{"report_id":"ca06ba4f-53e5-4782-9792-2c3b8a0c4df7","version":6,"status":"done","tags":[],"date":"2026-04-04T06:54:04Z","url":{"schema":"http","addr":"qsamn.qpon/","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"192.197.113.135","port":0,"asn":136038,"as":"HDTIDC LIMITED","country":"South Korea","country_code":"KR"},"final":{"url":{"schema":"http","addr":"qsamn.qpon/","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"title":"安全运行环境检测","dom":{"size":53,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"9c2f8839ae4573acc504b07addb02085","sha1":"09fd77ff5c0584fb9cae16b2673384502880ad5a","sha256":"b1989545add3ba26922ff45dc16bc646390301c6fc520fbd11a797c5ce4e0285","sha512":"a206410e0ec3a7f003c5b2ae6d95098b38bc36539e901b555e97915b19ed859559e334e85cd204dd69a6496438510fdec13faab242c26cfba585ae07082db03b","ssdeep":"","tlshash":"049002fa909100595d6176884dc213421a644295f106590459c03a65c9492259d03194","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"qsamn.qpon/","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"192.197.113.135","port":0,"asn":136038,"as":"HDTIDC LIMITED","country":"South Korea","country_code":"KR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-09T06:54:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":4,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"Client IP","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"Client IP","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"Client IP","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"Client IP","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"apps.bdimg.com","ip":{"addr":"111.225.213.49","port":443,"asn":58539,"as":"China Telecom","country":"China","country_code":"CN"},"domain_registered":"2010-03-22","domain_rank":966685,"first_seen":"2012-08-06T13:34:46Z","last_seen":"2026-04-03T07:26:37.299611Z","alert_count":0,"request_count":1,"received_data":21941,"sent_data":438,"comment":"","tags":null,"fingerprints":null},{"fqdn":"0115b72w0uul.lpjzm.club","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-03","domain_rank":0,"first_seen":"2026-04-04T06:54:04.404173Z","last_seen":"2026-04-04T06:54:04.404173Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":436,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nhtulx.zukaj.club","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-03","domain_rank":0,"first_seen":"2026-04-04T06:54:04.702838Z","last_seen":"2026-04-04T06:54:04.702838Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":430,"comment":"","tags":null,"fingerprints":null},{"fqdn":"7ef6t9.sntuh.club","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-05-03","domain_rank":0,"first_seen":"2026-04-04T06:54:04.229589Z","last_seen":"2026-04-04T06:54:04.229589Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":430,"comment":"","tags":null,"fingerprints":null},{"fqdn":"qsamn.qpon","ip":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-04-24","domain_rank":0,"first_seen":"2026-04-04T06:54:04.421951Z","last_seen":"2026-04-04T06:54:04.421951Z","alert_count":8,"request_count":4,"received_data":22690,"sent_data":1887,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"apps.bdimg.com/libs/crypto-js/3.1.2/rollups/tripledes.js","fqdn":"apps.bdimg.com","domain":"bdimg.com","tld":"com"},"ip":{"addr":"111.225.213.49","port":443,"asn":58539,"as":"China Telecom","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7e914a0aaeb57e9a6534437480eaa87","sha1":"d74461ca0f071302f2474d82a19708661daad912","sha256":"bf3bed187f585b21b023fe6e0c5166cdc6d32afb212dbd590f6e2d6ccf510573","sha512":"3160a12313bfec76d7f8285c7b9848fa26ac05d76b47f52cd375958737ddea7f4173375c9fa7aeebe059043deb05cd8d13bc6743fea8b028ea5b1a6c41d26003","ssdeep":"384:OgZ1OMaehKPqc7ChlWruydQtoRoSvGl9OcQ5Zw+U5j/:pDphKPqaAYHdGoOSel9OcmTu/","tlshash":"96a20bc9719d3582e3a1749044bb314b74bb2677814c56b8f290dacceeacda9413de39","size":21450,"data":"","first_seen":"2023-03-08T14:26:09Z","last_seen":"2026-04-04T09:11:37.036836Z","times_seen":4153,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qsamn.qpon/","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c0745f5e0e4fc4c13541b0402e1ffc57","sha1":"33e16b11c74c21de9f99fb6c16564e9618a67957","sha256":"7e3f7fb47191672fdf4a2f6b05187a0f4ac44a493527c9fd6262f8707db90b0f","sha512":"8caf1a55bbc9063c5a1dcfa8293c62dc2e2a4b6530bd533c89ac25bbca32546535b57d2c0e37cbb6286c74d05d7edcc2be47960978fc29bec0fc0b544167ad83","ssdeep":"384:OC+0Gz6QwBED+Jk85ckSYWGAWuHwXd9VEPCE2/GpE2FpmkZfh2Ak9pHtYu/bMDOg:OC6z6QwmD+Jk85ZSYWGAWuHwt9SwnTMv","tlshash":"0792d745be906855034f1be7ff3b70dcea2a48aa39588c4fb7907c547ab0727e951a30","size":19788,"data":"","first_seen":"2026-04-04T06:54:19.816118Z","last_seen":"2026-04-04T06:54:19.816118Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"7ef6t9.sntuh.club/check.png","fqdn":"7ef6t9.sntuh.club","domain":"sntuh.club","tld":"club"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://qsamn.qpon/","date":"2026-04-04T06:53:46.022Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: 