{"report_id":"e758cce0-fed1-48d3-8586-2a9009ca40bd","version":6,"status":"done","tags":[],"date":"2026-04-05T09:40:00Z","url":{"schema":"http","addr":"tnbnfwikil11.vsefnhha.xyz/","fqdn":"tnbnfwikil11.vsefnhha.xyz","domain":"vsefnhha.xyz","tld":"xyz"},"ip":{"addr":"156.255.123.151","port":0,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"title":"51吃瓜网 - 吃瓜爆料第一站，全网最快最全的吃瓜平台","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tnbnfwikil11.vsefnhha.xyz/","fqdn":"tnbnfwikil11.vsefnhha.xyz","domain":"vsefnhha.xyz","tld":"xyz"},"ip":{"addr":"156.255.123.151","port":0,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-10T09:40:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.vsefnhha.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tnbnfwikil11.vsefnhha.xyz","ip":{"addr":"154.207.77.151","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":288704,"sent_data":494,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2001-02-26","domain_rank":92680,"first_seen":"2012-06-26T23:22:08Z","last_seen":"2026-03-29T22:38:33.043374Z","alert_count":0,"request_count":1,"received_data":580,"sent_data":633,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ap.dc-report.cc","ip":{"addr":"13.251.76.74","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"domain_registered":"2025-12-07","domain_rank":0,"first_seen":"2025-12-23T07:41:17.432845Z","last_seen":"2026-04-02T07:32:54.51103Z","alert_count":0,"request_count":3,"received_data":876,"sent_data":1359,"comment":"","tags":null,"fingerprints":null},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22257,"first_seen":"2022-03-17T11:26:33Z","last_seen":"2026-03-29T22:39:16.612532Z","alert_count":0,"request_count":1,"received_data":830,"sent_data":1034,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-03-29T22:23:59.734728Z","alert_count":0,"request_count":1,"received_data":518481,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pic.lfvjpw.cn","ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2025-06-18","domain_rank":0,"first_seen":"2026-04-04T13:26:51.706474Z","last_seen":"2026-04-04T13:26:51.706474Z","alert_count":80,"request_count":80,"received_data":22256138,"sent_data":37357,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"tnbnfwikil11.nmmwgwa.com","ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":72,"request_count":72,"received_data":4193723,"sent_data":35564,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Parsley.js","description":"Javascript forms validation script.","website":"https://parsleyjs.org","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3b528b2a7b9f8d0099544ff2b20ddb7f","sha1":"ee125a9acd1676a6985999147c412da3a0168f02","sha256":"762c4492bf3c17a580c4a7a65e7120cb81e0ba96029d98679a7e2be987e04fa0","sha512":"3a7ddd27a53b77eb6b384604cf8daaf3e975d63616e150e7cbf7fd22a3dfebf975a9864d52da93b6e3dc5e238b1ce9bf752d98a67f407ed45101ef96804616d4","ssdeep":"","tlshash":"4b11f07623594cc24ee4b5d37b8b689d6d246100022ab4b9e946cd91ced99c4012bff5","size":1099,"data":"","first_seen":"2026-03-21T11:45:02.664819Z","last_seen":"2026-04-05T15:18:53.245786Z","times_seen":560,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"cfd72e31446114580c098b2f2fd98e0c","sha1":"688fb57b71befdbb9382d4b9085063bb7430f255","sha256":"850f49fb417c466b924f36767f9b620ee1057d496512f83d44e4d4ef73c564ad","sha512":"6cfc2e116017ed106a8dbf8d16ffe2a6475fa9fc69e56be167df6f5ad965ed03b18b32ebafa2dcff44aa95569f25057960b2510762721961a18aea43b5e96e1c","ssdeep":"","tlshash":"8e9004fd33c35000577311d400571ccc70f4c47014454d704074d5753d550705755c7d","size":45,"data":"","first_seen":"2025-11-15T10:51:27.209038Z","last_seen":"2026-04-05T17:19:08.100605Z","times_seen":7090,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1a7f8805bfaf711f28437f8ab936ca9","sha1":"6f6d4f865195ee84d2cb4349f785ac3e2529decb","sha256":"1c47e66880af5210a71b11dae6f3b7fd15259b6ca025b933604e17850d06d774","sha512":"20aebba0ad67acc54c70b1f7d703fbf3538dabef5b0de519cb75baaadc117eddd3dbb475a669bf0a2b049ed2d54c55110c79c950e1c5ef934947dabc2da0ae60","ssdeep":"","tlshash":"a201241dbae31458b61337389b3f4389787015032428db88f84ce681af60c2594feaf9","size":683,"data":"","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.703551Z","times_seen":25416,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"17ef3489fc49f91cb65909deb6a725e5","sha1":"57699807bd282f82ba755fd72d9a6e74110041a3","sha256":"08563bd3e7d4836939aedfc1b4d18b09a8ff5d0cf96439dece4fe2c23e5edc62","sha512":"bf8df3efcc4ff4421fe617360f8791c3f5fb953d4e2d326e39beadcacbdddc7145b62633d4aad546ae10366672fe4767bd932d84d11e43962fbe30e3845fe304","ssdeep":"","tlshash":"0fc02b8c210e0c7041fb2b40cbbfbe04b0423314d4e26d33891923445d30f13d744c10","size":153,"data":"","first_seen":"2024-05-29T22:00:38Z","last_seen":"2026-04-05T16:38:14.866609Z","times_seen":3893,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c658a82d0df9c5c81f0ff6311249b034","sha1":"14015b9416002cc8f7fd9d2bf4b32e32feed60b8","sha256":"9faee7a052ae02756a7fb24e85ce75c261a07a394d7c4bdf73ee06724cccf0ef","sha512":"16bd4d446fa8423a6932a78cfc234d8c923b33478f8ef9cec81d1fdab066d8436163cb4c6a7dd8b84992abb7ca0626936053f92cbd685d51ecfdf152879305ee","ssdeep":"","tlshash":"214124694906d22565451038ad0fe74137ce932bbc4cf701f2ecda046faea2de4b6ce4","size":2078,"data":"","first_seen":"2026-03-30T17:23:08.858712Z","last_seen":"2026-04-05T15:18:53.247807Z","times_seen":637,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T16:50:32.425922Z","times_seen":264778,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e50ebfcefd6cb362885dc70437b0b101","sha1":"e6e5d4b64aac6e38387e236b4b02315fe29fab79","sha256":"f1f9bf4ad7f37b1525d117e49369dc6d7116efca1c61f2de3c9b2b837bad2d2b","sha512":"0ff4be125d40b9d058327b4a9878a0a340609b5bfddf9134d12f57e8efa05b2ce3625f97ea0c16e574b3fef4602d377552a5bb5c1e2ec49a66a1b96f3b70d7d6","ssdeep":"","tlshash":"cbc0929c80e3e080a55a2229729e838929f2800b2a96e72bbe1c81486f0059e45385b0","size":144,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:00:52.705658Z","times_seen":25390,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"78e0fb49bb7a7d1f1552389ddeb54876","sha1":"0551042565108a2694a2ac7a04a022f4d077447e","sha256":"079b66b04f8796dfa1ebe0bdeb4275a9decc2cd42b186b1716afc35114d010bd","sha512":"3b611d66729e8286659f9fe3ff911eea2b480d67b12bdabc5d580bc73ada1e2b0785c2881f459bc445a034bed1d8340b5b5e21cf2b8a05c9de6360af6f8174fb","ssdeep":"","tlshash":"5a9004d533d35010475313dc01775ccc503444f114544dd04050f4755c55031d3d5c5c","size":43,"data":"","first_seen":"2025-11-12T04:33:15.855922Z","last_seen":"2026-04-05T17:02:33.332018Z","times_seen":10389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b6de2fbcc7c834ed50e2f1873c53e4bf","sha1":"fd1d138a7d9d30684557a3664a258d8afa0458ce","sha256":"a8d080afbdb9d28572091a90097ded0beddff3cd784d1c3a9f6536a07c9cbebc","sha512":"8fb29c65e7ed7a437c4afc152cd73019dad0323b62bff02b9c66cc29fa8ecf1d22cb316077e3c77387b73fce7e2321b43699d4a9f2af5946192588c76162d668","ssdeep":"","tlshash":"390176fb78a267b04bbbb03e33ffd345393560031801d9527d0c48a06fa4ea4202aac9","size":751,"data":"","first_seen":"2026-03-04T08:58:20.595878Z","last_seen":"2026-04-05T16:38:14.869058Z","times_seen":4227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-05T16:47:58.099383Z","times_seen":205736,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab2bcd63fc80d89c823d8815c5f01f59","sha1":"a1ceb22ff604efcbd264d6edef9dc3bb3ea8f52b","sha256":"abecb9bd9743e60dec11eef7f4e0c9bc7075216816e5aad1264247ed87336a6c","sha512":"ed51da49aa702d521d96da1ae1c90fac7f6f28c43859ed639ed2482bee284f90239f2b8de8c2d16ba743fcea6cf839818a3c448e2ba7ec44145035f6627d6317","ssdeep":"192:UDKhafGfAG/QN8QgVa5yvpLkq4mDycdJH06y7zN/0ov/JbVhZ8WRqh9fd5gMlpJv:Uehm1ERBzW0b9px","tlshash":"d4321e0c9ef3546da123703e5b7f5248727981035208cf153e5ce290af61976aaf6bf8","size":11906,"data":"","first_seen":"2026-03-13T10:31:56.759888Z","last_seen":"2026-04-05T16:38:14.869544Z","times_seen":3921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f644ded6bfc5d620f0c03a6978e7921","sha1":"3b83566660b779a041666866b7c81a28959ff40a","sha256":"003ca60c4cf5c0c65a3a2349a9ec7031584bbfb841829c5802b07bce41bcda61","sha512":"bf86cd65413307310fa5915f31d655c5630128345318effaba6d91f1b534fba5dd8b7cdcff7bba38781544fef2b36182ccf52b6dedde1b5713464606b318e023","ssdeep":"","tlshash":"5bf05005d0d386ebd9bb3b1216c74b843ba2698b7ec67f22719cd7499f004ec5478ac0","size":607,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:00:52.707276Z","times_seen":24946,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/swiper-bundle.min.js?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9cadf6d58ee7c472ec17cc71a5cbe09","sha1":"1ff2760a4dbbcb6c9b5b7b5d614041f5ec0f9646","sha256":"ca14261d766828dfc9120faacc847fbafc086fb2948c5e219ac989403ba8ba2b","sha512":"f0fc4bef7db4a44d983ce101de96da366b94a0fd17d5fc8f721713f66f98cce0b602f570aa3134766d5501c86fd4f307bd31d0852b892e99d346a49f69980b4f","ssdeep":"3072:QJVnjuHkOVtuD6poy9v8cnWDkwV4y+6GEcTYEfBxK/Mxz:QJVniHkOVtuD6pl9v8cnWDpV4y+6GTcs","tlshash":"e6d3f8997320b1a552e3268b92a9c611e3b51400b409c4e871bd4c9b6d7e99c13ffffe","size":140474,"data":"","first_seen":"2023-03-09T03:55:40Z","last_seen":"2026-04-05T17:06:58.028514Z","times_seen":16199,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5b975f10e3aef9ef7095fee437305fbb","sha1":"340ed6ef2a19ab01e39d6cdca8ff2bd349998941","sha256":"63a719141e7566cf9c4adf5e1d205e3e65fa4adb37404c45f416ec44ec6aaa85","sha512":"b04e2cd82541e3d403fd52b9629111fd8f0d3c0213fcf7a09acdb94d529ba49c1365bc8b703f7fd52e27f8b4dc1bfeff1a01c277f7bb70949a941ba048b368a9","ssdeep":"","tlshash":"7dc02b03331dd05d34a8b0156a59014e7084098f04c0a3033acc45e5cb1c27f210a210","size":168,"data":"","first_seen":"2026-04-04T13:59:44.532167Z","last_seen":"2026-04-05T17:19:08.042064Z","times_seen":2285,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"36c5b99772d821752789e963ed9a3023","sha1":"602e8f9dca590d4922a2905a000dd0ff649574d8","sha256":"5f4794b8ef7384a1ba2983d8e1765f152d17a43dc479c4369903ce50b7c82e70","sha512":"bc1ddb43c233e304b61677916cffb54fa84b1eb41584f00fc05fc8d200092fdbcbd6b147bbeeaf9bb378bf2def24525fbe150ed36a64d50479e5fd6c08a64e72","ssdeep":"","tlshash":"0f1168cdc853067c166b0acb1ee306c82352a58be446c22732edd74e9fc42d458397c0","size":966,"data":"","first_seen":"2023-03-08T09:43:22Z","last_seen":"2026-04-05T17:00:52.708855Z","times_seen":23121,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/index.js?