nCache-Control: max-age=43200\r\nExpires: Wed, 01 Oct 2025 01:41:33 GMT\r\nVia: ens-cache25.l2nu20-20[54,54,304-0,H], ens-cache8.l2nu20-20[56,0], ens-cache28.l2hk11[0,0,304-0,H], ens-cache19.l2hk11[1,0], ens-cache16.l2de4[0,0,304-0,H], ens-cache5.l2de4[0,0], ens-cache19.fr4[0,0,200-0,H], ens-cache17.fr4[1,0]\r\nContent-Encoding: gzip\r\nLast-Modified: Mon, 04 Aug 2025 06:16:40 GMT\r\nVary: Accept-Encoding\r\nAge: 35483\r\nAli-Swift-Global-Savetime: 1761485793\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 26 Oct 2025 13:36:34 GMT\r\nX-Swift-CacheTime: 43199\r\ncdn-user-ip: 91.90.42.154\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS,HEAD\r\nAccess-Control-Allow-Origin: *\r\ncdn-source: ali\r\nAccess-Control-Allow-Headers: *\r\ncdn-ip: 47.246.50.195\r\nEagleId: 2ff632a517615212764161344e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":98563,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32020)","md5":"05aa39cef9ae9940d13c744af73c1225","sha1":"0f9b8ef16b9a0e8adffda962f4e1e53d82182729","sha256":"4cf09ec09e25415ceda63117f73fea342fbdba99fe961a4798c4b219084b80b9","sha512":"acf542f1079b4c50065a48bdc5db476fc5645e4d84128b8a0f1648e83ded13ae09a9ec66cd8fa9c93b01715c3c231fd6fb51cbf957fb450ecfa5c11e8b8a7e2c","ssdeep":"1536:JbU2w5q3TYqoKg18Twg+8jJXOYakBGvwT9k:Jbg0MK7F+8jJlkvQk","tlshash":"50a3e6d9b5c2b066131b6532023f102b352e5ed6791e9580d533a2993d3c37ee1abfac","first_seen":"2025-03-03T01:23:51.737737Z","last_seen":"2026-01-26T03:29:20.135965Z","times_seen":4540,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":12,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/token","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"OPTIONS /api/v1/token HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 x176:9 (W), 1.1 bl21:8 (W)\r\nX-Px: ms bl21CDG, ms x176HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17247-4833\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":2190,"timings":{"blocked":-1,"dns":155,"connect":27,"send":0,"wait":677,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/media/zhuotou.626d5968.mp3","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/media/zhuotou.626d5968.mp3 HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: audio/mpeg\r\nContent-Length: 28303\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-6e8f\"\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:2 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59616\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_21841-52905\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28303,"size_decoded":0,"mime_type":"audio/mpeg","magic":"Audio file with ID3 version 2.4.0, contains: MPEG ADTS, layer III, v1, 320 kbps, 44.1 kHz, Stereo","md5":"626d5968003d0c048c60a416db330734","sha1":"fa0d25aaf6e5224ead306cf8d4a1be73f7159807","sha256":"d34828b840bfb65c21195f1278e6bbb75cb0752e5d59fa1b5510a7a0410eab65","sha512":"922474bc3c3869ae61752e592f059f8f0c2bfe5254777f6841f272f4e0cd382193b7da5ca066af94954217e31b2f0d3bdb2c3d59209b0f529ca0eaace1eb0bc0","ssdeep":"384:hrwNHg+DXA5Xk1j78ngukRsVSQCyrp7v2MteHlp8ld4WH86DXqNmTPyVyk6FXJqP:6cSjQgDsVSQLOMQ/8li6D/OVi4A4nomX","tlshash":"b7d2d0004a553499f27a9b3fc9ab212d604ddd9b6f2710eae83cb2653176f43f0f095a","first_seen":"2023-04-09T06:30:49Z","last_seen":"2026-05-04T09:24:41.642417Z","times_seen":5157,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-26T23:27:52.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503 HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tz.wx-gujdtq3.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:52 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: W/\"68fb6cda-4b2b\"\r\nContent-Encoding: gzip\r\nvia: 1.1 PS-HKG-04JlJ51:0 (W), 1.1 PSrdsdgemSTO1sw92:15 (W)\r\nX-Px: ms PSrdsdgemSTO1sw92ARN, ms PS-HKG-04JlJ51HKG(origin)\r\nx-ws-request-id: 68feae78_PSrdsdgemSTO1sw92_22654-1083\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19243,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17424)","md5":"d445eae468df60c0fc7bf5a20f2190e3","sha1":"3057bbebd78cbac56904ba138f979d4ca4e4549d","sha256":"959f4033b1bddd8e9091abcec96edcaa6b760346bb8f0fc52f0a8c77edafd24b","sha512":"bffa4ee042d0a83868ee3437a702358b7b40307851b3d2a1377e5546a1e646369ad854ad6d74b3055fa7b26160279571247792f9d12008b4a4d0d9ce060d47e3","ssdeep":"192:tRsjiAxakCBT01V1KLMUj8pKN0/MvZw29vCro/tr1OOzaALH+nCL/nIfn+cM2lo3:0dP1qMUA8TZPCgjzaALHPDY+cM2lovvn","tlshash":"4882b572e384f87a1b516d5b705efba3549b26b37c30a9b4138d927497a08f8134bd07","first_seen":"2025-10-25T06:59:34.700998Z","last_seen":"2025-10-28T13:33:25.831987Z","times_seen":5,"resource_available":false,"data":null}},"time_used":655,"timings":{"blocked":194,"dns":146,"connect":21,"send":0,"wait":263,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/cry.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /js/cry.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 53519\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-d10f\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_21841-52881\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":53519,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8333)","md5":"21f7e297e083483ea77556009c9e4248","sha1":"323d86b1a0009d1d858c9cdeda17f1bd2ec2ba90","sha256":"60612b721712130e3bd32165a0687b262406772b80b848a91ee203a05b707a87","sha512":"16df416adc54fa4163cdb31b467a735bc4f76f2d30c563f664ab3aca78f2b968e8831664731447fe1ca63a03dda1f9ce07a456726c52739884c9debdfa2a3fd8","ssdeep":"768:fTd8ROKXlIEoLz23bhwV/1GVbmpRyet0uhzX3CM9OT81nLCK/r/AMD:fBVKELSLho9GVbiy00CrLWM","tlshash":"76332bc132a912a163a76490457f700bb06375b24b0de95cb55df8dcefeca9a8036e3d","first_seen":"2023-03-10T00:57:38Z","last_seen":"2026-05-04T08:33:47.55706Z","times_seen":3380,"resource_available":true,"data":null}},"time_used":296,"timings":{"blocked":22,"dns":1,"connect":8,"send":0,"wait":241,"receive":3,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/token","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.574Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"GET /api/v1/token HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: ZWPWBXqzdaqQ+XXjM4PlCQ==\r\ntimestamp: 1761521277039556\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=e43bd62eec66f66178a16b6dc7721fa8; path=/\r\nvia: n104-166-141-012.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 17615212771992d53dcea6c7810f104460fa44d77f\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=425, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3b1203a57e69a33efe1bd8e6eaa4ce57","sha1":"8c45743436831b437363da0960af86c915d1acf9","sha256":"2e5286b5c0975046dfa3df749bc2c1320b0fa3771277e8d12c72ba8d69b515ea","sha512":"90f9c6bacbff08e73950c52ef0320bdb3ac46d190bee6808906803489efdfa54d218158a83479c97db1a0e8f3af6cf3e195696d926e1070e2a6d3818c1cfd426","ssdeep":"","tlshash":"f4b0121e79d540331ddfa91b54171003904f2942d81143334e5e4c9181884b42201c1b","first_seen":"2025-10-26T23:28:29.873019Z","last_seen":"2025-10-26T23:28:29.873019Z","times_seen":1,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"ws.1ugqib.com:22228/","fqdn":"ws.1ugqib.com","domain":"1ugqib.com","tld":"com"},"ip":{"addr":"18.162.240.158","port":22228,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:28:03.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.1ugqib.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 16:01:57 GMT","end":"Sun, 28 Dec 2025 16:01:56 GMT"},"fingerprint":{"sha1":"D7:C5:96:CA:F6:B4:32:73:EB:08:3F:76:AA:F3:1E:A8:E5:D5:F3:D8","sha256":"61:64:13:8D:AE:44:40:74:92:1C:6F:2A:44:B7:37:47:57:34:FC:99:82:FF:52:2F:EA:3D:AD:46:49:AD:5C:3A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ws.1ugqib.com:22228\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://dmg16.jkchdu.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 6bwkIl2I2JYqF5Q1rcN5Eg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: x9eN0ynoSXz7ASNrSThNnjsWv1o=\r\nSec-WebSocket-Version: 13\r\nServer: swoole-http-server\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":973,"timings":{"blocked":0,"dns":1,"connect":321,"send":0,"wait":322,"receive":0,"ssl":329},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-ec39dc02.4785a9e7.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-ec39dc02.4785a9e7.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2676\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:54 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:34 GMT\r\nETag: \"68fb6cf6-a74\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:15 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_22654-1116\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2676,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2676), with no line terminators","md5":"45feb0800b9c6664405cbf485590572e","sha1":"03685c8d40637e825c8f86051a59b6d8b941966e","sha256":"5c2f9f15880f8991de20b791beee866e6548591d7d2cd94db0d4fe4d606a35ad","sha512":"0b977efad4a347120dc9e44db4e709130348a634b59d7f4fe75c0a971e84f4a1c767bcdea4f572bcbd79b2e91997d2292ebf37a9b7c02e8765aaa5736a096df3","ssdeep":"","tlshash":"225134407e8479dc13cf57361e2771def82a8c6a34948441e17099713a1e51bc7e2b39","first_seen":"2025-10-25T06:59:34.68957Z","last_seen":"2025-10-28T13:33:25.833216Z","times_seen":5,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-bf2c2eb4.13af4e71.