7ef6t9.sntuh.club\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qsamn.qpon/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":965,"timings":{"blocked":965,"dns":0,"connect":256,"send":0,"wait":0,"receive":0,"ssl":266},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qsamn.qpon/favicon.ico","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://qsamn.qpon/","date":"2026-04-04T06:53:46.344Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: qsamn.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qsamn.qpon/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 04 Apr 2026 06:53:46 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nConnection: keep-alive\r\nLast-Modified: Tue, 25 Nov 2025 11:45:09 GMT\r\nETag: \"692596c5-0\"\r\nCache-Control: public, max-age=18\r\nExpires: Saturday, 04-Apr-2026 06:53:46 GMT\r\nAccept-Ranges: bytes\r\nSet-Cookie: 3e600e289619a89af8fc00d256bf39be=406b29fc051f8654ced6a7549dc911ce; expires=Sat, 04-Apr-26 15:59:59 GMT; Max-Age=32773; httponly;\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qsamn.qpon/?error=Y5OL3jjc2OhHyb2ovA3MNGmR%2BUXz3Tq7xRhSMYfjJcGmyWNYK83nuW666V3WDmwzDWtgTf3%2Fou3Rqz2zqBcOKDpBz1sBPs73jKdG%2BabFYoD2FTheZlvVMlnko6XycqJBp4w8O2qTLKCVsoEulRIUWg%3D%3D","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://qsamn.qpon/","date":"2026-04-04T06:53:47.520Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?error=Y5OL3jjc2OhHyb2ovA3MNGmR%2BUXz3Tq7xRhSMYfjJcGmyWNYK83nuW666V3WDmwzDWtgTf3%2Fou3Rqz2zqBcOKDpBz1sBPs73jKdG%2BabFYoD2FTheZlvVMlnko6XycqJBp4w8O2qTLKCVsoEulRIUWg%3D%3D HTTP/1.1\r\nHost: qsamn.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qsamn.qpon/\r\nCookie: 3e600e289619a89af8fc00d256bf39be=406b29fc051f8654ced6a7549dc911ce\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty\r\nDate: Sat, 04 Apr 2026 06:53:51 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding, Accept-Encoding\r\nX-Powered-By: PHP/7.4.33\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":14,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"67fe60157f9a57d890a86cdc4edac678","sha1":"bcdfdfb4e122aa07bd2172dd5ae3900281265597","sha256":"4c1abd3ddb2f900d9d2b6896829298c3d644dfc0441534ffc98688cc1e831d9e","sha512":"dec3b9490170a32d276440561a214a61fd666e9824a57d97efa4cca470d705227019393175def407f1944b05c9dc82e7bdc9b30a89381addeb155c0c346c9a9c","ssdeep":"","tlshash":"cc600033000000300c00c00ccf03030303f00003c30f0000ccc00f03cc003300300030","first_seen":"2025-10-25T13:58:45.49314Z","last_seen":"2026-04-04T08:46:34.174646Z","times_seen":177,"resource_available":false,"data":null}},"time_used":4244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4243,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"qsamn.qpon/","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-04T06:53:41.894Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: qsamn.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":1190,"timings":{"blocked":1190,"dns":0,"connect":245,"send":0,"wait":0,"receive":0,"ssl":255},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"qsamn.qpon/","fqdn":"qsamn.qpon","domain":"qsamn.qpon","tld":"qpon"},"ip":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-04T06:53:43.615Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: qsamn.qpon\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: openresty\r\nDate: Sat, 04 Apr 2026 06:53:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.4.33\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":21620,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":977,"timings":{"blocked":236,"dns":0,"connect":241,"send":0,"wait":258,"receive":242,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"high","alert":"ET HUNTING Possible Obfuscator io JavaScript Obfuscation","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2038501,\"rev\":2,\"signature\":\"ET HUNTING Possible Obfuscator io JavaScript Obfuscation\",\"category\":\"A Network Trojan was