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb2dd3d6af2a6071e0dbf36318294dc9","sha1":"a70950d23dabdc4376bb9114d86a812a174a747f","sha256":"5cebbf2bb3cb87701b4dd9e3c34c0b7555911210fa40093005c06a7b0705348f","sha512":"d721819a7ce31aa954a00baedef7a516d5339200b2f9f1e53656e457bcc33ea756cbdf3a586634824afb40a19c27080c179c2a01e5c7b99680e6d4057997f330","ssdeep":"","tlshash":"0241cf9831f720704b67e4792baba64d71301097112adc14bd4c07959fa8f3c9af67da","size":2120,"data":"","first_seen":"2025-11-27T05:35:58.063413Z","last_seen":"2026-04-05T17:06:58.072546Z","times_seen":10968,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"78e0fb49bb7a7d1f1552389ddeb54876","sha1":"0551042565108a2694a2ac7a04a022f4d077447e","sha256":"079b66b04f8796dfa1ebe0bdeb4275a9decc2cd42b186b1716afc35114d010bd","sha512":"3b611d66729e8286659f9fe3ff911eea2b480d67b12bdabc5d580bc73ada1e2b0785c2881f459bc445a034bed1d8340b5b5e21cf2b8a05c9de6360af6f8174fb","ssdeep":"","tlshash":"5a9004d533d35010475313dc01775ccc503444f114544dd04050f4755c55031d3d5c5c","size":43,"data":"","first_seen":"2025-11-12T04:33:15.855922Z","last_seen":"2026-04-05T17:02:33.332018Z","times_seen":10389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"195f5a2f3c5d7c190b6c0b0ffaa27505","sha1":"d975f0b22fc5665190e11cb5e77f76690d27bef3","sha256":"d650be4c86383fe2863d53f86fb123fd7441ecab55dfb96b95bb0331a41bf068","sha512":"424133ff9c7eaaf2daeb98bd154e389451367a7a0e565bac9dc134d9737a23909230ad2323ea88b44777eba5cc1dc1af8a8900e6956234c46dad1783845fd45f","ssdeep":"","tlshash":"efd08c308771f420c42b0947e733138a30c2420b5644c00bf36ce48c2f18e823aa84f2","size":243,"data":"","first_seen":"2025-07-04T14:08:19.000209Z","last_seen":"2026-04-05T17:01:50.314724Z","times_seen":16896,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c430759ada1e4d4aa09251a54cdd256c","sha1":"1e0b4e3954cf567335df57848ce9be405edbc5b9","sha256":"52b54c3ca08caac4a9f3fb8120f45d880b5fbf695c6d2a6a8c356c9e3ef77879","sha512":"64983ed52ed91b778c499e1c299565ee2b0edf700e6821beede4165f003c45d02cfb728cb35fad3b3390963f2517d3ed6c395654ba354ab012f9169c9d1cb05e","ssdeep":"","tlshash":"ede026126f303031e616808f91a512c26cd0035b6a45e892301dd0459fc0856549ace4","size":399,"data":"","first_seen":"2026-03-26T09:29:39.001408Z","last_seen":"2026-04-05T16:38:14.875625Z","times_seen":3031,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"bd634536b2fc0a6de35573b7f8a9d0b9","sha1":"e6c05ebba8138f208ed5b33a3c73fb907cf4a480","sha256":"ae19c59a023ce6dc012a8dd43316bebd72d016af60429758067b2be77a1808c8","sha512":"0a391069c4b4b64239be4acffe8b570061df51671e17c010d1cebd86dcbb1ff4591dbd71074df49154450be5397ecb855c7e25e7f8a6a6b1cad9715389a2e8e7","ssdeep":"","tlshash":"e0f0c2310a2484798a5b838741b5e7caecd5240f6c06694e322c4f985f4ceae52b2c69","size":559,"data":"","first_seen":"2026-04-04T16:10:41.473566Z","last_seen":"2026-04-05T17:19:08.062623Z","times_seen":2246,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/tbxw/js/zzz.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"78dab9fcf576de8cba46edd716dd2309","sha1":"7113abe41f95159f9bfccf70d01bdda1055af2ad","sha256":"7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5","sha512":"dbb858875e532b475f827c930c154cac09e9a952b20053a0f7e1b34a050100a0a3a41f8aabeeab4af2dd90082363fe3ced3a5957f7250a4918d305b49655e040","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpn6ZFCsUleZ:vZYDc6lXJd1mZpZEdq","tlshash":"da331bc5a19c609153a774d50d7f704bb4637526170d89acf228e8eeecfcaea9039d38","size":50811,"data":"","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.62584Z","times_seen":26402,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"ffd404e0d47f20cf1e22c8af22d69328","sha1":"c9b625d2c33cd5d6fbabdca99dfc054b59fa0a72","sha256":"84f200d164c9d322a84119fca80b7196d0c88918cc15cd8f0122b09dd9eb6a62","sha512":"95c5fc01ad24398929ccecd1996a2f86913dd788314f26f75b28fe618c10f1fe08ff8c17d2e8f29d6954015de662f4633ba706058554b7583ae2a9b498f56ece","ssdeep":"","tlshash":"aa90029522c3500046561298005668859038846014448d4440409492989506591a946c","size":43,"data":"","first_seen":"2025-06-27T04:20:30.635277Z","last_seen":"2026-04-05T17:19:28.223374Z","times_seen":8352,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ffadaff7e5df9a4d1d37bd63201dd511","sha1":"fcebf926bdc447b26b84e1b9231e196d25c5376a","sha256":"3f302c137868858cc39ed232973d5209f857625ff00eda0d74bc1b74160c3e28","sha512":"97a49f4d3f19853f5f74d5bbcee0252d56fac93b8bda73adc5cc0d4306e294541a5fc50d2d38a78afc79aeefa46313d04e2bdba3701263c07f250eda8a15de47","ssdeep":"","tlshash":"c5f0c2b60714c43a510bc68b41f597c9bc91254b3c09a84e322c07a85f4cdee1362865","size":560,"data":"","first_seen":"2026-04-04T16:10:41.474979Z","last_seen":"2026-04-05T17:19:08.064458Z","times_seen":2236,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c12a688efc73f539695c4187894a3e1e","sha1":"c074d8f1b62a4ca246ad97007e37d96093db3847","sha256":"43b88d586effc5cdd124bde8055b1141bffc1ceb947bdde5b9e69c2fb5aaf08c","sha512":"13ab4fcd336bb4d7856614f40b7df49e608049338e8b36ee06662ddce764ca6d111a09a9d2149eb8d8ccd23d9d007e8d4c21794c300459c3b73e404bb9bca5c7","ssdeep":"","tlshash":"d2f026f112708479555783c70aa603c59cd1380f6c00704e331c07885f88dfdd270592","size":586,"data":"","first_seen":"2026-04-04T16:17:35.586836Z","last_seen":"2026-04-05T17:19:08.06619Z","times_seen":2225,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a368ff72aefb59680b88d15a1561de4b","sha1":"9867839f7eb31a2e396393571664236dba68694a","sha256":"0819e3b2755c8bd8bed3e17182e85129b566b412d29b380cd304cffe24a93d66","sha512":"34ade8df9de9726cafa0ffdc7fec6704a788028ed4d82c25b35980932a82577c33109a5e2949ff7e126e458c2f54e8e34fd6d21583ba724ca59d27fe20678a1d","ssdeep":"","tlshash":"36f0c2b20610d439815b429752b687cdadd2144b3c45690a322c0bd85f4cdae527686d","size":560,"data":"","first_seen":"2026-04-04T16:17:35.587686Z","last_seen":"2026-04-05T17:19:08.068002Z","times_seen":2213,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c4c9ba18a1c79500d9b0339927e24240","sha1":"b0699a5824cdf3d5d0e5d0320348feb32a489a51","sha256":"585a8b812f5447cd8d0c83f892103fad476eb56d94fbb02b003f6d96eaba87bd","sha512":"cb01ba8d8f510ee8b2b04c3fa60fd4d87e674a21a6d1b26cbfc0fd81060e16f442eee954a85f5efd8c62a1101449eafa543975ba847aecc2da5be69382b4c93e","ssdeep":"","tlshash":"06f086620669c4ba455a83cb667e03c7d892191f6801700e331c0bc85f88d7dd131966","size":586,"data":"","first_seen":"2026-04-04T16:17:35.588538Z","last_seen":"2026-04-05T17:19:08.072482Z","times_seen":2201,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"aa8240567b709efc61dd178f83ff5074","sha1":"a6d40284bddff6ced71eac04c9728d4740a0ebe9","sha256":"12af369318ca85a346bff5fb3cf62d6355dbf33b8728d584f07d93a8bd1f4b19","sha512":"10c505fef261c938f9cfe72aad3a60416ba0e5e7cbc4e2980529f11fa13f329b4ef682f14e92f936e675766e6238ac75e73748b70bd7910f32b1502472b23544","ssdeep":"","tlshash":"c9f0c2ba8611c83d820b438751b59bc9ecd1190b3d06640e322c47d95f8cdae1372869","size":560,"data":"","first_seen":"2026-04-04T16:17:35.589272Z","last_seen":"2026-04-05T17:19:08.074671Z","times_seen":2191,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ef5d3295d66bd1dd30f27637d1e61b03","sha1":"ba4d0a68e23c90cf4f4142730949fa521d0d2d10","sha256":"2e3d8a2f450d02bd973a0d580b3d43d508e62e22c0e2a4a36577dd9be5f59e8f","sha512":"e71c4351e8f283c88b8d902f9bfb45b33d417cf9b99f1d4afb0bf9111fde5f62a473595fb2ab4e9307078a20992f20c1ebf4aa3a263fff2fa12b3216c7bea77e","ssdeep":"","tlshash":"3ff07d3507a5883d9b9f83f7917407c5ec912b0f2806b00a333c478c0f8cdbe1160525","size":586,"data":"","first_seen":"2026-04-04T16:17:35.590562Z","last_seen":"2026-04-05T17:19:08.083148Z","times_seen":2178,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"b3f2e73de97488394e0d44f35af7fc1b","sha1":"e0d6749f1845ad40d2e1e2234bd80684aa12843b","sha256":"0beb1ba79328f3bebe38a3deeac625e394887b36ad6090d215cb5be63f35be50","sha512":"cc9727ccddc7c0a6686585cd467d7b9295617ee0a966725e1c138b133183aba5e35b3ebdd23941269f1a5ee4183727dbd4df4c6ca7d681f424edad605234dfd8","ssdeep":"","tlshash":"edf0c2334660803942eb439762f5d7caec91140f6c46690a322c17985f4cd6e5276869","size":560,"data":"","first_seen":"2026-04-04T16:17:35.591422Z","last_seen":"2026-04-05T17:19:08.08517Z","times_seen":2166,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c6e5dc88e1caa16af09520f57cfd634e","sha1":"cc26f4a8df60902d519e850828c59a2662b9a419","sha256":"1cbe9d61b44cee8888b9808c5960c1d9e1a10ecb92d3072a18e5a0e1739e3a62","sha512":"caead870a2c0fcec8bbaf5be7b77bd7a100ea6524abbf760ab2584db6928c2dca71abbf74275141e13973e0957dd45ae1f04f91834cefff0a4617d32fc70f149","ssdeep":"","tlshash":"f3f086211aa580fa415782cb666a07ca9ca5291f3c41740e331c07c84fcc96dd131a66","size":586,"data":"","first_seen":"2026-04-04T16:17:35.592493Z","last_seen":"2026-04-05T17:19:08.08702Z","times_seen":2155,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"1fe8b95aa326266ac3c84ec463f090ee","sha1":"2d52b70dd4e76e355b086707f39a78e1451b0263","sha256":"9e1fa744174ec14906aa64ef03c61575b0b5ee411240521c99dc654d82ba0379","sha512":"1c93fabe05182dde91fa9a8cd3dec21d5e48650bd18bfa1d45314ebabe8addbe21ca62ec148e3eb22e5e0f82c2ce6dd944ac7021209a2cd712cbce442e2b9725","ssdeep":"","tlshash":"4d9004dd33c35400475311d400d73cc45034447034554d404474d4711c55135d15dc7c","size":40,"data":"","first_seen":"2025-11-15T10:51:27.219486Z","last_seen":"2026-04-05T17:31:32.563301Z","times_seen":7101,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ca2dd897ef5cfd16d36ae218589cecf5","sha1":"05bb8cc3ffb07df03f1365ebab982b2028976e11","sha256":"fc68f985b77b3edfef574ffe8d8aebfbe93d5488ffd3be585c1e2b52ec17b7f6","sha512":"cbf0970b8afaddde44ad716f1711803a77755b701f6c7746bb82a26d675197cd005a2145eb1d02e7eb1b15668ffa3a1068dba670cecac041d4a956949f560a85","ssdeep":"","tlshash":"f5f0c2664610803a421b438751b5c7caad92158b2c05640e321c07985f5cd6e1363965","size":560,"data":"","first_seen":"2026-04-04T16:17:35.593402Z","last_seen":"2026-04-05T17:19:08.08882Z","times_seen":2134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"325dae7d34213caa891f33ad9c02b2cb","sha1":"9ea1fe7c9caf2c9c0a5111e6aaa13b9c11949b12","sha256":"0c83792b701b315590b7611206446c3ec40aedfd3bd5f1a280363145edeeb8fa","sha512":"1e24b092197b39064ca5ea642b24573856e3467b7602d67acf576386e97be0a9980685763caa820e841b13b54999a5bfe6295eca600edd2390561e6cfcecebef","ssdeep":"","tlshash":"d7f08c32122184b9415b92cba9aa07ca9cd5280f6846b40f332c0b885f9d9fea271a65","size":586,"data":"","first_seen":"2026-04-04T16:17:35.594187Z","last_seen":"2026-04-05T17:19:08.091728Z","times_seen":2116,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ab3539213bea2382602ec6c9b8e30251","sha1":"7d99422648bd6c7b89ab1626a7cfdc3d975724d1","sha256":"e7528d4a97b1b289c6f3482ab0a35e2ee09971b5d2dec6fe98bb361a8e0288a8","sha512":"3e1df0105c75747484feca248dfb52fb3d0a9bc43d98bd993c57b9e1471644cfcd6d620dc308f16ec2ebc5b8e7e8f92f98ac1a33e9630c6ca7cd018bf1c11972","ssdeep":"","tlshash":"bff0c2ba4620c479425b428b41b68bcaec92192b2c07f0ca723