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-bf2c2eb4.13af4e71.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 27827\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:54 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:34 GMT\r\nETag: \"68fb6cf6-6cb3\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_21841-52899\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27827,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (27731), with no line terminators","md5":"6c170cbb63f5c10724f7bd807cf62238","sha1":"0ff35a7b81422f309b0c2bb15359978f81891b3e","sha256":"36a9335aa5fc8376533b3e08045441f5de5222879d8398f0ac0c58ef18769e41","sha512":"e28ae24028b6e4074178fe03b6d3bc77a6f89abcd9f14196a20a2c04359652c52980b3121624835ebd2a8f5eeccfeb1880c994b63119ecf30c93c9166be7cf98","ssdeep":"768:yLRGUPxicEcccFccccccCYGOiDXRHh8VjiBQgX0kexam6Q:eRRPuzex","tlshash":"cdc24a017790f0680753ed6b7627f0f9e83b08bd399826c6f035fb829a58f19a786175","first_seen":"2025-10-25T06:59:34.711024Z","last_seen":"2025-10-28T13:33:25.837123Z","times_seen":5,"resource_available":true,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/home.ff300815.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/home.ff300815.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 78290\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:18 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-131d2\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:4 (W), 1.1 PSrdsdgemSTO1sw92:5 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59616\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_19080-65003\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78290,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (65536), with no line terminators","md5":"44d04c051fd41b8b506a52b9301c6510","sha1":"a4059379644aa0a775c4fcd23cd27edf843f55f7","sha256":"4fc7e3b457dbadbd54cc705923a1d07c59966baa5a892162be79b2c49cce9c09","sha512":"397a1f410f4e37d67b6c4053ec20759ee23b3c56e2110a6569986bf6ebc51d58c69b78f874cdb76dcbf7b80db71c38abd09c7b115afc299ee59b3afc24dbb4b8","ssdeep":"768:bK6I8pXLS6I8pXaYOJ7TkbTVh/lK7JClcxNT7xAhGnRq0tlQecvQ0Ghs0QfkzF0g:btFV2mHWcAMk6JvGks","tlshash":"6a73b63f70982708f83bcd823f596b9a8118d562d14627ec99572e25dfcb78319b138e","first_seen":"2025-08-28T00:23:13.664053Z","last_seen":"2025-12-10T11:56:46.674051Z","times_seen":197,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":48,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/heartapi","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:55.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"OPTIONS /api/v1/heartapi HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 PS-000-01aUa12:6 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01aUa12HKG(origin)\r\nx-ws-request-id: 68feae7b_bl21_17092-6447\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":1052,"timings":{"blocked":210,"dns":149,"connect":27,"send":0,"wait":628,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/token","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"GET /api/v1/token HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntimestamp: 1761521276985680\r\ntoken: UpxWwlogXepsh5JDNTuGvQ==\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=9786f122a75ebb9c7110fb7def692618; path=/\r\nvia: 1.1 x179:7 (W), 1.1 bl21:5 (W)\r\nX-Px: ms bl21CDG, ms x179HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_16858-2225\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c8edf4bee7dfcd3ac7290ea2d5a87a79","sha1":"4d903d25a575ea51019073b58ece3dfbb32b3327","sha256":"40e8ec9ed6e4e597ecb7dc836984e82c0ac7b639cf9278e9d4a76015a1f02da1","sha512":"d27f2250528c89d3dfe5752646070ea26e4e3722cacdb6cffeaed8f887599954434556b3ff59da03e6425e3bad62b0a462302f57beab873afb4f5816fc3ce241","ssdeep":"","tlshash":"0fb0125a5f26c2371e4b42072907ca03518f7184592103208b6d85b4028816c0649c6b","first_seen":"2025-10-26T23:28:29.879006Z","last_seen":"2025-10-26T23:28:29.879006Z","times_seen":1,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.dun.163.com/api/v3/get?referer=https%3A%2F%2Fdmg16.jkchdu.com%2Fregister\u0026zoneId=CN31\u0026dt=U1JATc%2FeE8BBVlQFUUaWzRxM5sfSNynp\u0026id=ccd7870d2f7145d3bdb62ff3e03712b6\u0026fp=Kz4%2FEae0VYSu185%5C87SzaMgotGzrTQqWeJAh7a8eBgR5UMhC%2FpqULE56Mxp0TTzaQcVZX7%5CR2rCmgETPDiCkTkkxx0GgKq7cAHU5lZ3VjPAyg%2BHsTdRrQh3q%5CGveAZyLsOKx%2Fl1N4rloRcQ0%2F1ioJIN6eqQ%2FEhVzqA1gYtDDnDiCwD1g%3A1761522177085\u0026https=true\u0026type=\u0026width=\u0026sizeType=undefined\u0026version=2.28.5\u0026dpr=1\u0026dev=1\u0026cb=lAWi%2FywZ9DsgdEyWfwihB92kUcqT%2BC3Qpcwl09N56lw39nAtLkmLEvDMHxuaX1WMk8RDLjowR%2FctbNoPN6RnidSdj%2Ff7\u0026ipv6=false\u0026runEnv=10\u0026group=\u0026scene=\u0026sdkVersion=\u0026loadVersion=2.5.3\u0026iv=4\u0026user=\u0026irToken=7xJYNxg1DiZBNkRVFFOHyQgIppKW2Z05\u0026smsVersion=v3\u0026callback=__JSONP_mpq92ss_0","fqdn":"c.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dun.163.com","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 31 Dec 2024 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BE:6A:44:CA:C5:A7:6A:EE:B7:1C:6D:F4:2D:45:D4:20:E1:40:92:70","sha256":"0E:55:D9:9F:EE:9A:BA:3B:E2:46:3C:74:58:77:57:DA:81:2F:BC:96:FA:4F:34:DE:F4:54:F9:18:AD:39:6F:97"}}},"request":{"raw":"GET /api/v3/get?referer=https%3A%2F%2Fdmg16.jkchdu.com%2Fregister\u0026zoneId=CN31\u0026dt=U1JATc%2FeE8BBVlQFUUaWzRxM5sfSNynp\u0026id=ccd7870d2f7145d3bdb62ff3e03712b6\u0026fp=Kz4%2FEae0VYSu185%5C87SzaMgotGzrTQqWeJAh7a8eBgR5UMhC%2FpqULE56Mxp0TTzaQcVZX7%5CR2rCmgETPDiCkTkkxx0GgKq7cAHU5lZ3VjPAyg%2BHsTdRrQh3q%5CGveAZyLsOKx%2Fl1N4rloRcQ0%2F1ioJIN6eqQ%2FEhVzqA1gYtDDnDiCwD1g%3A1761522177085\u0026https=true\u0026type=\u0026width=\u0026sizeType=undefined\u0026version=2.28.5\u0026dpr=1\u0026dev=1\u0026cb=lAWi%2FywZ9DsgdEyWfwihB92kUcqT%2BC3Qpcwl09N56lw39nAtLkmLEvDMHxuaX1WMk8RDLjowR%2FctbNoPN6RnidSdj%2Ff7\u0026ipv6=false\u0026runEnv=10\u0026group=\u0026scene=\u0026sdkVersion=\u0026loadVersion=2.5.3\u0026iv=4\u0026user=\u0026irToken=7xJYNxg1DiZBNkRVFFOHyQgIppKW2Z05\u0026smsVersion=v3\u0026callback=__JSONP_mpq92ss_0 HTTP/1.1\r\nHost: c.dun.163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nP3P: CP=\"CAO PSA OUR\"\r\nSet-Cookie: _ga=GA.1.2c3ff751ff0b1.204a4f1783abcbbd6a1a\r\nTiming-Allow-Origin: *\r\nCache-Control: no-store\r\nX-Via: CN31,CN31\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":151,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"88c481badea4520fac120d793ab57c63","sha1":"19226e9de92c816c6cbdacb7a88c715ba9ff688c","sha256":"b6b3556e5382508f75729ad74a0f1a674b5c38623bbc1a2fffe99da2968cc0a3","sha512":"c693dcd631ee3c6f16fb21216cf9ffd1c32133024b03f803bba880c3d299b80dff51791ccd1fb58a6ba1a295d74b85d0e141401d5a54a7077bf1675065b7b162","ssdeep":"","tlshash":"9ac02b0f939cfc730c40c108084a880d872ff457c45f8643b0cf2ca2470c5f95308919","first_seen":"2025-10-26T23:28:29.881122Z","last_seen":"2025-10-26T23:28:29.881122Z","times_seen":1,"resource_available":true,"data":null}},"time_used":316,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/captcha?timestamp=1761521278035684\u0026token=762%2BEzkzYDFNYZGaqOOiiHidFZGjHOF6pO6BxWcdJNacYkA6b8Tmlxx93yYN9FQb\u0026device=h5","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:58.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"GET /api/v1/captcha?timestamp=1761521278035684\u0026token=762%2BEzkzYDFNYZGaqOOiiHidFZGjHOF6pO6BxWcdJNacYkA6b8Tmlxx93yYN9FQb\u0026device=h5 HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: image/png; charset=utf-8\r\nContent-Length: 1656\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: *\r\nSet-Cookie: HTTP_TOKEN=e43bd62eec66f66178a16b6dc7721fa8; path=/\r\nvia: n104-166-141-002.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521278d9a40b467cadff306362c82d149caff9\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=494, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":1656,"size_decoded":0,"mime_type":"image/png; charset=utf-8","magic":"PNG image data, 200 x 62, 8-bit colormap, non-interlaced","md5":"257d744fde36fbc268183305d2556e84","sha1":"fb86dd774d543482ad83d33e0bed3c85b37f914f","sha256":"e37e7b85a1d551e4ab3a7cffa302ad34e0a9ef77335158817938bc9b23054c90","sha512":"7f074518f813f55ab023cdf353db352476103ed43578ef169669b23414736057d47f09ebbc90ae4c79a76b7aa225c0f34b54a61c38457762f59daf821219a8fb","ssdeep":"","tlshash":"8d310c23cd91b5ab667bd3bf5b750884c8684fa2031587d714e71d4f52a677704e4202","first_seen":"2025-10-26T23:28:29.882998Z","last_seen":"2025-10-26T23:28:29.882998Z","times_seen":1,"resource_available":false,"data":null}},"time_used":684,"timings":{"blocked":77,"dns":0,"connect":33,"send":0,"wait":530,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"ws.1ugqib.com:22228/","fqdn":"ws.1ugqib.com","domain":"1ugqib.com","tld":"com"},"ip":{"addr":"18.162.240.158","port":22228,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:58.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.1ugqib.