detected\",\"severity\":1,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Low\"],\"created_at\":[\"2022_08_11\"],\"deployment\":[\"Perimeter\"],\"reviewed_at\":[\"2023_08_31\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2023_04_06\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036300,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036301,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-04T06:53:46Z","timestamp":1775285626,"ip_dst":{"addr":"172.18.0.19","port":34250,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"2.59.155.177","port":80,"asn":136038,"as":"HDTIDC LIMITED","country":"Hong Kong","country_code":"HK"},"severity":"low","alert":"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3","source":"{\"timestamp\":\"2026-04-04T06:53:46.590158+0000\",\"flow_id\":1026745041374901,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"2.59.155.177\",\"src_port\":80,\"dest_ip\":\"172.18.0.19\",\"dest_port\":34250,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2036302,\"rev\":3,\"signature\":\"ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2022_04_21\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Significant\"],\"reviewed_at\":[\"2024_10_14\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_04_27\"]}},\"http\":{\"hostname\":\"qsamn.qpon\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":301,\"length\":21638},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":21620,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":20,\"pkts_toclient\":19,\"bytes_toserver\":2140,\"bytes_toclient\":23656,\"start\":\"2026-04-04T06:53:43.609973+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"apps.bdimg.com/libs/crypto-js/3.1.2/rollups/tripledes.js","fqdn":"apps.bdimg.com","domain":"bdimg.com","tld":"com"},"ip":{"addr":"111.225.213.49","port":443,"asn":58539,"as":"China Telecom","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://qsamn.qpon/","date":"2026-04-04T06:53:44.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /libs/crypto-js/3.1.2/rollups/tripledes.js HTTP/1.1\r\nHost: apps.bdimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qsamn.qpon/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: JSP3/2.0.14\r\ndate: Sat, 04 Apr 2026 06:53:45 GMT\r\ncontent-type: application/x-javascript\r\nexpires: Thu, 16 Apr 2026 07:25:00 GMT\r\nlast-modified: Thu, 05 Jun 2014 08:05:07 GMT\r\netag: \"539024b3-53ca\"\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nage: 703506\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\nohc-global-saved-time: Tue, 17 Mar 2026 07:25:00 GMT\r\nohc-cache-hit: lf6ct145 [2], nb2ctcache80 [2]\r\nohc-response-time: 1 0 0 0 0 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21450,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (548), with CRLF line terminators","md5":"d7e914a0aaeb57e9a6534437480eaa87","sha1":"d74461ca0f071302f2474d82a19708661daad912","sha256":"bf3bed187f585b21b023fe6e0c5166cdc6d32afb212dbd590f6e2d6ccf510573","sha512":"3160a12313bfec76d7f8285c7b9848fa26ac05d76b47f52cd375958737ddea7f4173375c9fa7aeebe059043deb05cd8d13bc6743fea8b028ea5b1a6c41d26003","ssdeep":"384:OgZ1OMaehKPqc7ChlWruydQtoRoSvGl9OcQ5Zw+U5j/:pDphKPqaAYHdGoOSel9OcmTu/","tlshash":"96a20bc9719d3582e3a1749044bb314b74bb2677814c56b8f290dacceeacda9413de39","first_seen":"2023-03-08T14:26:09Z","last_seen":"2026-04-04T09:11:37.036836Z","times_seen":4153,"resource_available":true,"data":null}},"time_used":2803,"timings":{"blocked":1257,"dns":1,"connect":313,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"0115b72w0uul.lpjzm.club/check.png","fqdn":"0115b72w0uul.lpjzm.club","domain":"lpjzm.club","tld":"club"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://qsamn.qpon/","date":"2026-04-04T06:53:46.009Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: 0115b72w0uul.lpjzm.club\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qsamn.qpon/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":826,"timings":{"blocked":0,"dns":370,"connect":223,"send":0,"wait":0,"receive":0,"ssl":230},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nhtulx.zukaj.club/check.png","fqdn":"nhtulx.zukaj.club","domain":"zukaj.club","tld":"club"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://qsamn.qpon/","date":"2026-04-04T06:53:46.018Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /check.png HTTP/1.1\r\nHost: nhtulx.zukaj.club\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://qsamn.qpon/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T09:46:13.591387Z","times_seen":13326202,"resource_available":true,"data":null}},"time_used":707,"timings":{"blocked":707,"dns":0,"connect":257,"send":0,"wait":0,"receive":0,"ssl":267},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}