c07995f4cd6f1373876","size":560,"data":"","first_seen":"2026-04-04T16:17:35.595019Z","last_seen":"2026-04-05T17:19:08.09321Z","times_seen":2094,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"0face967fdb49de734c941aa949be0fc","sha1":"1e08e693f0a939732a071c4e9209fddbfe162f48","sha256":"982f2ffac13fedf5317e2b14b03bf1d03df72a856f5ca6b5214826c9fb0d35ae","sha512":"938459762c2c641c215aa20c2bb14959bfcdce90e2977f0d2a79f649d48efc8a6a47da626ba215fc7ffea02a77f273b638f215544ab8b759d54e4dfd88aa17b1","ssdeep":"","tlshash":"38f0866e523a847d4a67d287557543c69ca23a4f3c41710a331c07c85f4ddbe1161965","size":586,"data":"","first_seen":"2026-04-04T16:17:35.595893Z","last_seen":"2026-04-05T17:19:08.09469Z","times_seen":2066,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1e0b8f9356e5fe58b4e184cbbd8d6105","sha1":"e06c3ddf25aca897195476747b37326776f3ba8a","sha256":"b1e309f968a0ea46a56fd13c84ef64d1c1f074528e178f12f2caa1a4ee86d724","sha512":"e9ffc95ce55ff9d4dc484f83f0956bbe048e5660c222722a43a671ce13895560eed82df02458df6535400d1a23645fce26df4f41ffd7c17268f4b6a0ddd6ee35","ssdeep":"","tlshash":"7ff0c2764620cc39810b828b41b68bc9ec92190b3c46b40a726c07999f4cdae1372875","size":560,"data":"","first_seen":"2026-04-04T16:17:35.596886Z","last_seen":"2026-04-05T17:19:08.095972Z","times_seen":2043,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"78e0fb49bb7a7d1f1552389ddeb54876","sha1":"0551042565108a2694a2ac7a04a022f4d077447e","sha256":"079b66b04f8796dfa1ebe0bdeb4275a9decc2cd42b186b1716afc35114d010bd","sha512":"3b611d66729e8286659f9fe3ff911eea2b480d67b12bdabc5d580bc73ada1e2b0785c2881f459bc445a034bed1d8340b5b5e21cf2b8a05c9de6360af6f8174fb","ssdeep":"","tlshash":"5a9004d533d35010475313dc01775ccc503444f114544dd04050f4755c55031d3d5c5c","size":43,"data":"","first_seen":"2025-11-12T04:33:15.855922Z","last_seen":"2026-04-05T17:02:33.332018Z","times_seen":10389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ebed796b2e5100d61b36784606e1e9a","sha1":"289216fd71ecf595ee937ed54ca24ebf2e542987","sha256":"8250892c154bb26c9d4eb2a1ae0421df7ebdc5d975646f353675eccea4734773","sha512":"508d1ef833b6c6979ad3663059f9d52611900c93f3fd72372d55b59c7f80ebf69415db072134aa5abd31d6872d815f751f6cac67a2029bb2b8b29474630bf6cc","ssdeep":"","tlshash":"fff086354252947a425bd6cb917507c6999538cf6c01720b732c078a5f4cebe6221969","size":586,"data":"","first_seen":"2026-04-04T16:17:35.597749Z","last_seen":"2026-04-05T17:19:08.0971Z","times_seen":2024,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"152f3ad77c48975ccab4533cf2d3d77b","sha1":"3ed90e8c3e6677e729e102db3f9b516c51fcf492","sha256":"0c91cce2b962f8b34bc4c5739b3e5b49ebb636c4bdd4456e74e82d07ac41e5f9","sha512":"3334cb1ffe29db732bc5a33911eb4d9c3629aaa5f425141b00c2e1e047f5c43efbe0b2408b03e7474c32552c78e8d94038a18b87504ed53f61961188a3978d69","ssdeep":"","tlshash":"f7f0c23a4610c47a420b46c761f98bcbbcd1190b2c05e14a332c07985f4cd7e1372cb6","size":560,"data":"","first_seen":"2026-04-04T16:17:35.599728Z","last_seen":"2026-04-05T17:19:08.098032Z","times_seen":2002,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"8e6583f29583dbaf09a17fa475d1d5db","sha1":"0d093cd02a79807c8feaea23e2ef9367cee0926b","sha256":"077cbf2394ec7830abe951330ba15b36d19f201e2f9af4951bf24338a652201d","sha512":"d243a4b56cea17cb543c154d34247d62ee33b7dc9c5fd591e243b7709597e7fa1d60983dbdb7e27d0a59b6eb4cd0f1004b21e1c779ad9e9c1fc112b216ccc5ff","ssdeep":"","tlshash":"1df0cd311361843d556786dbd27547cadd922c5fbc45b50a732c0bc84f8cdbd1171e65","size":586,"data":"","first_seen":"2026-04-04T16:17:35.600529Z","last_seen":"2026-04-05T17:19:08.098823Z","times_seen":1969,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f04a3896d89bcdf4fb8aa465e5f3382e","sha1":"1fc9708e1339ac7a1506da52a11a3a2632da9022","sha256":"2b678ded7ad8d6715e7da1cd1ff15300324bb706d4cc619045442eb9a9247156","sha512":"cc44d73ab1f459a54989b1695d3bb3217a482449ed894fa00eed0a8c6de25e808202e603834e9276a10a8d284bc574fe51ad39a792b96f44b935b459366f182a","ssdeep":"","tlshash":"e3f0c23e4610c479420b838741b68bcaec911a1f3c07a08e332c07da9f4cd6e1372876","size":560,"data":"","first_seen":"2026-04-04T16:17:35.601364Z","last_seen":"2026-04-05T17:19:08.099652Z","times_seen":1932,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a753b5f65ce95680b8f992d10123d47c","sha1":"2d7c931e599ec451721f4ec9e80075dd2a98ee02","sha256":"8ae0e71599fc7f395b9cdeb0dd3f96cec75d80fce840dde75bdc834696904a14","sha512":"b2ac1eeb2654efe6459565385063576dbc2c0e5201261e54dc0fa6b6a1411eaf98e857ffa04417155245c023525fe566f9619bfed186b7e725f55706d4945a54","ssdeep":"","tlshash":"0af07d314614803b6517838791b017c58d913c0f7c43b40f331c078c9f4cd7d1122655","size":586,"data":"","first_seen":"2026-04-04T16:17:35.602817Z","last_seen":"2026-04-05T17:19:08.101894Z","times_seen":1889,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-P6HKH41365","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b99f54c775eae6f04e2dcf60ba21c3c9","sha1":"92290b4b669950bbef47dbf49fbb61e2c3e86605","sha256":"ffb6723460d122d021b1e3b4fb34d0938ae2d0a514d70cd2cee516ec7cbd3329","sha512":"ddc4d15149fc6098e223920ff6f329e9d3f96816cb96f1ae943730e60c0c6ba8d548d2930893cba2f75b5e6f773fce4a92e48aaa72d7745c4cbaa277cbd06f00","ssdeep":"","tlshash":"cb117b59f034207ac46bfa71c197a84636bc95f3476c3441b6ee819c293467a310fbab","size":1000,"data":"","first_seen":"2025-12-17T12:50:52.164775Z","last_seen":"2026-04-05T16:38:14.877755Z","times_seen":3620,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"dfccdce5dce7979b2b99b4acb63197f7","sha1":"21a2e9d06f9b29af47063aad4798fdf38be03c23","sha256":"73efe4e33b3e842ccdd8bcdf34d9f05423ec62660c2c9c2ceb768b914a5f08fe","sha512":"16f98cc6559f5911f00d3e300022e1a6ab91386ec5ed8c41dfd1af7009d77c7d49ba5f9154139785535547570e38c7478a53224b47a148b08573de19390b3eb9","ssdeep":"","tlshash":"71f0c2764610c039520f428b51f587c9ecd1394b3c06604ab22c07da9f4ce6f13728a9","size":560,"data":"","first_seen":"2026-04-04T16:17:35.603715Z","last_seen":"2026-04-05T17:19:08.102934Z","times_seen":1851,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ccdf6def4d25f18cefab1cefd304ba76","sha1":"00a9f2f1b0604430fa98cc4f0d1e6218a1d7db7d","sha256":"47593ff91235786e5963993c73e6d57f9d5a49855a0f4be6fe35ab519bb4d242","sha512":"4d23da9fe7d0bcd9d41d60445736ce156f9a5284155cb51e37581337ba70b45238a6267dd1c3b3e6b19adaa4d1f65f1cddd5f90ce4aae3d5fbb84ca45ee11a0f","ssdeep":"","tlshash":"a5f026220220c4396016c3874e6563c6ac91380f2848b40a332c0bcc1f489ae6734966","size":586,"data":"","first_seen":"2026-04-04T16:17:35.604511Z","last_seen":"2026-04-05T17:19:08.103939Z","times_seen":1812,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"543492d1b3a60ede18af5fb9f9e4eb9e","sha1":"6a9062174742f7a8bb2cd95086c2e83cef56263f","sha256":"35d73c817c8e884f788b9ebaf2c6e98dfd1f2929d64ff8f02ecd9e7fa3564a56","sha512":"df8f5af7ec9bd437a5892a2df61cfc5f0bb8cf34d8425c9be0309ad0b57a305dea100610c5900a0f0b52be03c98cbbb48958dadf4be39dc688f6cadee2fbcd43","ssdeep":"","tlshash":"06f0c2664b16807d422b968756b597caec9125cb2d06600a331c07d95f8cf6e236286b","size":560,"data":"","first_seen":"2026-04-04T16:17:35.605288Z","last_seen":"2026-04-05T17:19:08.104868Z","times_seen":1767,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1048922b06c4443c19d4f9e212a925fd","sha1":"a7709b01211b103b1e0b84ce15013db1d685e0d2","sha256":"187313f5b73b6830d93a28f7300470da68aa34c7760235e684dc6a4a9589097b","sha512":"655131dedb5e75af8e78bb7f6932ed56c29c9a1b1c5f9ffe8a8dba62fa31efdff056e23a6d3ac25b76872e8dfccf3ceb59edb3e6004829396ca02984f9541439","ssdeep":"","tlshash":"b0f07d390229843a4897c2c7217447c9eca1394f2c00f20f331c0b881f8ce7f5362919","size":586,"data":"","first_seen":"2026-04-04T16:17:35.606139Z","last_seen":"2026-04-05T17:19:08.105789Z","times_seen":1716,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"aa699462f258b756da703d5a868c2ffb","sha1":"279d9d3e3cb377016b0969ceb3d9dca2625567ab","sha256":"915b269b3b5b54657314e7811875df554f9dfed1e44e7100acbe2f3e65e9e016","sha512":"45a1bb927ebb253b5c1aea19162b208d37c31191ec23de6d8b69776f17d0dfdbfec4e98fc83127f1c2e597b43fa8fe114d1002bd07f8ed57fe84e443a70cff66","ssdeep":"","tlshash":"26f0c2320660c03a526b42d752b587ceac91180b2c45b98a332c07985f4cdae53a68aa","size":560,"data":"","first_seen":"2026-04-04T16:17:35.60694Z","last_seen":"2026-04-05T17:32:01.165339Z","times_seen":1659,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f5a16cce760ced9f35833c79769ddf6c","sha1":"e501ec91078456d5f3da35c70053b7e69bc6a951","sha256":"7f7b6b777c720ace19d7c681a3b151273ff6caa7ece229f3d5ec58b1ea0dcfce","sha512":"be12d90d3d429df28acff3b87e26ac6d6637a57f269579e497b9f3dc09b3a1070de4f530130e51b229a9865caaf8e286e859b1f5530553153b949c8dd1c53a3a","ssdeep":"","tlshash":"01f07d320719803a6177c29f497d63c7aca12c0f3c09f10b332c07895f88eaed261665","size":586,"data":"","first_seen":"2026-04-04T16:17:35.607888Z","last_seen":"2026-04-05T17:32:01.165917Z","times_seen":1586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c29da7b35c8d7ecc19cae109a1240d10","sha1":"1e6ec85971d39d0df265853b6ee99908b5d6f51a","sha256":"70ef357d1a901b839770cdb2db30eed1990c9399deedfdee2fb3a4e77890578e","sha512":"595d3c1a01cb5ec318aa9ca8661dcb49b7d565db463cac977ce3cc5c954c28e6e1bf9e084e8da938063993d77681a174f1a9a74e312b71e60b984d19ea3edc5a","ssdeep":"","tlshash":"49f0c27a0650803d960b438752f593caec91154b3c06b40e331c4ba85f4cd6f1372ca5","size":560,"data":"","first_seen":"2026-04-04T16:17:35.608932Z","last_seen":"2026-04-05T17:32:01.166473Z","times_seen":1513,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"886c15e6ed59dcdc6fcf4a6f223d1478","sha1":"028b4024f1f7a499dec9dc4df4f82938b15a1d41","sha256":"20ad363130cf8137c6384a69f04b71f3d3790409eac0f7a72cbdc8b2f7a9577a","sha512":"562364487d08d249a2d1b1c64ad7d23e213ba344705ecd5e2bc0e49f7387c523fde911123aa7ae1a6919062a4a0794530af607369ae15e7fb67b7c02ff17dc80","ssdeep":"","tlshash":"08f0cd721222d0b955578387957543c79ca1281f6845740f331c078d5fcddbe9172e65","size":586,"data":"","first_seen":"2026-04-04T16:17:35.609821Z","last_seen":"2026-04-05T17:06:34.52997Z","times_seen":1375,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e5654495f241765d4567fac332989534","sha1":"c3e7632fa5b95f15c103851d7ebc8a01d96007c1","sha256":"e380d36e9bfaa11b71ebc0f6451d036ac84c1c8f33f7736332494b19f58f411c","sha512":"e947b25f33aa68a867c5a3975e4f282514a020b102960578b368b0dd5559db276d8809aea1bf100e8b428927368420f96fd833a22cdf28a366a002901794324a","ssdeep":"","tlshash":"c5f0c276c610947f420f468751b6e7caac92195b7c06600a332d07d86f4cdaf1372c65","size":560,"data":"","first_seen":"2026-04-04T16:17:35.612421Z","last_seen":"2026-04-05T17:06:34.530495Z","times_seen":1263,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"403fd0cb2ba7d7fe1c13c4952999afea","sha1":"d9c785484e355f681a9aa2ebcae40b1a1b7e920e","sha256":"a34764e5e1806cdb102764e5e56a63edf58e340e29a7cccf98e1215222cb0448","sha512":"d83c4b0bbf80317d227a8c3990becf0356c5d1d20c561ba3ffdbc147a9b09084be8d61d52a79677969958a4a876526fb4b6bc16a7bb1e8a3778a0812901af2df","ssdeep":"","tlshash":"2cf02622026494b9409fc2c7557a43ca98a1188f3905700e732c07c85f88e6e9270a65","size":586,"data":"","first_seen":"2026-04-04T16:17:35.613325Z","last_seen":"2026-04-05T17:06:34.531035Z","times_seen":1143,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/tjtag.1.0.0.