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 16:01:57 GMT","end":"Sun, 28 Dec 2025 16:01:56 GMT"},"fingerprint":{"sha1":"D7:C5:96:CA:F6:B4:32:73:EB:08:3F:76:AA:F3:1E:A8:E5:D5:F3:D8","sha256":"61:64:13:8D:AE:44:40:74:92:1C:6F:2A:44:B7:37:47:57:34:FC:99:82:FF:52:2F:EA:3D:AD:46:49:AD:5C:3A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ws.1ugqib.com:22228\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://dmg16.jkchdu.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: TwJ9G67Y0M5OhM9GSv9FXw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: wm88DxDNL+OlPSMINsv4ChkzS1w=\r\nSec-WebSocket-Version: 13\r\nServer: swoole-http-server\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":996,"timings":{"blocked":0,"dns":0,"connect":328,"send":0,"wait":329,"receive":0,"ssl":338},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/home.3d1c40d7.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/home.3d1c40d7.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 360851\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:54 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:46 GMT\r\nETag: \"68fb6d02-58193\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04JlJ51:6 (W), 1.1 PSrdsdgemSTO1sw92:5 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_19080-65005\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":360851,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (65020), with no line terminators","md5":"6a2566eb82f74b9faa610ebf0cd7e6a1","sha1":"16b30e948aa3422c0603dce70a37474d59bce546","sha256":"43f48c7f378aa8d683373f1fe2780167532d2676509160e1183365189da240b6","sha512":"62c94c07e5ced5aa6f36721ba1ab7d1298a29486a977ed39d3085704dc86a97817fc20d32578d7dc00e475038327c849d81dc1031132d1a2245445da2a49e2ad","ssdeep":"6144:jRFReMTfijx/xlfkBJTh2J9f9Jss1wRBCneAy2MD4eBjiclLDKVQrNKzqhBt8:jvEQfijx/xlfkBJTh2J9f9msaRBCnxyG","tlshash":"ab74f91472a0f4a803875bba332f74eae81b085e3458494af135fc51e1e971beee553e","first_seen":"2025-10-25T06:59:34.699604Z","last_seen":"2025-10-28T13:33:25.844885Z","times_seen":5,"resource_available":true,"data":null}},"time_used":644,"timings":{"blocked":84,"dns":0,"connect":0,"send":0,"wait":494,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/heartapi","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:56.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"GET /api/v1/heartapi HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: 5z4kei9H9Q/7N0TXCEW/hA==\r\ntimestamp: 1761521275475189\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=1d995fcf0a4cb5db6ec3b21480827dea; path=/\r\nvia: 1.1 x179:7 (W), 1.1 bl21:5 (W)\r\nX-Px: ms bl21CDG, ms x179HKG(origin)\r\nx-ws-request-id: 68feae7c_bl21_16858-2182\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":33,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0ebf4114050bb071b44cb42510829c82","sha1":"bf83acc9dcc2e331bd68dc117852a10e80638f6f","sha256":"7c85a4d0512fff34a3f642753a26eae9880d017509faba3e576b8efc8c5d860d","sha512":"8e751e7770b24321b6a5cbf552d34fc46be71be25c1fb59f2de0b3d88dd47394e3147108d0c8c79b5314f03eb3c55b17975c54fdac5d782af8597b276e2a8aef","ssdeep":"","tlshash":"fa8000032c0c8023a8030088230f2b2800e832a0000803208cacbe3280382b02200c3e","first_seen":"2023-04-17T02:00:03Z","last_seen":"2026-05-04T05:23:46.936887Z","times_seen":1700,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/heartapi","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:56.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"GET /api/v1/heartapi HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: WTAIyudfh1KahXqvr0p3bw==\r\ntimestamp: 1761521275479739\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=7e302079b40cc1cd06a42c2b35080c7a; path=/\r\nvia: 1.1 PS-000-01aUa12:6 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01aUa12HKG(origin)\r\nx-ws-request-id: 68feae7c_bl21_17092-6458\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":33,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0ebf4114050bb071b44cb42510829c82","sha1":"bf83acc9dcc2e331bd68dc117852a10e80638f6f","sha256":"7c85a4d0512fff34a3f642753a26eae9880d017509faba3e576b8efc8c5d860d","sha512":"8e751e7770b24321b6a5cbf552d34fc46be71be25c1fb59f2de0b3d88dd47394e3147108d0c8c79b5314f03eb3c55b17975c54fdac5d782af8597b276e2a8aef","ssdeep":"","tlshash":"fa8000032c0c8023a8030088230f2b2800e832a0000803208cacbe3280382b02200c3e","first_seen":"2023-04-17T02:00:03Z","last_seen":"2026-05-04T05:23:46.936887Z","times_seen":1700,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/webconfig","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"OPTIONS /api/v1/webconfig HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 x179:7 (W), 1.1 bl21:5 (W)\r\nX-Px: ms bl21CDG, ms x179HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_16858-2199\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/socketUrl","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"OPTIONS /api/v1/socketUrl HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 dianxun178:14 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms dianxun178HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6474\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":922,"timings":{"blocked":62,"dns":1,"connect":28,"send":0,"wait":796,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/token","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"OPTIONS /api/v1/token HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 PS-000-01BRE13:10 (W), 1.1 bl21:7 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01BRE13HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17189-9506\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":937,"timings":{"blocked":59,"dns":1,"connect":26,"send":0,"wait":816,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/token","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"GET /api/v1/token HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: Cmqq0UD0WHkYK8V6Cwth2A==\r\ntimestamp: 1761521276990775\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=17dc6dfb69805bb07ed553a8580ff8f3; path=/\r\nvia: 1.1 dianxun178:14 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms dianxun178HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6512\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"4c161cf14d0941a6988f52b8a49ad5a0","sha1":"b00a35c680064fa3806446d25fadb76ceb119cc8","sha256":"d0a94958c72fb20699444dc27ba59104259f1f9f20595a10595908773db1dee5","sha512":"5ca9628969766b2ef75fef8858e688c1dafe2a9e9592b977cf1e95d03488d5e1057571de1f24f4a701879e026dd92e85241a2231cfd3019350c21d8443fdfc5b","ssdeep":"","tlshash":"9fb0124e1da6c8331d8b45065a1e0617924ab0545c2113118e5e9c505084a380319c29","first_seen":"2025-10-26T23:28:29.887045Z","last_seen":"2025-10-26T23:28:29.887045Z","times_seen":1,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-vantUI.86105e3c.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-vantUI.86105e3c.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 342784\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:44 GMT\r\nETag: \"68fb6d00-53b00\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:10 (W), 1.1 PSrdsdgemSTO1sw92:9 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_20607-59948\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":342784,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"12ae793ad248aa1051009342d0d2f06f","sha1":"d39b1216f85091cc901a31db7bee5a1473a23e5d","sha256":"c31835569a9f12eec2edf400eaaa6d32ad9fd6ef359d9cc5c4732c3c8d1ee127","sha512":"098175695d60277d6803fece665ad75b2fedce50160150ccc711f8734108a5268f34bd011e456abf9a6bf17389e6dcbf952deec3ec0ebbd9cd1b589c7ea216e6","ssdeep":"6144:wrCEXFWlSF7Qq0l4d1tXEuVB72S2uCDEdIod:8Xsbtwt2Ed1","tlshash":"2974b54076c0b45d03975bb5722fb0daf02f086e384c489af171fc6496ad726eafa935","first_seen":"2025-10-25T06:59:34.716646Z","last_seen":"2025-10-28T13:33:25.83619Z","times_seen":5,"resource_available":true,"data":null}},"time_used":308,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":243,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/chunk-commons.4090003f.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/chunk-commons.4090003f.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 45785\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:17 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-b2d9\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:10 (W), 1.1 PSrdsdgemSTO1sw92:9 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59617\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_20607-59971\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45785,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (45785), with no line terminators","md5":"fe1aea66a7e6a90519eb33faffa80618","sha1":"177687a3d5b848618949c3691af065065708dc2c","sha256":"77fdf220b0ad1c3312468895c90d2d87c5bd655eefbd3428bac8e51c5d99128f","sha512":"4b3817f367ccae1f4cbf1ec4d9eac8a89daa0004359a543e3fd91060c83b5838b1f144034193cc5f41924c6c1e0a46393caff4c562db7616b051beb5b35eccf3","ssdeep":"768:kNq9Seg5tmQVVMA3x6tS8azNCU+Ib7fcx2Vok3eD0bW2nLP0nxVk67GI:eutczNCU+Ib7fcxi0nXF3","tlshash":"af23b337e1d92709a433cc912f686e969d04eea7808647f4d9036e31cfdb5472ea2789","first_seen":"2024-12-08T01:07:24.070638Z","last_seen":"2026-05-04T05:23:46.949559Z","times_seen":950,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-commons.f822c471.