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3111eda304ef3be26a54481dbfb87094","sha1":"2579254dedf7c2770893a2fd605a43427e681efc","sha256":"ceda9607e78b14071873c808a43d905ed61bfbcb8cdf254205410b4279bcafd8","sha512":"49891e75ffa2ca146ce093ce4945b27427103a327700062c8fad4a6d48aedc1738f26acbbeb8505832d9e5c9c584ce81ccfd90576b356d59be57042297e74080","ssdeep":"","tlshash":"8e11216d3e4230e94a4e63e87f33d786d019ec922180b801f1166c00fe5082df40ba36","size":1000,"data":"","first_seen":"2025-12-16T15:53:37.581333Z","last_seen":"2026-04-05T17:19:06.623847Z","times_seen":5688,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5e4748c513944ae9545254d5f5b9cd7","sha1":"504eea0490b6eb48330cecc7119531411dcb567b","sha256":"c2cb4731c732ae26c792a5a51f52eaedcd13ce6eba3c73be7e71567fed539f80","sha512":"cd7aba57637af71b66906c3cb2d222d9dd4783e33c142d7a435709dbc1c9ca736dcbb62a61cac93d71255a5b225466699086a5866a2bea7427184699d2f4a603","ssdeep":"","tlshash":"e2f0c22a4610c47a810f46cb55bd87c9bcd1190f2e05a50a332c07985f8cd6e137287d","size":560,"data":"","first_seen":"2026-04-04T16:17:35.614119Z","last_seen":"2026-04-05T17:06:34.531561Z","times_seen":1021,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"21a6c8b5574e9bf689cb5975dbd00206","sha1":"c80e3e721f35f8621bba186a25a3636dce2a9a87","sha256":"14503c7f2d7de8b980710ed8a8dc9bb894c1ba1db73eb6ece06aeb78b6f81992","sha512":"66c3dde083d934a22403218e15e7e8d83f218313e92f899d006a9be8b7d8b5473f85db922d1f1d3448ec846083f4336d4501de865f915223e239fa7124c5f8bf","ssdeep":"","tlshash":"1cf02632061a8839001a828741750bcf8812180f3800740a733d0bca4f4ccbd6121d69","size":586,"data":"","first_seen":"2026-04-04T16:17:35.61489Z","last_seen":"2026-04-05T17:06:34.532067Z","times_seen":901,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"5398b834c1025b53d4a4caac65db0e60","sha1":"455831e77c60b5aba192e8a7a1ec0b017ae0387e","sha256":"e318177a7f66919faaecf62610c08631fa165175578ad8a59aef2dc09b377464","sha512":"5f70b9a2c3e1de793015b837154016abad7b45f5c775ae0e6538766eaa46fdd9299d6a17a516d8292f0b3a198490dfc7e07c93babbaf67c8e343e764a1325944","ssdeep":"","tlshash":"19f0c27b56118479420b46c751f99bcaace1154bac05a18a331c07d85f8cd6e6362cf9","size":560,"data":"","first_seen":"2026-04-04T16:17:35.615677Z","last_seen":"2026-04-05T17:06:34.532548Z","times_seen":755,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260327/2026032715122721493.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260327/2026032715122721493.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 07:12:31 GMT\r\nEtag: \"54d2390eb19de539e81b937ea63afb0c\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 08:14:43 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 58\r\nContent-Length: 61888\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1670128388905326061\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61888,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"54d2390eb19de539e81b937ea63afb0c","sha1":"6a167cfa376b63d4f72782d2a6b082c13a1cce9a","sha256":"0fb53e499e6c0f002519b12676a18a5e1fbf2546b3faac01bc1ed792e3c05bb9","sha512":"3dc0ef372c26cba761188caa009a8cdee10751b7bb81b09dff2ef3d92e089f1d9c48fe2e57b1d693e42bdb24ebc71604c82f6463c69c2fade9bb78c296898d32","ssdeep":"768:0X3NcCvXUCVmc3Z7Ges/ubVYOm6IXZA57gq+TBrA0gpeep1AfkVZQpjGhOFUOVJY:0HN5/HSPYm6IY7gvheAkK3r800MK","tlshash":"5953022895bc2575022595d18c604fa8bdaa3e313a843ecf0f6c5bfb340959e9f7843d","first_seen":"2026-03-27T08:28:08.70581Z","last_seen":"2026-04-05T16:38:14.848038Z","times_seen":3045,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260327/2026032712133261422.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260327/2026032712133261422.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 04:13:37 GMT\r\nEtag: \"2747b379205cdac2e4199e286c299be9\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 04:18:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1216\r\nContent-Length: 202448\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17278524467070100451\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":202448,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2747b379205cdac2e4199e286c299be9","sha1":"b43d6aed27e79c969c1409d64a49fb8171fb1a81","sha256":"e04e1572d8a05afd8e886be4120f5430d7764df49c81b4a0f45fd7fcbf98a8e0","sha512":"c205d3fd633c62d641d6804072a858d63dd6bb2ca6af23f2590b928c601ecd0f45ac64d8e4dc25e0e43872446ea18f89bcb8ab13865cbc682a07e3ab7f8a151e","ssdeep":"3072:QqNWyAJsRtaGwS/PxUmYIWSjgJG+LtfFIGRGtbMoMQVUFoHHgjLAFh5GmaqafadV:3csHam/Jp3Wq+LpRGtNVVAohQmFD","tlshash":"d71422ddb421ff5a395963d139b2fe3e9c832880d6dd45c08389392ef28479ceb45554","first_seen":"2026-03-27T06:04:37.098887Z","last_seen":"2026-04-05T16:38:14.857112Z","times_seen":3086,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420520686675.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420520686675.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:10 GMT\r\nEtag: \"c1c5802148acbf0d397636c2438864a3\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 03:13:29 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nContent-Length: 416\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9821260211492195806\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":416,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c1c5802148acbf0d397636c2438864a3","sha1":"207c403c808c2d35a96f91fc9c4ec3b4275e3ff2","sha256":"1d5f247c4e6ab24d88ad84444e958260cbcb8e401dae9ad61a6d5eda33fa7920","sha512":"cbcf189a7cd26d50b9b76ca36f8fdd5446ef21dc8c726850fa07fa99645df94ad28ecffb3194932e64747621b27c26cb39ab5655fd4b56e2fdd0ac4268255954","ssdeep":"","tlshash":"5be023187631010b65120d2c95700770c673c057577958991102d20de1c972542f9dc7","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.23298Z","times_seen":18017,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":123,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/e8e1e023702cb2535fcc5b8dfc237932.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/e8e1e023702cb2535fcc5b8dfc237932.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 27 Jan 2026 14:12:51 GMT\r\nEtag: \"60af2c4d8abb6b3edfa7e5b3f0af2c90\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 27 Jan 2026 14:12:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 216\r\nContent-Length: 139488\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1068070314562842968\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139488,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"60af2c4d8abb6b3edfa7e5b3f0af2c90","sha1":"ff01cec91d7ac12be695637f7f9bc1db1846b442","sha256":"33761d1d55e6319804742b0337b23716cfc9bdc57df7664750b11eb6b3b37976","sha512":"88283c6844b67a8bb6f85a933ba88699699caf084097ddd6fd536453892c7cd52f2e244807958a5fa597ddc43c4935cd286347d82fb65f446e8a3ca13df8060d","ssdeep":"3072:VW6g7V1QSflcmvjLY6EyrQatdxQbGxMLCBYIFDvdQpg/YR+rMToePvs:3gXl+CjLbrA5LCBYIFDvF/0+rMTrvs","tlshash":"76d312e10a29afb280c7534bb8925459dc02daf4c66fc66d0d923b1be67e73360945f3","first_seen":"2025-11-17T11:08:20.239469Z","last_seen":"2026-04-05T17:00:52.640149Z","times_seen":13155,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/tg.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/tg.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 664\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:48 GMT\r\netag: \"69c4f41c-294\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: WcOl-7-Z4btf4UpvMtbZQVqRxllirdshhPIJfrGyYl26cWJ751Cltw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":660,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 84 x 84, 4-bit colormap, non-interlaced","md5":"acb2287624a689367fa72a2200928580","sha1":"a5e082d439cb717c0b6f2c48055489ea2492da6c","sha256":"8864aa112a229bbc9f5803af7384b8710b1fe9c057aedf0cc7842b80809ce232","sha512":"e5456ff71b64d0dcc032b5f58b6dc2b8fd77698f746bb541505d0b594c8c1e8e56a1a90fa0deae8ea839e23abd98da6548132f7c1331de969126f667a7702fba","ssdeep":"","tlshash":"400123df74a7ca26a19599ce54b616d87828b34db1c054289d01ed2ccd14170056e763","first_seen":"2026-03-26T09:29:38.981381Z","last_seen":"2026-04-05T16:38:14.807734Z","times_seen":3233,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/images/avatar.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/images/avatar.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 315\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-137\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: F0jnNRFdCVDT8XxUusRbWaYbUmoVWH_C5OpGLiavgHgwWTv7Q_u3lQ==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":311,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 18 x 20, 8-bit colormap, non-interlaced","md5":"30c01d82427d0b622f89b4696cfa8fe1","sha1":"f0316536a6c8f645a3a4bbb4dd0473e3c8853a4f","sha256":"7ceba85b04db09cfa45db7b953297889da29ea113dcc0d037eafb86203b200ee","sha512":"e9cefe20bff8e7812e2b6eb2dfeee8a71950e5fe3859a50967ad54c861da3f25049aef2cf32a1518706670d6c7cc3054afa0ec934fb8e344465d5753f93ce97c","ssdeep":"","tlshash":"98e0cdf35389ecb985a7441a10e36510f10d6979433382dbd755543e51140c4497575a","first_seen":"2025-11-08T04:26:01.782802Z","last_seen":"2026-04-05T17:00:52.685619Z","times_seen":15645,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/DPlayer/plugin/hls.min.js?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/DPlayer/plugin/hls.min.js?v=1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 178263\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Wed, 09 Jul 2025 09:21:35 GMT\r\netag: \"686e349f-805db\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: MnYh1v6YqiEwi3rKzPNbKZDxbZw-KFtmO5UPRC0pJ4Izw0GkH0Bp7A==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":525787,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c6b4b0566933bbace745d354bbf66a45","sha1":"37421e0fdc0f834e9b76c83c86b8f8dc5a25f9f5","sha256":"98f063553824f201d7a46e124e1dabdeefbc517e35e800ba0c8cbeedd432ab67","sha512":"b972867cd30918e974a0603937c16d106aca52ae7b52ffecfb1096b093dd21778cc38eac17d777e53a709b9a3c451b5785d9ac2d3ead1b9ad5532dc718389dfc","ssdeep":"6144:tN52SSJ22f+rppL0uMRzXrpbQLTfUUD+6D5U7qKxnU3F4BsibLioRGJ8z0xEnFak:te22eppSRzbpbTiwqKxUHF84xfg","tlshash":"cbb43aed3695a01683c2b169903f5507633a7d0a284cc12cfa2be9db2d7994db13bf74","first_seen":"2025-07-08T11:22:48.878147Z","last_seen":"2026-04-05T17:00:52.658322Z","times_seen":25294,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-17/e4a7b096d7a399c48a47b669254203b1.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-17/e4a7b096d7a399c48a47b669254203b1.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 17 Feb 2026 03:54:33 GMT\r\nEtag: \"840f182a845cc5c44c2f8bf7f5513f04\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 17 Feb 2026 03:54:34 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 361\r\nContent-Length: 173840\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10939580935819797712\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173840,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"840f182a845cc5c44c2f8bf7f5513f04","sha1":"6a0f0ac351844121ceb3d31780c9d8629d092469","sha256":"79193d9887fe6c93ec976f02ab7447c58b92205cda2478432fff3e4ca4ae3dfb","sha512":"c1be9ba4b91116d77196974fe92c4d59fe83b438c633fc153db423e0710c3e4cecc9b457c9d5475fdbff964b2cac6bee0072dc6051cc302ad7cea3548286a61d","ssdeep":"3072:+KHHcQPpcjpnwRDrTQjaHpHZscE7u4HPsqVQMm5SZY0hWfFfAmWeZ39P6xj3Fh:VNG9lEHZscyu4vsUNAmToP6xj1h","tlshash":"690422767a480b657891bd930dfe16031509b5f9b74a8c53f2eeea0b2a25dcd7e20d0c","first_seen":"2026-01-25T11:27:58.583668Z","last_seen":"2026-04-05T16:38:14.75701Z","times_seen":4909,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/199eb1e6d0d621bed6a46ba8c4a5ea44.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/199eb1e6d0d621bed6a46ba8c4a5ea44.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 12:34:35 GMT\r\nEtag: \"a5744ad664e010338253087936c9f9b6\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 12:34:40 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3\r\nContent-Length: 217904\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14691649377471918924\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":217904,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a5744ad664e010338253087936c9f9b6","sha1":"c6a21f3621ed71ec12cffaef26ef183d8eca5222","sha256":"d4a688e68531a82ae6028df82cb397d8b30eb18cd591ada1885679c59287b96b","sha512":"b55e9a0a913607c2cbd47643356e42ccdb31a463caf7a8e394f362797535dee5091daacc056269ee854a7951332405a673c294dfbc34fd784ea4fda5b7e7fd85","ssdeep":"6144:QHMokeiABeGWZ3JLjhCSWOIBlEt5yOHJ+H/yvydZ:QHMofiAkZthC1OI38nXvy3","tlshash":"c324139d915194736e3746be9cc5f5a837c306cefa28c27902ad182e58d4a3f076a4f8","first_seen":"2026-03-28T16:22:38.383087Z","last_seen":"2026-04-05T16:59:41.075536Z","times_seen":3494,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":80,"dns":0,"connect":0,"send":0,"wait":43,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages//images/logo-2.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages//images/logo-2.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3929\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-f55\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: tjd9H8KWLBzwek7xujwrVSt0f_CqaeaaDfC8lPOuzHgeTUzn5AHAOw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3925,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 264 x 78, 8-bit colormap, non-interlaced","md5":"1bb369107c5b5cef8e13d2b8a3ac6b41","sha1":"6dc85fd0c3b5706dfedd89307330c1aa928d1c08","sha256":"38f665614823a4fa0265c43f274a286219775d73b0964f1d42dcb4d669c84963","sha512":"21f2d3637669c713839a80ec2d6a48f4c265b4d4ca77da6709e9f842fd32e64a1d8860646d13677e30ce3b28acc40bd1dc9c4289dae10cf6f89680a77792443a","ssdeep":"","tlshash":"86816d609ef35ccb1cdbf81e2b21f250b07a7da927f646a3c230c1126c1971438579e9","first_seen":"2025-07-12T04:18:50.913032Z","last_seen":"2026-04-05T17:01:50.253721Z","times_seen":18079,"resource_available":false,"data":null}},"time_used":1,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-31/d4fed4abe9405fc7bda6b07b468bdcd2.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-31/d4fed4abe9405fc7bda6b07b468bdcd2.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 14:24:49 GMT\r\nEtag: \"23e14ae135d945cb5069fe0cb5761a85\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 14:24:49 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 24\r\nContent-Length: 1646000\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12416383155762637398\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1646000,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"5907e342d8f4e47ce7a44e2c866a1adb","sha1":"bbc1c2f20f5b2e0c9e940dc9362f331a59da8d85","sha256":"da7b5803874753c5f11c17dafd2d243f68852437900ad645a127dd0a72ed8139","sha512":"46acee073c581eead9fc4f78341b1026e12b98cacd382664f01cc7cfbec3ad44575c24f49da67970f836513a80a91c518a0d8dcd1e80a76c2d40186bb9b3101e","ssdeep":"24576:34si4YRc51suwtiNy25JSo+ylKRoVOxWnK3bGjksuCV6:3414LmtiA25J0VRoqWnK3bGjgC4","tlshash":"e8253389bc22c391c78f63181dd0e39ebdbbd985571a34d3d82d9d89addb6811a230dc","first_seen":"2026-03-31T12:32:32.340747Z","last_seen":"2026-04-05T17:09:48.637333Z","times_seen":3480,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":107,"dns":0,"connect":0,"send":0,"wait":13,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/rank-1@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/rank-1@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2931\r\ndate: Sun, 05 Apr 2026 09:14:12 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 05 Jun 2025 07:04:03 GMT\r\netag: \"68414163-b71\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: blLu1v0OKWJ3BlLU_1nWwqWIRaaXbcGZKcuKmnO5RHxGnIF2G6LIAg==\r\nage: 1523\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2929,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 8-bit colormap, non-interlaced","md5":"abac25d37a9ac9344c49557ebfcccdb4","sha1":"83b9f56ec29cd0b56e34c938be11ad9bf1282c5c","sha256":"afe1b7a6d3f013b149bad9c96316fa9ab1bb259596d1fe5648e86f236115ac38","sha512":"ef44f375c46e4332861aff8d51407ea7297fe6b11c0f2b5a87f96f1ec3b72815ed608a052ad599147c271e1eace7ec85bd3f6fa523d0aaaac68dff00fb48ca19","ssdeep":"","tlshash":"4d515c8285ceb0f64b1ec36f4b51d4d9f0736c453982de95ada831c64bf1cb7d9816a0","first_seen":"2025-10-28T07:13:52.661811Z","last_seen":"2026-04-05T16:38:14.8556Z","times_seen":4672,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/static/jquery/2.2.4/jquery.min.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 34713\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\netag: \"64b11d97-14e4a\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: JSVYm1J7j6PWSZf2KNgbOnoRL4PCFfH7gqj1RAmcyfcf16Zfgc5J3w==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-05T16:50:32.425922Z","times_seen":264778,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/vue.prod.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/vue.prod.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 81733\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:38 GMT\r\netag: \"691aeb3e-2f925\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: sS2xZxLG_rpJtOKMQYPh8w9ZKlQ_X5-XOnkTBlbLKxpsWbPIOLYNUg==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194853,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (28532)","md5":"9b14a30d9be6b89ccb5d9426baa70059","sha1":"e55a9116be9d0907b48698418b9e348d36bd3624","sha256":"97374c2e6815b02920dc02d8cca04507973d9a4d82aa5dafa20d04c2227ac9d2","sha512":"90840f4551f1ceeb2e764fed6a632d0eb39006fcbec40166664f0e7f0241347d8679fddf6e41658f939d0b00e893f1bf4ae97429f320c6dc60af0d87c4ef9dfc","ssdeep":"3072:c0RkBL/7KE2X44lDzvWUgT5Asswj2z+e7/72oIKc01DcUrIH:c0KuE2X44lDjWXT3j7e2KctH","tlshash":"2c1428b93181703217ea14e250bb0016f33a1525780984e8b5bde8df2d7695a61fffbe","first_seen":"2025-06-27T04:20:30.543622Z","last_seen":"2026-04-05T16:55:02.674497Z","times_seen":25947,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260327/2026032714165114851.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260327/2026032714165114851.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 27 Mar 2026 06:16:56 GMT\r\nEtag: \"51cf9c39ca0ee0a9a8febfff2ccd6953\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 27 Mar 2026 06:19:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1282\r\nContent-Length: 203904\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4153591173915404352\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":203904,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"51cf9c39ca0ee0a9a8febfff2ccd6953","sha1":"a87a953f7207c9c47729cb3b97eebbcef313266c","sha256":"b85031196abfb91d3e4d88080c8c82c4332e08c239b44b4a0633f830ec3d917b","sha512":"6517c0fd3ddebd97dfcaa15a0bdde4dcf2300f45b4fd74e915fd6b66f83c4f8ddbc5a56babcd71b1e67bf67c19701266a0f28a466839b8d9bdd3b022a2fc6867","ssdeep":"3072:bh5anICTW2IjnEtns9H50CA3dlZKOWCi3O2qP+ugF3XectAXKcJrde25IlnD/2N1:SZPIY8Z033dnKOr2qWNdmEH72NW4Uvn6","tlshash":"5514238c4a28753c9383ba58a6f73ef8fa9dc13644cd77444bb81572cef4a6311a2196","first_seen":"2026-03-27T08:28:08.69693Z","last_seen":"2026-04-05T16:38:14.80361Z","times_seen":3062,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260331/2026033114114071380.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260331/2026033114114071380.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 06:11:45 GMT\r\nEtag: \"0d379958a310932297dc0e6eefd9af7c\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 06:17:56 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 666\r\nContent-Length: 127280\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14774301080518270173\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":127280,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"0d379958a310932297dc0e6eefd9af7c","sha1":"c8e9558732dde4035c5feaed8406466b109cc61a","sha256":"f7654a7d2739602bc78c5760b93f9b9a6d6b380cfd5d194f44467d3cfc138d58","sha512":"d6a4caace99f5a2c1bf751b1ecf73841e19eb6d5b142b25a4ca1e36a99df880b52c5a462afdc933241c9449209d0fb2f8d0b539f41a78d4f40b021b9ba2e1aee","ssdeep":"3072:rhWV6d0GBaLUssASv/+uTcJa1O5CvHOue9ORdQjZmGqNonql8y8:rhWV6dNBavCTs2O5CPOuesRdQaUny8","tlshash":"a0c312c451c70d012132dd5afd971b6e0d690ce1a81ba3b4b60856f582a382a56bffff","first_seen":"2026-03-31T11:27:31.472601Z","last_seen":"2026-04-05T17:19:07.977287Z","times_seen":2669,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/00e8ebab02acd10f55a4b88a6fdf1a96.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/00e8ebab02acd10f55a4b88a6fdf1a96.