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.349Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-commons.f822c471.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 88245\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:54 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:34 GMT\r\nETag: \"68fb6cf6-158b5\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:2 (W), 1.1 PSrdsdgemSTO1sw92:7 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_19853-63121\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":88245,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64535), with no line terminators","md5":"1ac9531751a8d1f6ca135c95072db1e2","sha1":"8479d53234992467ed185aae1fe82e09ea2d56b5","sha256":"7491136a1ccd319d6eb884af83ab6561883fab167ed36d1c8ae95e3afd8860ba","sha512":"d5c64b10b38de15dc0cf7d2f474986b235f95ebd298fe8d868690bc619fb85ebc26882b13de8381c2f724f432278a32748a7d54e8e0814e67ce0e9d0026b9853","ssdeep":"768:m3kqo/ruII69mlelG9LSsnBcETgfpfUtX3ULnt1fwG2rQex1v1CjMYjQfE2BFqdI:lTlILpUMYjgQdpziTMciMH+acPJtv2eg","tlshash":"f783850526e4a6ec17875f75322ab0fce1271d5a3448084ee334bc64a67563faff2639","first_seen":"2025-10-25T06:59:34.709941Z","last_seen":"2025-10-28T13:33:25.849066Z","times_seen":5,"resource_available":true,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-18ec333e.a207e0df.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-18ec333e.a207e0df.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 45840\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:54 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:20 GMT\r\nETag: \"68fb6ce8-b310\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04JlJ51:6 (W), 1.1 PSrdsdgemSTO1sw92:17 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_23029-53577\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45840,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (45840), with no line terminators","md5":"a43f80d9c456c29c87f2ef8a9ec4196c","sha1":"5ab519837ad2c4a022c72cf408d3a769bad53d53","sha256":"00621114f121883ab63482da8510a2d355f3f646fc2568fe933bc8d367aaff45","sha512":"071d38b1bdc0f7915630a5c1850fb4313c7855a8e2574f397898c6d2631207068a9e24881fcf18acaf667c6362f2720de548d39d82d3cdfa7d85800bca365a9f","ssdeep":"768:6ULQYcWJBvtbP8TSMOL4VIIOt97FZg9ZNwAtwoSRoUGnPK77v3IBT1BSg3J:XJB1ATSQoLIOpwHSg3J","tlshash":"72238e253ad2bc84159f0a67790ba5cfd83772bf6814858b9322fcd0f528609dba743d","first_seen":"2025-10-25T06:59:34.721176Z","last_seen":"2025-10-28T13:33:25.819512Z","times_seen":5,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.dun.163.com/api/v2/getconf?referer=https%3A%2F%2Fdmg16.jkchdu.com%2Fregister\u0026zoneId=\u0026id=ccd7870d2f7145d3bdb62ff3e03712b6\u0026ipv6=false\u0026runEnv=10\u0026iv=5\u0026loadVersion=2.5.3\u0026callback=__JSONP_86zvvfh_0","fqdn":"c.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"8.211.22.79","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:55.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dun.163.com","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 31 Dec 2024 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BE:6A:44:CA:C5:A7:6A:EE:B7:1C:6D:F4:2D:45:D4:20:E1:40:92:70","sha256":"0E:55:D9:9F:EE:9A:BA:3B:E2:46:3C:74:58:77:57:DA:81:2F:BC:96:FA:4F:34:DE:F4:54:F9:18:AD:39:6F:97"}}},"request":{"raw":"GET /api/v2/getconf?referer=https%3A%2F%2Fdmg16.jkchdu.com%2Fregister\u0026zoneId=\u0026id=ccd7870d2f7145d3bdb62ff3e03712b6\u0026ipv6=false\u0026runEnv=10\u0026iv=5\u0026loadVersion=2.5.3\u0026callback=__JSONP_86zvvfh_0 HTTP/1.1\r\nHost: c.dun.163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nContent-Type: application/javascript;charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nP3P: CP=\"CAO PSA OUR\"\r\nSet-Cookie: _gid=GA.3777112453.28717123765264\r\nTiming-Allow-Origin: *\r\nCache-Control: no-store\r\nX-Via: CN31,CN31\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":811,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (811), with no line terminators","md5":"72600ae0a79d541d5e7ee017bb52ba84","sha1":"0ac65441249a7bb063705aac51c4ce29423e5d88","sha256":"db7d7b51be8dbef829f9f81cd51e7681051765945b8866c65caeb3c3540623ed","sha512":"d4b0ec440842ff1d7724159d1745ccbaf74ee03b54d0753d7410e3bf3b904ad560921f63405cfe742e56b2640a192cce0748fd08f31f6454eab50d6230f39c68","ssdeep":"","tlshash":"5701410d016888bd8c96c9c8aa091c016b34e472bf29fb4ecb165846c36e3bc234389b","first_seen":"2025-10-26T23:28:29.891687Z","last_seen":"2025-10-26T23:28:29.891687Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2165,"timings":{"blocked":928,"dns":780,"connect":21,"send":0,"wait":306,"receive":3,"ssl":124},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/token","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"OPTIONS /api/v1/token HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 PS-000-01BRE13:4 (W), 1.1 bl21:1 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01BRE13HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_16013-6571\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":945,"timings":{"blocked":68,"dns":1,"connect":28,"send":0,"wait":804,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"ws.1ugqib.com:22228/","fqdn":"ws.1ugqib.com","domain":"1ugqib.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:28:08.398Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ws.1ugqib.com:22228\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://dmg16.jkchdu.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: hpEnl7z6XO2DIykOQU3qvQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":651,"timings":{"blocked":0,"dns":1,"connect":324,"send":0,"wait":0,"receive":0,"ssl":326},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-77825824.b904e45e.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-77825824.b904e45e.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 22550\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:54 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:30 GMT\r\nETag: \"68fb6cf2-5816\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:9 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_20607-59973\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22274), with no line terminators","md5":"ac6b2d7b8d75fa2a65f7149348f2f217","sha1":"027aad91389ff2ffa25485cfef71a915023a3082","sha256":"7f89df50c5ba1300c5d2ccc3a28124bc72cfca0d12373bac899df95bfac6953f","sha512":"54aed81a835f9f44c2fd58817eab0157b594e6d357c5e4ddca2a8c45c6bf8e5b7b5f03607a2a13b671b9a414472f5d9372c26d2de6a87068df254bf62384fc7c","ssdeep":"384:WiuOsgqFTmzOSSsZyKCSsXusme4z+3Y4hCOJq/:ZuOsgqFTAOOj83C/","tlshash":"35a2b6541f84b0f81b834f76322bb4a5e14740593c788787f139ea14abd8726ebe563e","first_seen":"2025-10-25T06:59:34.695172Z","last_seen":"2025-10-28T13:33:25.828205Z","times_seen":5,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":234,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/token","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"OPTIONS /api/v1/token HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 dianxun177:1 (W), 1.1 bl21:0 (W)\r\nX-Px: ms bl21CDG, ms dianxun177HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_15963-1005\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":924,"timings":{"blocked":57,"dns":1,"connect":26,"send":0,"wait":805,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/webconfig","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"GET /api/v1/webconfig HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: FNcu3AvVueDAOfArRjX0oQ==\r\ntimestamp: 1761521277029485\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=fa69e2e0d0a5aa1daa1a5c6295f42095; path=/\r\nvia: n104-166-141-002.