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 31 Dec 2025 11:20:42 GMT\r\nEtag: \"b71930806cc6aa00074a8bcd23f239c4\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 31 Dec 2025 11:20:42 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 562\r\nContent-Length: 348576\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15044007068431413619\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":348576,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b71930806cc6aa00074a8bcd23f239c4","sha1":"cf9b1773f8bae505d6559a9782337ad9ca873bb7","sha256":"a61216c41718ef4e51b1585dd86c8c2dd6c496212f9193078ba6e1d5b41f261c","sha512":"f12687b1d2f5ada2df3da567d4916107e84f8775dd53b0dd32e99478aea989d0791839b2b0192205837506f624d9a3812095d71da8500b5fb6be2a5108f7a2d1","ssdeep":"6144:F5D34jdgXsiDSyt2tY4+8ZXPm4bce71QJHdycjRoc+B2jh+YN3xelrKXAD/:v34j+XsiD9tRT8lbvg+B2F9bkb7","tlshash":"7b7423361a1d43a7d9c74d7a4ac7cb505874a68a88fb6dcd9ce28b356120480276e3ff","first_seen":"2025-07-03T15:27:59.990695Z","last_seen":"2026-04-05T17:01:50.279663Z","times_seen":13725,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/Search/pc-nav-icon-down@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/Search/pc-nav-icon-down@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 330\r\ndate: Sun, 05 Apr 2026 09:14:44 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:43 GMT\r\netag: \"687f821b-146\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: IZRC5qvLWLVzIxWqO4O-6q0_hRQa_7rEPOz55JUjrX8YyarUDzcTlQ==\r\nage: 1490\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":326,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 4-bit colormap, non-interlaced","md5":"7023a802c4d373abf7342efe94fa3a98","sha1":"c24cecc5067dee2e5680fff5316cc6f3b940bba2","sha256":"c2197abaec128edeacd5e035178d85dfb36c2d07986033ae13cda8fc83c5e509","sha512":"87c87a9e5afc033f865d9bf4976f3d9c497842213bb653a75498057bdbadda64c1bf6809f76f5cee28a2e652ddb970d877fd71d5832dda033c7110f133bfd9ac","ssdeep":"","tlshash":"dfe0e7d2bfcfdd8c5f270d77c631504054153c62336190773504b4007537145c853291","first_seen":"2025-07-12T04:18:50.955771Z","last_seen":"2026-04-05T17:01:50.239154Z","times_seen":18083,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/tjtag.1.0.0.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/tjtag.1.0.0.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 32333\r\ndate: Sun, 05 Apr 2026 09:13:49 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Wed, 24 Dec 2025 06:56:38 GMT\r\netag: \"694b8ea6-eabd\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: wT2IjYqcHNekp_d-z9aGpaT3dPtKGDoKzI1rdwwj2cOkYpEU170Pwg==\r\nage: 1545\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":60093,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (60047), with no line terminators","md5":"7f201cf0a95ccf9a7f24e5060d5586dc","sha1":"4c658c6517399855f5aa34d3bf8abacd04f26a9b","sha256":"fca8e92f6c10174eb14ac3df1723dc2b543d812e345f48b8c8617b45a7ece81f","sha512":"767dfb492cb39d6820ebe80154d22992f6f13fac2aa879510d4b3cc8ad320d0377122e8bacc899dc6d0ac421be619ae0b55cdd5765f322038b3a247b7862cc8c","ssdeep":"768:YN2i27QPT3K48N415SVHjv1ziclmTvActHDIJDDFzDBBq8aWI/0qX0qIS+zQDFoa:Y8d4k4HWbUxntjgHLy0ERRm/pB2jJ","tlshash":"3543e7cf23d6b0aa49ab23b3761b31f5c6346c8c704c8658f108fd6af9e869ce155764","first_seen":"2025-12-11T23:03:23.605496Z","last_seen":"2026-04-05T16:55:57.830595Z","times_seen":19683,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-21/64b56ef07887b86301e40a2807e86715.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-21/64b56ef07887b86301e40a2807e86715.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Mar 2026 05:19:26 GMT\r\nEtag: \"e3c103e611c47d9e3c097b356858c3e9\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Mar 2026 05:19:26 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 107\r\nContent-Length: 1280496\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6037626164116872531\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1280496,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"3370128f9708ffb7b7de36b6f2e79ea5","sha1":"b7210118782952611dd1362b71e4895d2dfc2bfe","sha256":"de9a0b23c61954520802e3d29c4b8174fd302552b70ee76b3be205f1aecaba15","sha512":"719ff2f3debd030703d171ba2b94c6fbe73e5d9298100382c2eae4576485aa80eb50ca8f707e4e8b76290b83a6be8463330cd08dfdda65c8f483be2d442441c6","ssdeep":"24576:QvGe/sCsST0Le+m1ibaoWPxCiADmt3bbWuTC:QvG8lsSeUyI5CiAObbWp","tlshash":"12253303be6385f18d5f080f9b37802615ce179a69e2841e40d953da8a9828fd3e3ff4","first_seen":"2026-03-21T09:54:28.02328Z","last_seen":"2026-04-05T16:38:14.801066Z","times_seen":3537,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":168,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-17/b319681c9a5b9a4e72cb0dac5d961d26.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-17/b319681c9a5b9a4e72cb0dac5d961d26.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 17 Feb 2026 03:54:19 GMT\r\nEtag: \"c7a0b003306a2e88dd3df6a66283c550\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 17 Feb 2026 03:54:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 80\r\nContent-Length: 151856\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10458072691201484300\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":151856,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c7a0b003306a2e88dd3df6a66283c550","sha1":"fb3a781802c18ae33b0b444ba6d3c375a82a03a8","sha256":"8f616d12eef84b94a4b5ff9f2e845697058a8f39f86642ed9681005b669d083c","sha512":"d6589f17e07ba0f2e5740c949444e5b35088d99e49c1099f787067e3dcd5573ba85413586e58f2b65090df607bb4d7b7faaf0c020a251c96d16cb6224116507f","ssdeep":"3072:tA7z4wXQP4ysCMwPOGefBh2gNJmhD+ljL/1+4ORQXolxhc8:SzPQP4oM+Obj2gtD+uoFj","tlshash":"c2e3235aedd003ba57cc2db60ec7bbdde6e8066f5c950184cf1d4016d78ee809dd4a1a","first_seen":"2026-01-25T11:27:58.658626Z","last_seen":"2026-04-05T16:38:14.787202Z","times_seen":5495,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":8,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231025/2023102511321611484.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231025/2023102511321611484.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 10:52:07 GMT\r\nEtag: \"2001f683716e4fbeb353c7d40bbd0362\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 13:35:27 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 78412\r\nContent-Length: 288\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9508358134306523093\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":288,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"2001f683716e4fbeb353c7d40bbd0362","sha1":"b588560d562a1656ae06afbada1823bfbf830e0e","sha256":"89924fc3c9399587455720b36af65bc7f559379841de342e235bc47f5fdc4564","sha512":"afc4730cb39fa235e118d92e632a53814f38b2021896f9e990dae0f6a94a6130a57a4647c6cd2e9eca6694f284bff4d1fefa6fcf83222956f449720d1bd9e948","ssdeep":"","tlshash":"d0d0eb0022300cba1b1666b0ccc08068c66100d8b10749368b7ecb0fca3a35adee55ec","first_seen":"2023-10-25T11:55:10Z","last_seen":"2026-04-05T17:01:50.251175Z","times_seen":18898,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":87,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.vsefnhha.xyz/","fqdn":"tnbnfwikil11.vsefnhha.xyz","domain":"vsefnhha.xyz","tld":"xyz"},"ip":{"addr":"154.207.77.151","port":443,"asn":63888,"as":"DATAWING LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:33.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vsefnhha.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 20 Feb 2026 19:30:14 GMT","end":"Thu, 21 May 2026 20:28:49 GMT"},"fingerprint":{"sha1":"3C:8C:0E:52:10:F7:79:66:36:82:CF:C5:73:91:5F:17:9C:29:FD:DA","sha256":"C5:35:67:C1:29:4D:BC:83:4B:00:B7:2B:06:D6:1F:C7:3A:FE:C6:5F:2A:B8:0E:7A:3F:B0:0E:CB:E5:99:20:6E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tnbnfwikil11.vsefnhha.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Sun, 05 Apr 2026 09:39:34 GMT\r\ncontent-type: text/html\r\nlocation: https://tnbnfwikil11.nmmwgwa.com/\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kLhvqEVq36hMZ3GNIod%2BQJrytrfgpO2DBpmLF2LOs%2Fy7MEE%2FvmvRunUmx4Pl%2Bdzr7hzqFc%2BgXlVxbqSANet7mgxyO4Xj1Dwjt2pk269dw7bRKu5ryuHQjCUy5oGvsLWEQIMzbbPsZHEVPhfS\"}]}\r\ncf-ray: 9e779617be140afa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":288014,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":593,"timings":{"blocked":102,"dns":83,"connect":1,"send":0,"wait":388,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.vsefnhha.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/clipboard.min.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/clipboard.min.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 3634\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:40 GMT\r\netag: \"691aeb40-23c8\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: SAjDnLkabuiF8PnOd9lJY0PgDMfPnr4jju_1kB9CPUkYtSReANOPzg==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9160,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9067)","md5":"15f52a1ee547f2bdd46e56747332ca2d","sha1":"9a7cb405f9beed005891587d41f76a0720893ffc","sha256":"e17a1d816e13c0826e0ed7febfabc3277f45571234bde0bf9120829a7169edc9","sha512":"ecee695e9734a0246bc64f1151f0d81609f49ced6dfa32ee20e41d38c469e003c1eee678bd28eca73a79cba603b43b385735124db5b304567f2ca2619f214e2b","ssdeep":"192:s6IMH3HEG9JVwkHg4LyAal318/NYusfkApXMdgmkpj:sy0G9J1zG3eFYP/XMmmkpj","tlshash":"77126399b291b0b15ae731a9412f920bf2766969708b90d0d239d4f0acbcdde4463f3d","first_seen":"2023-03-07T12:23:44Z","last_seen":"2026-04-05T16:59:41.067283Z","times_seen":22994,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-21/a76e335bec89e0c01c0d3653a1fbb4c5.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-21/a76e335bec89e0c01c0d3653a1fbb4c5.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Feb 2026 02:54:00 GMT\r\nEtag: \"9ace894237266836234263dadee3e978\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Feb 2026 02:54:00 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 11\r\nContent-Length: 78752\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9433891751625358209\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78752,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9ace894237266836234263dadee3e978","sha1":"971e09dee8cd5baa50b31b90d71705b1fb727bf0","sha256":"9cb01c1bba7a637ab5d703411bdb18970aa6e108128bfdb76386f5712fe188e7","sha512":"b27df66e82474af589e15c2a03cf098c2995faec4e8d61185ddaf95f1ea7a375e6580cc410146c59726eaa9b04af79abb1f8af2a7047d1a8e15b569c9f4929e1","ssdeep":"1536:BnCP+sSSRsprjAiaSWLo+J1fnqnqFFNszAQ3JhRBx6FkBEJkhYaf2+wE2z:BCetAiPWU+J1fnqyNsUQ3JDBcFq2dauj","tlshash":"d373029d46164246112a76b14134c7dcad377f3b73811a26fea82ef6ff42cc18e96740","first_seen":"2026-02-10T20:52:58.128294Z","last_seen":"2026-04-05T16:38:14.755375Z","times_seen":4736,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-21/6a81c1f605ad6b479451e32956506aaa.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.337Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-21/6a81c1f605ad6b479451e32956506aaa.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Mar 2026 05:34:24 GMT\r\nEtag: \"e48e2b1d63fb2d2cd82346ca01d95f69\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Mar 2026 05:34:24 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 55\r\nContent-Length: 146352\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18022395543813051903\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146352,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e48e2b1d63fb2d2cd82346ca01d95f69","sha1":"1ada1c6b080b469c287dd5531ce72c445b755269","sha256":"680ccc06b206fe8d5290efc4f2f68b436ed417f3a2edab0012976a2cd2f0614d","sha512":"bc483e72aa9650bf10e29a5fbf3cf8460920a71bfab65fcdf6120c6185219fc959519537346b92f593f8b447cf89c3c81dffc8f0a8c1062bcb60b38e2954c7a2","ssdeep":"3072:mKZQcw1suHEyuTa7HoRYXurvGwCz2PIhZP7qeaw3rJgbA4cYsSO0ErzGr:mKZXTHaqY6aiqOw3qz5sStErzGr","tlshash":"37e313d8aa917683c88e3c199a6b4ee8310c703f15dddb31b4b6c5e82ffe2654184d5b","first_seen":"2026-03-21T05:58:51.159978Z","last_seen":"2026-04-05T16:38:14.781856Z","times_seen":4566,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":11,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-05T09:39:34.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 39182\r\ndate: Sun, 05 Apr 2026 09:13:40 GMT\r\nx-server: web-node-1\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: 0\r\nx-cache-status: hit\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: oV1IKK7TB9cRExiLGvMxbR1I-IBlTSw_dVLDsmMXWbzUEX0SnVEzbg==\r\nage: 1554\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Parsley.js","description":"Javascript forms validation script.","website":"https://parsleyjs.org","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":288014,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1116), with CRLF, LF line terminators","md5":"05f35693c99cc7f8204f660c8fb25a59","sha1":"3ce5ff5ba17ad401ca33f1341fda9872997191e4","sha256":"1aebe51542ccde8eabf46f2e39cdcefa0f8d31480f4f8080c68d4207fe435c7d","sha512":"2494facb52205258168d747941b5181308a8524b3290843848e341d78333fafbc909868ad5dfc0a3775049f7fccca6315303d8a693a0632e770ae9f3470da99d","ssdeep":"3072:8w13ZShu2pnjnt5rPRvEVrH8uPeA9fio+3L9uLjLj:h13uFLtEH8Xe","tlshash":"b954f9116cf244b54293f0d2a9b2ab05fe81e047d94add04b36c86c8afc5ea7d5b379c","first_seen":"2026-04-05T09:33:46.302827Z","last_seen":"2026-04-05T09:43:59.609166Z","times_seen":28,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":29,"dns":21,"connect":1,"send":0,"wait":2,"receive":1,"ssl":4},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/images/ai.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/images/ai.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 364\r\ndate: Sun, 05 Apr 2026 09:13:52 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:40 GMT\r\netag: \"691aeb40-168\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: fO5RfKEirRsru3fN1KBBzEDfGJNN7Zk2Km3XqZQr3gdWTPc1qnYWww==\r\nage: 1542\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":360,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 22 x 19, 8-bit colormap, non-interlaced","md5":"bdfd73be05b313c5c343e02c19e69b35","sha1":"40a591d8ec0f5134270fad42812002458e1fa3b7","sha256":"ea22009d2eb53a8f88f109607d8ff75814059f83ad1e4c1aa54179f5b1385bc6","sha512":"e67420d8689d83569fef893f166ab041b5863fd33f1b8a34056044e25eca04836cdfde2000cc306d1efccaed4340889c643706420f9d927d309100d41cf40474","ssdeep":"","tlshash":"eae0c072728cff3a9cb10273089791f58a2a4f76516491065f15841c68e6644415278f","first_seen":"2025-11-08T04:26:01.793992Z","last_seen":"2026-04-05T17:00:52.651398Z","times_seen":17233,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260402/2026040219421164050.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260402/2026040219421164050.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 02 Apr 2026 11:42:16 GMT\r\nEtag: \"5776d27beebbd22c86a2296c9dc5f7a1\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 02 Apr 2026 13:10:43 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 2299\r\nContent-Length: 103184\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11531514108632043683\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103184,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"5776d27beebbd22c86a2296c9dc5f7a1","sha1":"07b79f0b362cebbf741a0321c6f451a3f444bdd8","sha256":"cfa3165d14e40de69acc40d35d3a5ec72675f7c0035277060f49838369b708fb","sha512":"8b85a386490e5a11e67b5c51ede955935878d407d71be342c6ae560f1a9676d43e4fdfb63556c30e2061912babbb6217a7ff4a8ed7ea23fb91aa294215e71210","ssdeep":"1536:X79m/0fbB1PDM2VEbCwGcMzrm9C0sbMmy+Oot+RMHoM67m/GEsVLvjOfSo91Z8bE:L9a0zDMXb9GcArmQ06hRt+2IPi+O/Z8w","tlshash":"80a302bd7dadac04d8401dd5384eaca995043ca6e141f0ebaafdb337ae826f1b464135","first_seen":"2026-04-02T14:37:00.714076Z","last_seen":"2026-04-05T17:19:07.998482Z","times_seen":2452,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":10,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260323/2026032312511538215.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260323/2026032312511538215.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 23 Mar 2026 04:51:20 GMT\r\nEtag: \"c46c3245bf26f1e161ca0b0f5fda10e9\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 23 Mar 2026 05:23:49 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1650\r\nContent-Length: 113744\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4682333280553242436\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":113744,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c46c3245bf26f1e161ca0b0f5fda10e9","sha1":"271614ee6f316c9d1e0831498daff791101a90e8","sha256":"a353e649ca32e8875cc02fe0237dacb0cd823ce92d9a9eb82b5bb9def2a69ced","sha512":"1a40cbb387c420108d6441faf28d522a2ea6faad3d4d6b091ef19054ec8b46868b59c21a4957fd67627b81ab9ec4423d4140cd979e9f78ebd766ead1f3a704cf","ssdeep":"3072:zzxBDGsiu/DnndQyC3e9Dj/XqZDM/IK8rjtGrx:zzxpniInPNj/X2DSN8rjsrx","tlshash":"b8b31299b48a4aabe184b2355688d1f0ead210f56f127c475f0db63fdc492d034b7db2","first_seen":"2026-03-23T06:49:31.573045Z","last_seen":"2026-04-05T16:38:14.76045Z","times_seen":3404,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/VirtualList/virtuallist.css?v=20251205","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/VirtualList/virtuallist.css?v=20251205 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 3352\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Wed, 21 Jan 2026 09:20:01 GMT\r\netag: \"69709a41-3a46\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: dIRzHvfWuzvbiGjuZLFzpBl5FgNqz0gVfC5GE9NCwaOh5fkRd45C2Q==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14918,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"445f4adfb2a73e5051e2736ea9412403","sha1":"58acf37f0398907cfd89dc53639b25401da65a42","sha256":"eb80348fc71167f273aa3e77e24f0aa7a4b851fd8a2ba7aaf8c0e4e88611e803","sha512":"47fe60b0530fa962ea928b65235d39b90602187bdd494c25a0b4915ad733f6d59e2e1275b558349a05913215c919dbf25174a537ff71754a8efb74fbcd8e18c6","ssdeep":"192:HIjaV2e72zSkaah+oIVNmu3JpL7NBOr2N5Ywwqk3ub7TmfRyPdC+6PwmBV3IKs4m:Hb5LJidrI9","tlshash":"e4629b9c15d22544a49fb40c3eaaf98a621d971bc916c9ec3fad6388cf8df41656238c","first_seen":"2026-01-21T09:49:21.708299Z","last_seen":"2026-04-05T16:38:14.837556Z","times_seen":5353,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/icon-black.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/icon-black.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 243\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-ef\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: KChH_D6eDJz2Y4Gg_3jvJpW1degRk_YFyAd9efy1u3Zj95uIHWUbMQ==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 4-bit colormap, non-interlaced","md5":"2b892c414e0a5db08d3f844bcf77536b","sha1":"ac2af64f80e53c7c19535e472458b4cb575ec5bb","sha256":"9b7c59b938d8eb51e01482d5701c27dbb41239e79ddc8445897d23484248f6fe","sha512":"e4125037093ebc4b9bfd69b1e7eae92bd24ed647522f3fc67f2a11499eb6af27ca73e3a4d409807bd7499d7999440d89d7a89f97af2b07f344ef155d02c90dda","ssdeep":"","tlshash":"40d0a7f2c6646c749aaad05603a960f0bc3771771034a15ebb1e40662a3e36a9395a47","first_seen":"2025-07-12T04:18:50.961651Z","last_seen":"2026-04-05T17:01:50.23523Z","times_seen":19956,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/Search/search@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/Search/search@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 634\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-276\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Co-KLj3jcalF9s3GIhXa2ONoSLG9jSJ8X9F-llJiciVQs8O8J_wiZA==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":630,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 4-bit colormap, non-interlaced","md5":"a4b5282346fb42d90c59fa556c76e8e0","sha1":"0a12261356eef879559d3bc1dae88cf08dc23a1e","sha256":"aa5da5e9cc04a263402c2c75dc6485c929de92186e8efb80ba3c7cd9604bf950","sha512":"c385c6f1f449891870f786d9fc9bf140cb4218633c39b09ce7895b0c8950ae918327a49036b63f793e58dfec8ba308050d2cef338caffc1b6c856eb31893e6ab","ssdeep":"","tlshash":"bdf00251822d7c9bb34b2916c0177762f858d915771113cfcf0aa83c59151d6c2fd209","first_seen":"2025-06-06T19:17:52.685678Z","last_seen":"2026-04-05T16:59:41.07205Z","times_seen":19605,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/image.0821.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/image.0821.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 48012\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-4b5b1\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 5fB1mGLdrusVmkzCC66hl1qUM6KtNl-xgBVLEcCTBd4IoofUDJFtfA==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":308657,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3229)","md5":"5e58c86a740cd6c1821106b20c0c7f48","sha1":"88ee6c584e88c228fa8d67d969d853c0aeb95ada","sha256":"9fead600c0800d0a226d684f2604f4c6f1eaf3528b2357fdac942d450538a442","sha512":"1b907e01624056461d591abaca6780eb3e33a23c0da393ad369e27895b3e09984922c68e8b536ce4794499c70aab341047d9529737c8a3afc4a3df5e00b5979d","ssdeep":"3072:LPP0McCvleCNzRxnnpa9PYetJYRw0qvl+itTRRnnpa9v4+tJ4xQU/9Au:LPP0LypY06pYU/l","tlshash":"1564104a9fe31194f513b43c6b3f6805a1e6b0275ad9dc0e791ca9e0cf29428c579bec","first_seen":"2025-11-08T04:26:01.795335Z","last_seen":"2026-04-05T17:00:52.702567Z","times_seen":17831,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260329/2026032923183371164.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260329/2026032923183371164.