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 17615212779a84c305859aee4616e5ec6afb99d4b6\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=247, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":46,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a26c74104140aaf3cc523cfa4d9f1583","sha1":"08b2987d7d86a67c6a8f43fdea04fa678266b1bf","sha256":"8ea29e6a780e0be49c7814a99527d85683dbb3b21e5ad6262e45b6c2e50643e6","sha512":"ced78a3f2a5aee2dcf373983e338670310b243cffcb635afee3ce49efabfc66eb45a12ec0e1521b25bda6f1204df556ae0300a4ac87bc837ad4deb72ba4b59da","ssdeep":"","tlshash":"a29002016e08501325078046111b012a81a53140005506345f58597590091b49200c68","first_seen":"2024-07-21T12:07:59Z","last_seen":"2026-05-04T05:23:46.941107Z","times_seen":1698,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/token","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"GET /api/v1/token HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: hNEa7v9kaneTZ3P4L00I8Q==\r\ntimestamp: 1761521277009268\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=d6ffb33f56951ef698d4c8e9444654ec; path=/\r\nvia: 1.1 PS-000-01BRE13:10 (W), 1.1 bl21:7 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01BRE13HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17189-9539\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68687c6ec0702479be5777f852f0567a","sha1":"afdeb5e11bc8eff2c342d2afb54f55eea3828f9e","sha256":"c936496c73499409ece4c4590c5832be4905f239661fdec814bd84f058cdeefa","sha512":"3fee092caf377ff5a9868cd8c6fe5056ca41051f5a3a7df08cc28e1bf315b7f4f8ae73c1ebc947a07f0e356864308de5c2800a20439b16b85d023893cc167194","ssdeep":"","tlshash":"8bb0121d186690375d4b464520075407649ee65479101325495c8da004f93641202c1e","first_seen":"2025-10-26T23:28:29.894241Z","last_seen":"2025-10-26T23:28:29.894241Z","times_seen":1,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/socketUrl","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"GET /api/v1/socketUrl HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: NP8ugj7WWlNEbSc+QRQW6Q==\r\ntimestamp: 1761521276987669\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=fb59437b98290af3b3f681105218b854; path=/\r\nvia: 1.1 x176:9 (W), 1.1 bl21:8 (W)\r\nX-Px: ms bl21CDG, ms x176HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17247-4870\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e9038e5057611162e9101e30bac7298e","sha1":"7f951e43758937d7dc6d81423481b1544259880b","sha256":"2dd1b0aff2241b4e555c14cf07e00dfa196adb76323fc3675cbcab4892dcb3e0","sha512":"7779f24d4d1896b7ead9d306da83ba9709a3ef7b7a490d24969a59f8249c20aaa6ef6e531b45671f842e1fe6574b6f105d18ddc4abc35148af48a819a16aa691","ssdeep":"","tlshash":"68a0021e5d1c6407265391d4510e1b1555947050084cc2758f68f969840c5bc124c8ba","first_seen":"2024-12-15T08:45:07.126223Z","last_seen":"2026-05-03T23:23:24.948874Z","times_seen":270,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":320,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/load.min.js?t=201903281201","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.195","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.126.net","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Dec 2024 00:00:00 GMT","end":"Fri, 05 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"30:5C:D3:4E:23:AA:39:FF:39:07:86:35:9F:B4:8D:C4:81:28:72:6C","sha256":"06:50:53:EA:17:C7:00:F4:0E:28:29:EF:5A:92:76:B8:B6:DD:50:EB:47:3E:85:05:BB:C8:7F:84:AF:21:D3:14"}}},"request":{"raw":"GET /load.min.js?t=201903281201 HTTP/1.1\r\nHost: cstaticdun.126.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 14372\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 17:33:16 GMT\r\nTiming-Allow-Origin: *\r\nCache-Control: max-age=43200\r\nExpires: Thu, 09 Oct 2025 05:38:16 GMT\r\nVia: ens-cache22.l2nu20-20[43,43,304-0,H], ens-cache5.l2nu20-20[45,0], ens-cache45.l2hk11[0,0,304-0,H], ens-cache46.l2hk11[1,0], ens-cache24.l2de4[218,218,304-0,H], ens-cache21.l2de4[220,0], ens-cache5.fr4[0,0,200-0,H], ens-cache17.fr4[1,0]\r\nContent-Encoding: gzip\r\nLast-Modified: Thu, 09 Oct 2025 02:43:08 GMT\r\nVary: Accept-Encoding\r\nAge: 21277\r\nAli-Swift-Global-Savetime: 1761499996\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 26 Oct 2025 17:33:17 GMT\r\nX-Swift-CacheTime: 43199\r\ncdn-user-ip: 91.90.42.154\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS,HEAD\r\nAccess-Control-Allow-Origin: *\r\ncdn-source: ali\r\nAccess-Control-Allow-Headers: *\r\ncdn-ip: 47.246.50.195\r\nEagleId: 2ff632a517615212739118001e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":36115,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32006)","md5":"969c6247996d8ce25014b17976bb38bf","sha1":"1d487ef5c46e944bcf13108e523951196ebd0fa7","sha256":"82472743649d956636d2fd9422adbcb43e7225c4dbbdb97937037fec87ef6cca","sha512":"6a2e0764e7ef991f9525e68ef5bf38117ee9baccf5bc19c6997fb6a1161e64f7e97c58b4f02bd2d350c48078d368780e4f36056d6ffeef3888a997af583cef52","ssdeep":"768:9KHK1+h00zI0RAcKZErsQsLiz0I+uQtzfS5+8hf/VCMiE:9CdrsQaltjS5D5/EE","tlshash":"4ff2d68cb690f4bb4ba760b0813f920be13b5614b499c0e4b155e4e4adbd8ce5627f3c","first_seen":"2025-10-09T05:40:00.358164Z","last_seen":"2025-11-11T13:16:41.974914Z","times_seen":1899,"resource_available":true,"data":null}},"time_used":1800,"timings":{"blocked":883,"dns":335,"connect":26,"send":0,"wait":26,"receive":3,"ssl":523},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"line.hrqhq.com/2228/app_config.txt?v=57","fqdn":"line.hrqhq.com","domain":"hrqhq.com","tld":"com"},"ip":{"addr":"8.214.162.128","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hrqhq.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Oct 2025 16:00:56 GMT","end":"Tue, 06 Jan 2026 16:00:55 GMT"},"fingerprint":{"sha1":"8C:64:6C:21:CB:6D:AF:1A:2C:60:FE:04:69:57:28:8F:CB:AE:05:36","sha256":"15:9B:63:BD:E0:4A:B4:49:1D:15:F4:E8:87:73:E1:FB:2B:AE:07:EE:D6:FB:30:2E:3E:FC:BF:CD:55:B9:F5:3B"}}},"request":{"raw":"GET /2228/app_config.txt?v=57 HTTP/1.1\r\nHost: line.hrqhq.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: text/plain\r\ndate: Sun, 26 Oct 2025 23:27:55 GMT\r\netag: W/\"68fb7719-48d\"\r\nlast-modified: Fri, 24 Oct 2025 12:54:49 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 969\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1165,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (1165), with no line terminators","md5":"691f449524ef16d72a949a4bec174064","sha1":"e73a3a05341336fed55c670effbf9511ff2e8a60","sha256":"7c22eea637008019eea2ff7d4fdc77ec44225de5bc3c8acc51276799059859e9","sha512":"c4c2a83d3d4204eb654f1c7ab747b43aef0ec7e9bc0833eab433ecc6d8a59270e1adf12789caca4ba776da4fe09cabf2acd622dc222fd676688da7e79fb8b230","ssdeep":"","tlshash":"d9210ae0328bf1f81574ca0993425b948114cc19d86f44c76fbc99ca355c8b2eef8133","first_seen":"2025-10-25T06:59:34.718542Z","last_seen":"2025-11-12T02:23:50.360047Z","times_seen":13,"resource_available":false,"data":null}},"time_used":1798,"timings":{"blocked":745,"dns":200,"connect":270,"send":0,"wait":306,"receive":0,"ssl":275},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/chunk-vantUI.83e1ea65.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/chunk-vantUI.83e1ea65.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: text/css\r\nContent-Length: 119073\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:16 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-1d121\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:10 (W), 1.1 PSrdsdgemSTO1sw92:15 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59617\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_22654-1091\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":119073,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"17ef707899b7dfc2fad2607c31925e79","sha1":"84a6bd75adeb731c2073a1100037e47941bd4b57","sha256":"367a733b2f8886d2bbf84b3fb1505cba2d6133b42f0a09c60982ced4836eaa24","sha512":"d7843421d7f10fdb97102ff5e42ff7300a3788f9d0651faa8d63c0976e178c2058582c4a9968b1674d7f1dd95af9feee474d234f9ad95703d48a0121453f673b","ssdeep":"1536:PBW1QbFNJ+jqkiHcurx3WqyrtpqoSWEDZgcV6SlfENVd:P46rxmNH9yDGSlfed","tlshash":"d0c3f93b84c0239c7327cd615fc4a6d8c228d122e5521be9f117761e8fcbb8615a6b6f","first_seen":"2024-05-25T12:57:01Z","last_seen":"2026-05-04T05:23:46.944987Z","times_seen":1423,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2935868","fqdn":"cstaticdun.126.net","domain":"126.net","tld":"net"},"ip":{"addr":"47.246.50.197","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:56.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.126.net","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Fri, 06 Dec 2024 00:00:00 GMT","end":"Fri, 05 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"30:5C:D3:4E:23:AA:39:FF:39:07:86:35:9F:B4:8D:C4:81:28:72:6C","sha256":"06:50:53:EA:17:C7:00:F4:0E:28:29:EF:5A:92:76:B8:B6:DD:50:EB:47:3E:85:05:BB:C8:7F:84:AF:21:D3:14"}}},"request":{"raw":"GET /2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2935868 HTTP/1.1\r\nHost: cstaticdun.126.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: Tengine\r\nContent-Type: application/javascript\r\nContent-Length: 182879\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 13:37:17 GMT\r\nTiming-Allow-Origin: *\r\nCache-Control: max-age=43200\r\nExpires: Wed, 01 Oct 2025 01:42:17 GMT\r\nVia: ens-cache24.l2nu20-20[43,44,304-0,H], ens-cache29.l2nu20-20[45,0], ens-cache25.l2hk11[0,0,304-0,H], ens-cache38.l2hk11[1,0], ens-cache29.l2de4[0,0,304-0,H], ens-cache5.l2de4[1,0], ens-cache5.fr4[0,0,200-0,H], ens-cache20.fr4[2,0]\r\nContent-Encoding: gzip\r\nLast-Modified: Mon, 04 Aug 2025 06:16:40 GMT\r\nVary: Accept-Encoding\r\nAge: 35439\r\nAli-Swift-Global-Savetime: 1761485837\r\nX-Cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nX-Swift-SaveTime: Sun, 26 Oct 2025 13:37:20 GMT\r\nX-Swift-CacheTime: 43197\r\ncdn-user-ip: 91.90.42.154\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Allow-Methods: GET,POST,OPTIONS,HEAD\r\nAccess-Control-Allow-Origin: *\r\ncdn-source: ali\r\nAccess-Control-Allow-Headers: *\r\ncdn-ip: 47.246.50.197\r\nEagleId: 2ff632a817615212764715586e\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":631406,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"2e37138d619d162c07ec319f394979e5","sha1":"d0eeddeecb8b2ba5a2d293b495ef81f6b3df8103","sha256":"de1b1412257aec714dfc50b49e249f925197647dddef3d178ba791612ffc38a2","sha512":"34a91174fe301d3ba732b7f2d9ea39045343be849befcd3d50f20e17fd9302c9b1d85e59accae3f02d9881cda5768e04c9a2045d3296c8b1ee1bbc411c9819b4","ssdeep":"12288:xWHScRo5KuiykhWGajMXiPafixLRdGUN0ZinzYybkZhd1Bp8XXCFK2STS81cts6Z:A0RdGUNQin0ybkZhd1B6XXCFK2STS81S","tlshash":"ffd4b360afc0641d22d74b37722b66dce8570977b940c4679114ff6caaa3729fea8c31","first_seen":"2025-08-11T01:40:48.887978Z","last_seen":"2026-05-04T09:24:41.645306Z","times_seen":3227,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":62,"dns":2,"connect":26,"send":0,"wait":28,"receive":62,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2025-10-26","alert":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","trigger":"cstaticdun.126.net/2.28.5/core-optimi.m25b40.v2.28.5.min.js?v=2935868","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"@imp0rtp3 (modified by Florian Roth)","date":"2020-09-06","description":"Unique code from Jetriz, Swid \u0026 Jeniva of the Tetris framework","reference":"https://imp0rtp3.wordpress.com/2021/08/12/tetris","rule":"apt_CN_Tetris_JS_advanced_1"}}],"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/socketUrl","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"GET /api/v1/socketUrl HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: DObocSnN4VultPfMPDqEFQ==\r\ntimestamp: 1761521277007320\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=8792e996bc0ef3214c4f81e5fb2e2adf; path=/\r\nvia: 1.1 PS-000-01aUa12:6 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01aUa12HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6511\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e9038e5057611162e9101e30bac7298e","sha1":"7f951e43758937d7dc6d81423481b1544259880b","sha256":"2dd1b0aff2241b4e555c14cf07e00dfa196adb76323fc3675cbcab4892dcb3e0","sha512":"7779f24d4d1896b7ead9d306da83ba9709a3ef7b7a490d24969a59f8249c20aaa6ef6e531b45671f842e1fe6574b6f105d18ddc4abc35148af48a819a16aa691","ssdeep":"","tlshash":"68a0021e5d1c6407265391d4510e1b1555947050084cc2758f68f969840c5bc124c8ba","first_seen":"2024-12-15T08:45:07.126223Z","last_seen":"2026-05-03T23:23:24.948874Z","times_seen":270,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/chunk-77825824.534ae53c.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/chunk-77825824.534ae53c.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 10021\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:18 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-2725\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:10 (W), 1.1 PSrdsdgemSTO1sw92:9 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59616\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_20607-59972\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10021,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (10021), with no line terminators","md5":"ee1a989ba9e516b01784f7ec04795d29","sha1":"e0dfb0c3816a03349bdf558ad28c686b54a8c2c9","sha256":"0272d4986946f446e02b0371c6bb1dd89be2f004ebf79403c29a7fd51ea3dc58","sha512":"b02b19c6255a902a67a39a31c1e0661c759524d38beeec6392fc9c752b49a2d7de18c0c99cdebff599cac15aa2092d1312a71297be0dc245bf3e48b22e1b1901","ssdeep":"96:xvG8098nRIDWTf5n2rTD1EDUO/Kji1cZSnqkYk98nS3YGWLfb:c80iGrP1Tgr1cZEYkiSO","tlshash":"80223127b0992b04e027cde12f604e919200dab3910b97f59a177e30dfe76472bb279d","first_seen":"2025-01-30T05:23:52.975823Z","last_seen":"2026-05-04T05:23:46.94258Z","times_seen":899,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/null/api/v1/token","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:55.113Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /null/api/v1/token HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: eqTWyMGnyCFS7OVABR17LQ==\r\ntimestamp: 1761521275105549\r\ncustomerUID: \r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __snaker__id=gsR8Xt9P4qD8NFoA\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:55 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: W/\"68fb6cda-4b2b\"\r\nContent-Encoding: gzip\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59617\r\nx-ws-request-id: 68feae7b_PSrdsdgemSTO1sw92_21841-52915\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19243,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17424)","md5":"d445eae468df60c0fc7bf5a20f2190e3","sha1":"3057bbebd78cbac56904ba138f979d4ca4e4549d","sha256":"959f4033b1bddd8e9091abcec96edcaa6b760346bb8f0fc52f0a8c77edafd24b","sha512":"bffa4ee042d0a83868ee3437a702358b7b40307851b3d2a1377e5546a1e646369ad854ad6d74b3055fa7b26160279571247792f9d12008b4a4d0d9ce060d47e3","ssdeep":"192:tRsjiAxakCBT01V1KLMUj8pKN0/MvZw29vCro/tr1OOzaALH+nCL/nIfn+cM2lo3:0dP1qMUA8TZPCgjzaALHPDY+cM2lovvn","tlshash":"4882b572e384f87a1b516d5b705efba3549b26b37c30a9b4138d927497a08f8134bd07","first_seen":"2025-10-25T06:59:34.700998Z","last_seen":"2025-10-28T13:33:25.831987Z","times_seen":5,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/heartapi","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:56.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"GET /api/v1/heartapi HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: XhyOJfyThhtNJmGgVSYDDA==\r\ntimestamp: 1761521275469518\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:56 GMT\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=23bc1f3c28f3bdf07d3908b7bdeb6641; path=/\r\nvia: n104-166-141-002.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521276a2fbe16cd46b1c1fe5fb3fd3f90fdd19\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=423, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":33,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"0ebf4114050bb071b44cb42510829c82","sha1":"bf83acc9dcc2e331bd68dc117852a10e80638f6f","sha256":"7c85a4d0512fff34a3f642753a26eae9880d017509faba3e576b8efc8c5d860d","sha512":"8e751e7770b24321b6a5cbf552d34fc46be71be25c1fb59f2de0b3d88dd47394e3147108d0c8c79b5314f03eb3c55b17975c54fdac5d782af8597b276e2a8aef","ssdeep":"","tlshash":"fa8000032c0c8023a8030088230f2b2800e832a0000803208cacbe3280382b02200c3e","first_seen":"2023-04-17T02:00:03Z","last_seen":"2026-05-04T05:23:46.936887Z","times_seen":1700,"resource_available":false,"data":null}},"time_used":456,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":456,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.jxgaozewl.com/api/v1/webconfig","fqdn":"dmgapi.jxgaozewl.com","domain":"jxgaozewl.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.jxgaozewl.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 08:11:03 GMT","end":"Mon, 01 Dec 2025 08:11:02 GMT"},"fingerprint":{"sha1":"6C:53:95:4E:6C:0B:EC:E4:E7:DA:A6:E3:12:31:CB:C6:12:B3:88:48","sha256":"F4:94:1D:06:CF:1F:FB:B7:FB:92:0D:62:60:2E:E5:C6:83:DE:5A:BE:FB:4A:3D:3A:68:B3:84:15:C8:88:49:DD"}}},"request":{"raw":"GET /api/v1/webconfig HTTP/1.1\r\nHost: dmgapi.jxgaozewl.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: ddTRWK1GBbTxiW6dMmFNfg==\r\ntimestamp: 1761521276982714\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=1132b05d203e658e5c07092b862a110a; path=/\r\nvia: 1.1 x179:7 (W), 1.1 bl21:5 (W)\r\nX-Px: ms bl21CDG, ms x179HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_16858-2209\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":46,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a26c74104140aaf3cc523cfa4d9f1583","sha1":"08b2987d7d86a67c6a8f43fdea04fa678266b1bf","sha256":"8ea29e6a780e0be49c7814a99527d85683dbb3b21e5ad6262e45b6c2e50643e6","sha512":"ced78a3f2a5aee2dcf373983e338670310b243cffcb635afee3ce49efabfc66eb45a12ec0e1521b25bda6f1204df556ae0300a4ac87bc837ad4deb72ba4b59da","ssdeep":"","tlshash":"a29002016e08501325078046111b012a81a53140005506345f58597590091b49200c68","first_seen":"2024-07-21T12:07:59Z","last_seen":"2026-05-04T05:23:46.941107Z","times_seen":1698,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"ws.1ugqib.com:22228/","fqdn":"ws.1ugqib.com","domain":"1ugqib.com","tld":"com"},"ip":{"addr":"18.162.240.158","port":22228,"asn":16509,"as":"AMAZON-02","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:58.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.1ugqib.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 16:01:57 GMT","end":"Sun, 28 Dec 2025 16:01:56 GMT"},"fingerprint":{"sha1":"D7:C5:96:CA:F6:B4:32:73:EB:08:3F:76:AA:F3:1E:A8:E5:D5:F3:D8","sha256":"61:64:13:8D:AE:44:40:74:92:1C:6F:2A:44:B7:37:47:57:34:FC:99:82:FF:52:2F:EA:3D:AD:46:49:AD:5C:3A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ws.1ugqib.com:22228\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://dmg16.jkchdu.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: YPxCzgj151WQQqP6a3fUDg==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: OYMH5828ZfN6UJzyzX9wPMRsonk=\r\nSec-WebSocket-Version: 13\r\nServer: swoole-http-server\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":966,"timings":{"blocked":0,"dns":1,"connect":319,"send":0,"wait":319,"receive":0,"ssl":327},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/chunk-libs.94dcaa4c.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.061Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/chunk-libs.94dcaa4c.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 1753817\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:42 GMT\r\nETag: \"68fb6cfe-1ac2d9\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:15 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_22654-1092\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1753817,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"dce9a60af84e26f7c44db59ddbdaa097","sha1":"4a551bff0640fe6fa5f14fe05360f01d8081ac35","sha256":"6a03e937d4e1662e589a1cae73f9c0b83b1777a7494ba349f227adeae9dcad0d","sha512":"84fb15f82ba8f21b693f6ba412fb87eeba3f21aea43d33849ddc5c962493ac2edcbc8ac9eea4339db58d24de710bd2ef5631f72724b65e3ec8c9783d16de3a32","ssdeep":"12288:Ci4mys4LvHAtAz9poCWtwrIiCJ5L1xzGtAT7fW1bWrbQwXxa3rITSq0r3ecSdGeX:+xVcAINmEsTrITSq0r3ec+/WI8lbCXr","tlshash":"1b25834473d0b88913db5fb5731fb5e6f41f08af3d59084be210fca066a562aeae1931","first_seen":"2025-10-25T06:59:34.708745Z","last_seen":"2025-10-28T13:33:25.841769Z","times_seen":5,"resource_available":false,"data":null}},"time_used":778,"timings":{"blocked":40,"dns":0,"connect":0,"send":0,"wait":241,"receive":497,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/socketUrl","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"GET /api/v1/socketUrl HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: ebsuGwsBdxDVGP+1xTdlzQ==\r\ntimestamp: 1761521277036174\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=3941ccebde61918adca3ef52817eff29; path=/\r\nvia: n104-166-141-012.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521277a3da1c14195b75ee4f6d0081e866e36d\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=454, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e9038e5057611162e9101e30bac7298e","sha1":"7f951e43758937d7dc6d81423481b1544259880b","sha256":"2dd1b0aff2241b4e555c14cf07e00dfa196adb76323fc3675cbcab4892dcb3e0","sha512":"7779f24d4d1896b7ead9d306da83ba9709a3ef7b7a490d24969a59f8249c20aaa6ef6e531b45671f842e1fe6574b6f105d18ddc4abc35148af48a819a16aa691","ssdeep":"","tlshash":"68a0021e5d1c6407265391d4510e1b1555947050084cc2758f68f969840c5bc124c8ba","first_seen":"2024-12-15T08:45:07.126223Z","last_seen":"2026-05-03T23:23:24.948874Z","times_seen":270,"resource_available":false,"data":null}},"time_used":488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/webconfig","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"OPTIONS /api/v1/webconfig HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: 1.1 PS-000-01aUa12:6 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01aUa12HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6473\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/token","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"OPTIONS /api/v1/token HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: n104-166-141-012.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 176152127728c8ca901c6700d050cc0c925af57c2e\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=402, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":595,"timings":{"blocked":79,"dns":3,"connect":34,"send":0,"wait":435,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/token","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"GET /api/v1/token HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntimestamp: 1761521277032609\r\ntoken: eO2XpBmHE1hjD6SIrL4tOQ==\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=0a167c8e4183994ed2a8cec3713e146f; path=/\r\nvia: n104-166-141-012.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521277ab4cbfe765f77588b84d390400722195\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=425, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b4e7e0f5dfeee81681e5ae9706effcee","sha1":"682f03d20660a9d92d4c7a8139c1debd61592e33","sha256":"ed3e37c612226a74ec3516faa9359239dba46a354fbe97019865f67945273a41","sha512":"ba32486f7a410a47980c89f148ed0577030eea109667f899ae5baa7509e337016db6880cc0634d7ffcf000e54472ed84a7915b6fd4fa9869fe24e1ae2c07b19f","ssdeep":"","tlshash":"fab0120e2f256573194781c562477213a74a10803c2493325a9c555480c40741111c29","first_seen":"2025-10-26T23:28:29.900492Z","last_seen":"2025-10-26T23:28:29.900492Z","times_seen":1,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/js/aes.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /js/aes.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3943\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-f67\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-046K749:2 (W), 1.1 PSrdsdgemSTO1sw92:7 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_19853-63089\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3943,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3943), with no line terminators","md5":"2467c9934de1a26061318afc2b701cf5","sha1":"0690894ef7838d1dcfc5c31d8edcd66f13a6c680","sha256":"8ae8d4c89096b1e346a6957933c2597548dd65fd35cd43e71b1599c2323e288a","sha512":"e95f1a95c56f1aca76a4534eb74e4062920d5b05e199f7a12f694327738cc4dc91e12c0ab294aa2ef1e4ace16200d1c11fe42d50c49d56984c609fd157b29329","ssdeep":"","tlshash":"fc814de565b3a08767bc4c439eccbfae10675523b084b24bdbf4face105814bd998984","first_seen":"2023-03-10T00:57:38Z","last_seen":"2026-05-04T09:24:41.622318Z","times_seen":5621,"resource_available":true,"data":null}},"time_used":320,"timings":{"blocked":19,"dns":1,"connect":7,"send":0,"wait":273,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmgapi.kmhcgj.com/api/v1/webconfig","fqdn":"dmgapi.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"217.198.191.72","port":443,"asn":21859,"as":"ZEN-ECN","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmgapi.kmhcgj.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Thu, 15 May 2025 00:00:00 GMT","end":"Thu, 14 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7E:A8:42:65:2A:2E:04:A2:6C:AB:EC:B7:0C:12:A7:E9:FA:99:92:E8","sha256":"29:7E:54:EF:57:6A:EA:A5:45:4D:B9:D7:C6:4D:EA:0A:7A:C7:CD:0E:02:30:45:46:FA:FE:2D:EE:AF:B9:DB:09"}}},"request":{"raw":"OPTIONS /api/v1/webconfig HTTP/1.1\r\nHost: dmgapi.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: customeruid,device,timestamp,token\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: volc-dcdn\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nVary: Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nContent-Encoding: gzip\r\nvia: n104-166-141-002.bdcdn-defra02.ToB\r\nx-request-ip: 91.90.42.154\r\nx-tt-trace-tag: id=5\r\nx-dsa-trace-id: 1761521277df879fb5bd78e57f099e61e101da0efa\r\nX-Dsa-Origin-Status: 200\r\nserver-timing: cdn-cache;desc=MISS, origin;dur=234, edge;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T16:05:20.263881Z","times_seen":14643442,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":265,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/webconfig","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.269Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"GET /api/v1/webconfig HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntoken: u4t3OR5Gd7Z6/tvFe8B1fQ==\r\ntimestamp: 1761521277001457\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:57 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=511403c57b138586bd316abe4ab28c28; path=/\r\nvia: 1.1 PS-000-01aUa12:6 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms PS-000-01aUa12HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6489\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":46,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a26c74104140aaf3cc523cfa4d9f1583","sha1":"08b2987d7d86a67c6a8f43fdea04fa678266b1bf","sha256":"8ea29e6a780e0be49c7814a99527d85683dbb3b21e5ad6262e45b6c2e50643e6","sha512":"ced78a3f2a5aee2dcf373983e338670310b243cffcb635afee3ce49efabfc66eb45a12ec0e1521b25bda6f1204df556ae0300a4ac87bc837ad4deb72ba4b59da","ssdeep":"","tlshash":"a29002016e08501325078046111b012a81a53140005506345f58597590091b49200c68","first_seen":"2024-07-21T12:07:59Z","last_seen":"2026-05-04T05:23:46.941107Z","times_seen":1698,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.kmhcgj.com/api/v1/token","fqdn":"api.kmhcgj.com","domain":"kmhcgj.com","tld":"com"},"ip":{"addr":"157.185.128.147","port":443,"asn":54994,"as":"ML-1432-54994","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.kmhcgj.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 02 Sep 2025 04:30:25 GMT","end":"Mon, 01 Dec 2025 04:30:24 GMT"},"fingerprint":{"sha1":"C1:35:A7:35:9D:2C:08:B1:3B:FF:B8:76:6C:75:B1:11:92:87:5D:F0","sha256":"B9:61:A9:24:80:37:77:54:09:DA:C1:1B:4A:88:DE:7A:1E:07:69:1C:B9:30:91:88:D6:71:39:36:BC:97:3C:CF"}}},"request":{"raw":"GET /api/v1/token HTTP/1.1\r\nHost: api.kmhcgj.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ndevice: h5\r\ntimestamp: 1761521277004563\r\ntoken: TkM7gsHxPjVGsTW06U8PSg==\r\ncustomerUID: \r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nContent-Type: application/json; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nX-Powered-By: PHP/7.4.33\r\naccess-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With,token,device,signature,timestamp,identifier,version,customerUID\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, HEAD, OPTIONS\r\naccess-control-allow-credentials: true\r\nAccess-Control-Allow-Origin: https://dmg16.jkchdu.com\r\nSet-Cookie: HTTP_TOKEN=48bbd7f413c41538d1088a0fedc8f888; path=/\r\nvia: 1.1 dx10:1 (W), 1.1 bl21:6 (W)\r\nX-Px: ms bl21CDG, ms dx10HKG(origin)\r\nx-ws-request-id: 68feae7d_bl21_17092-6515\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":104,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b1b3138a284861956b9f772d04476a4a","sha1":"1b5a6714c2873f20c8caa4a81db997ad7f8ccecb","sha256":"6b67d9c85eedcb11752c18a4be9a497aca8c6a8806585b0d231cd05dca988b73","sha512":"17e792944ca2d7881c263827c76a13d8a52a4e05d8eb7a6fc75a9d907417f4ceb8fac8dfeebf06425df2f385c44c783eafa949a3ca737d52708a2d809551a178","ssdeep":"","tlshash":"d9b0120d2c6e9333198f510b6007120f514f1c9024143331cd5de560014c4244202c2a","first_seen":"2025-10-26T23:28:29.903075Z","last_seen":"2025-10-26T23:28:29.903075Z","times_seen":1,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ir-sdk.dun.163.com/v4/j/up","fqdn":"ir-sdk.dun.163.com","domain":"163.com","tld":"com"},"ip":{"addr":"47.245.158.179","port":443,"asn":134963,"as":"Alibaba Cloud Singapore Private Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:57.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dun.163.com","organization":"NetEase (Hangzhou) Network Co., Ltd"},"issuer":{"commonName":"GeoTrust RSA CN CA G2","organization":"DigiCert Inc"},"validity":{"start":"Tue, 31 Dec 2024 00:00:00 GMT","end":"Fri, 30 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BE:6A:44:CA:C5:A7:6A:EE:B7:1C:6D:F4:2D:45:D4:20:E1:40:92:70","sha256":"0E:55:D9:9F:EE:9A:BA:3B:E2:46:3C:74:58:77:57:DA:81:2F:BC:96:FA:4F:34:DE:F4:54:F9:18:AD:39:6F:97"}}},"request":{"raw":"POST /v4/j/up HTTP/1.1\r\nHost: ir-sdk.dun.163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: text/plain\r\nContent-Length: 2078\r\nOrigin: https://dmg16.jkchdu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 26 Oct 2025 23:27:58 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":202,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"40359d0cc8dd831d4818dc344edcb891","sha1":"caa2b2e15f424771d1e2abecf26f2ff21b4cb917","sha256":"5f7bbad45ae46786a3830d8b9a3066b147a558a39a03ea35d0240f6abee01d80","sha512":"29e0aefd237d68e126846fd0e9fbbfd9ff6cbed5cbbbb0ec6e099a5fbd43072d1b17d8277ed2dd4530ab42003965d72a006d48e18f5aa88b104e7184e777255e","ssdeep":"","tlshash":"54d02204aabc2024c582810402ae2fb1846533a28228fd868ddc6e148a0cdbe180b80e","first_seen":"2025-10-26T23:28:29.904859Z","last_seen":"2025-10-26T23:28:29.904859Z","times_seen":1,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":281,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/app.039d6f0e.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/app.039d6f0e.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: text/css\r\nContent-Length: 40153\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:16 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-9cd9\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:9 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59617\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_20607-59947\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40153,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (40145), with no line terminators","md5":"e0f7f2befc021dcbd0a549440432985a","sha1":"d02fc3e997837d56cb9697dbeda711e692435940","sha256":"0a89b98b604b54d49f103bb73a0acad7352677968e51edd4b1eead946c33caf7","sha512":"0f817bf139abf121426ac64992a482fe7d086449567ddeec62ec7310a70491c5a4d3806d329dbe740e39c2d8c03f2ba7168a52b66a4781e3a64dd3c3c2fa8cbf","ssdeep":"768:jDvXsXTFitGy65rB9XbGnibR8KDR5794sZi+jnBme:5tGrbSe","tlshash":"cf03643ba1a56708e027cc913f956ea99108d972d04b57f4dd936e31cfcb6431ae238e","first_seen":"2025-09-03T02:42:33.774772Z","last_seen":"2026-01-11T02:15:31.961945Z","times_seen":260,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":26,"dns":1,"connect":7,"send":0,"wait":10,"receive":4,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/js/app.0b06cdd1.js","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:53.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/js/app.0b06cdd1.js HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:53 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 1765206\r\nConnection: keep-alive\r\nExpires: Mon, 27 Oct 2025 11:27:53 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:18 GMT\r\nETag: \"68fb6ce6-1aef56\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nx-ws-request-id: 68feae79_PSrdsdgemSTO1sw92_21841-52885\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1765206,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (63589), with no line terminators","md5":"224bfef761b41f9eac71fe17b484244d","sha1":"c0ff4b3b71edee0bf0e10b0a09a8a8535e30bccd","sha256":"6045f523dfa5fcfac7d2d20353537534aa2ca415149476a27b44816f58c087ed","sha512":"930b7a0cc875d786918e1b6f71e199a7c76d2f839a261b1a11e3e50661bd43a971c05c7804b85a5cf1395407432aa7ab4fd7fe3daa05a2651249352289032ad4","ssdeep":"12288:trRWcJGhZ96WbDJEpuT8scoupgO5cdfk7od:tEcohb6WZEb1c/d","tlshash":"4525d744b2d068e903575bb7332bb0d9f46b08ef2a944d86f346fc60a1a930af9d5771","first_seen":"2025-10-26T23:28:29.90759Z","last_seen":"2025-10-26T23:28:29.90759Z","times_seen":1,"resource_available":false,"data":null}},"time_used":648,"timings":{"blocked":252,"dns":0,"connect":0,"send":0,"wait":229,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/css/chunk-bf2c2eb4.8a0a2e91.css","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/css/chunk-bf2c2eb4.8a0a2e91.css HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: text/css\r\nContent-Length: 6133\r\nConnection: keep-alive\r\nExpires: Sun, 26 Oct 2025 18:54:18 GMT\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-17f5\"\r\nCache-Control: max-age=43200\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:4 (W), 1.1 PSrdsdgemSTO1sw92:5 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59616\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_19080-65002\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6133,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6133), with no line terminators","md5":"f84b198d8c67211f974afce39fd81729","sha1":"05ddc57a7612a7644407e2557238e7263dd2e63d","sha256":"af77b5a134ba2e235df0838b366ad5ddd617d6490b7e9ed270d7fb5f7342bfbf","sha512":"16834c542cfab66c4c964fe9d4ff81c39860922cb4bdc95018080fcc01bd172f72ee143f01c0fd5264eccba0a5ace9e881991ea668e485e5974e0a9628f4e1e9","ssdeep":"96:pwexuUYsU4cuNqhLhU5inpuAopPhinUEg:WeIUYsUjiqhLhU5iEAopPhiUEg","tlshash":"70c1ee3774591f08a956cd843ac5bb4ed068cbb5948a53fde6133a2a97c3b430ae170f","first_seen":"2025-05-10T11:44:29.682781Z","last_seen":"2026-05-04T05:23:46.951487Z","times_seen":840,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"dmg16.jkchdu.com/static/img/favicon.7d0fc580.ico","fqdn":"dmg16.jkchdu.com","domain":"jkchdu.com","tld":"com"},"ip":{"addr":"163.171.134.109","port":443,"asn":54994,"as":"ML-1432-54994","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://dmg16.jkchdu.com/register?openid=057d92539c074c4849d3136a737c6d79\u0026sign=bd1d6346ab50dc46488537dcf90ea4cc\u0026topId=1193503","date":"2025-10-26T23:27:54.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dmg16.jkchdu.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Oct 2025 12:12:27 GMT","end":"Fri, 02 Jan 2026 12:12:26 GMT"},"fingerprint":{"sha1":"8F:C2:48:9E:1E:D5:A1:09:69:65:72:92:18:06:F9:4E:F2:F5:77:0D","sha256":"53:DA:9F:73:97:D3:8A:E4:9E:00:4F:04:C2:2A:92:83:54:65:E4:A3:D3:16:0C:26:ED:4C:C9:0E:5C:9F:A7:4B"}}},"request":{"raw":"GET /static/img/favicon.7d0fc580.ico HTTP/1.1\r\nHost: dmg16.jkchdu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 26 Oct 2025 23:27:54 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 5534\r\nConnection: keep-alive\r\nServer: PWS/8.3.1.0.8\r\nLast-Modified: Fri, 24 Oct 2025 12:11:06 GMT\r\nETag: \"68fb6cda-159e\"\r\nAccept-Ranges: bytes\r\nVia: 1.1 PS-HKG-04oR750:6 (W), 1.1 PSrdsdgemSTO1sw92:12 (W)\r\nX-Px: ht PSrdsdgemSTO1sw92ARN\r\nAge: 59615\r\nx-ws-request-id: 68feae7a_PSrdsdgemSTO1sw92_21841-52908\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5534,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 36x36, 32 bits/pixel","md5":"7d0fc5805c8e6bb448e678f9090bc8c8","sha1":"3a5618863fa2bac10645090ab53e5acf396ef514","sha256":"2f32f8895a4805b311662cd0fe08836671c8ecc334006f800e34389f8f286465","sha512":"762f291b077b2e41baa5675044130b0ac093c068248375a5d95cde363cf0139e40823189326f93c5d9de5013589a5001860d16383de76bb3508e1a3f394c9c65","ssdeep":"96:3a0DB7STdqmFCqjZcCJpzV3t0dHx33CF9AMUTc8RqYZuG7sd8q0qBMEvHz3uC3:K09SgclzEtV8OqYZRM8C/TuC3","tlshash":"65b1f7267ee9287fdc81f8b3d760c29114194094159673aa4737c32b4a1f9b8cfc26c1","first_seen":"2024-12-08T02:12:54.574386Z","last_seen":"2026-05-03T23:23:24.955962Z","times_seen":291,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}