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 29 Mar 2026 15:18:37 GMT\r\nEtag: \"98a062bb0c4bbc174ac755c476b09827\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 29 Mar 2026 15:22:38 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 919\r\nContent-Length: 101728\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7174171129611960032\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101728,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"98a062bb0c4bbc174ac755c476b09827","sha1":"7a6bde06012b6d5f2659a0e1bc3b0baa58f31cfb","sha256":"4e6b693629782d3b8c205dfd5fd3f10dce5d03569a7585c676454dedc02edd5e","sha512":"c4c752b70837cea2b40d08b77eb557419cb9f62c8a175e56dd6d32276f482c7793afc3ffaf28d1c15638fc4e8459402e5732a1c944384609b28fc9aa275d7405","ssdeep":"1536:e4xqmuwqyyeZmBm7uR3EyBunhL4PnpEzMClWL0REGcYY99nsxBCE+iKnhk820t:euyewBRR3dsn+PIMwxEZz99qC0Knhk4","tlshash":"ffa31280f262181f73530286d4a0621c38d73345aa5f9dd2b70db8365b2f2bb4536bae","first_seen":"2026-03-30T05:05:50.206942Z","last_seen":"2026-04-05T17:19:07.977783Z","times_seen":2720,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":9,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-12/4cd566d50e3354a812872a0434c6a741.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-12/4cd566d50e3354a812872a0434c6a741.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 12 Feb 2026 10:13:51 GMT\r\nEtag: \"3ab7598ef66ec3c2cf815ce86b690084\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 12 Feb 2026 10:13:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 17\r\nContent-Length: 297232\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13161729847926107770\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":297232,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"3ab7598ef66ec3c2cf815ce86b690084","sha1":"446f6063d022a94c89b19676546459e9491d8de4","sha256":"2954fa330d77e7267b1abef99ba5952092248404b8c806ab7cc94a15033b19de","sha512":"0c6281c65861ae2d85bedae7872578e66a14d51e186a35b0a5bcd41ca30b65c417436e97ae20499530420cd4d914e0a8876fac15437548c10a386f47d6799796","ssdeep":"6144:ujE0zawww0ySPrBpI7o6jXZrsXnw50abMFPzxkhv9MlzNNWo/Woh2y:PQxwwqDTI7oWZAnggFePMuy2y","tlshash":"8b5423e08fd1dc63b81c3a5067b582a49716e1e049d5985f0103256fee2adabc77f837","first_seen":"2026-02-12T15:47:36.210575Z","last_seen":"2026-04-05T16:38:14.839092Z","times_seen":4757,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":22,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-P6HKH41365\u0026cid=1816695674.1775381976\u0026gtm=45je6411v867709946za200zd867709946\u0026aip=1\u0026dma=1\u0026dma_cps=a\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=0~115616985~115938466~115938469~116991817~118131810\u0026z=1670949577","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:36.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:41:31 GMT","end":"Mon, 08 Jun 2026 08:41:30 GMT"},"fingerprint":{"sha1":"4E:8A:1C:89:CB:03:F7:36:49:8B:A8:F0:C1:8E:63:7B:C5:A5:B1:BC","sha256":"CC:B7:3C:DE:C7:63:CD:0E:81:CD:4D:B9:94:50:24:F5:34:6B:3F:F4:8E:95:53:E2:21:C7:46:7F:37:B9:37:D7"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-P6HKH41365\u0026cid=1816695674.1775381976\u0026gtm=45je6411v867709946za200zd867709946\u0026aip=1\u0026dma=1\u0026dma_cps=a\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=0~115616985~115938466~115938469~116991817~118131810\u0026z=1670949577 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 05 Apr 2026 09:39:36 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-05T16:44:12.610074Z","times_seen":768156,"resource_available":true,"data":null}},"time_used":314,"timings":{"blocked":117,"dns":14,"connect":14,"send":0,"wait":63,"receive":1,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/Search/pc-nav-icon-tw@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/Search/pc-nav-icon-tw@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 504\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-1f4\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: yOl64RkVGCHmPhEv5PxlvlPBPqNWKoEcSCMFciO7D6U36pxDPJujiA==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":500,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit colormap, non-interlaced","md5":"7c92935d5bf83d7aca1ec31dc31e7abc","sha1":"975dc5c3c14a1774bf97f2a22ebf524fc4a8709f","sha256":"59bd73a9b3e779db687f9cdcd77ebff91850e618a1469b6f08686df4a392e37c","sha512":"d8c08d787976b3470cd71ff27126d92239fe7a0cedc1daa672939e2817a556c53f07c782e54c8030e3cb43ea5663875f1996e8a91cb521e5da1226135dcb315c","ssdeep":"","tlshash":"4bf023d7a7543c5481a74edbf8e11993f83a3c6a050152aeacb4f0b5083c08bc196184","first_seen":"2025-07-12T04:18:51.012831Z","last_seen":"2026-04-05T17:01:50.281167Z","times_seen":18072,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=20251214","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/mirages.main.min.js?v=20251214 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 71948\r\ndate: Sun, 05 Apr 2026 09:14:43 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 04:31:36 GMT\r\netag: \"693b9aa8-4ce5d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: XA9fUFBm_kNizo9XNAOOFzSDjzm-vRZZ9n1T5BA0kxlAK6CtS0fh5Q==\r\nage: 1491\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":314973,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (942)","md5":"b24eb0b029c427b97e4844593a106035","sha1":"f2352e060d65996a1c0b244dcf9b94c6d30824cb","sha256":"2de945b922e9649004e6daa6969e2a2500ff44e9081e081a3b73c55ef0b5fc2a","sha512":"2da5f2331a1c48c13616e70b7177eb1dd9c6a6664d13fe3afcb2cd05f4142d415e841b0f27b8a81c5a14b2194caec02958d6550fc7895dfc49106c8c31d77255","ssdeep":"3072:/IbqwelyE+K3TAO4czuJ19WxZ/Y8f4Sqvw+Uki/uMSB+jonuLzAX:/Iz4TAauJXW3Y8f4Pw+UVuTxnuLsX","tlshash":"db64a40baaf314725563b0bc4b6fa5043231806b5e59fd643e5c82dc4f1d83d26b6bae","first_seen":"2025-12-12T08:06:26.768664Z","last_seen":"2026-04-05T17:06:58.056184Z","times_seen":11013,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260331/2026033112335446937.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260331/2026033112335446937.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 04:33:57 GMT\r\nEtag: \"cdc85c9761593eba6633d61893a1f389\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 04:42:53 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 992\r\nContent-Length: 91792\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 9858468426240011140\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91792,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"cdc85c9761593eba6633d61893a1f389","sha1":"9dbcb606cfaf144f2c831597b10fffd9d127bd56","sha256":"6377948f39bb95b1c400973c62176e79a4082611b9140f280def1463c0531655","sha512":"0520da8d6be225523fe31702ff7a8fe0eb65e9d7566ebf66d57770297e4adb74cf543061f4bee54eb28c67d1faaadea1d4350128c4577f1c1d83550a05cb32b3","ssdeep":"1536:rFCl+RjDIEnX6nW8UwFNcD93Jk+6Dt9BdC9KeNa0q3q1q2iTC3p8hWmk:rFClovIEnK1UocJkL7UNVHl","tlshash":"da93123f029ee0b4559365db3a9246e333aa3a82693d15c1018e49e8990efc5cbbfd51","first_seen":"2026-03-31T11:27:31.474723Z","last_seen":"2026-04-05T17:19:07.979641Z","times_seen":2669,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420561566169.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420561566169.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:10 GMT\r\nEtag: \"e8ea473291e2351d50cd83d799e46e4d\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 10 Nov 2025 00:51:48 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nContent-Length: 880\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16056375959269569384\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":880,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e8ea473291e2351d50cd83d799e46e4d","sha1":"9339cfb3c5d3ec47c8d7b0abbc42bd80e758aad6","sha256":"7876d5dcedf4ab2894859fdebeeed291c05a294537f95f48f01ce69ca66f4a82","sha512":"fd5e7d6c70dcc183e5ac17efbb6a7dddaa5b441c2cc40a53fa4e8b544a86b8450464af25a6d4434cff846bae456aa9c9abd4d138abdb448213b1ed248ee8eeaf","ssdeep":"","tlshash":"d1111a3300670655367ea34d8ee35f9c52583c194903acbce30e8ec787078129707b2b","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.242529Z","times_seen":18043,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/close.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/close.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 332\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-148\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: ropyc9dh7bE33IUem-yXOnHXlJqRsCNUUMJKKWr96SpI5ObinRjDqA==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":328,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 30 x 30, 4-bit colormap, non-interlaced","md5":"215a1e584cb0039d319ffd69d9df0e51","sha1":"8a3d3e65a0260d286373b8882487a0ac6a9724c7","sha256":"f4693ad8590376075c38055091de94c7ae92b5abc56182861a53e76c4bc8feb5","sha512":"0b5aa0817a7205e14f38c93038490f57956cc5632a6c50db1e84fe5e9e5b0df100a3ea41c6178ffdba66fc59f04a0cdb479ba5b81d505e7327e60334e7870f67","ssdeep":"","tlshash":"b4e07d93fc7aad38c6caa133b7a4819196bcab7e6564992f2e530169806804d9445318","first_seen":"2025-11-17T11:08:20.211585Z","last_seen":"2026-04-05T17:00:52.686952Z","times_seen":14069,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/github.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/github.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 628\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-270\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: BWeRjmrt_SE9TZVNCHpakp6AMoGLYfKz1kE00iOVxFJmNlW7Zk4jpg==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":624,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 84 x 84, 4-bit colormap, non-interlaced","md5":"7eeb4e826318468dd09ffcd3713d4008","sha1":"e2907d62b39dd78deb8daaae30760f7e40f02123","sha256":"d1f426df6fa06fa7557522a8569969f1ab37f80995501527709460bd06a672e5","sha512":"3dfe022dd48b2c1014d7290050f699217410d2f1d531c6edc986257a3a542d2f2f93ea0be1df95f13635cad82bb832c3ca5407f012ffa85b768b8a8398d72555","ssdeep":"","tlshash":"3cf0b7c567178c2bd777d595dd875680b8aa0c27a350024f1845b11f8d3802110bc10b","first_seen":"2026-03-26T09:29:38.993708Z","last_seen":"2026-04-05T16:38:14.838107Z","times_seen":3234,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/parsley.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/parsley.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 27972\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-1730b\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: FQUj8CJzPLRO4nkVZoabeIZogM6qD0k1vWQ8yYKg_OymWfKieLhq6A==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":94987,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (885)","md5":"a442261f7fdcdb3396b2982e7d5ff2d3","sha1":"f2a873ba1e0a2400f6c5f165eb9d4f4d36b4e2dd","sha256":"be43eddbeae875bbc9b68f4a6a95de3fad6798b733dd55f2cdc2bf81a5a33848","sha512":"16aff01ee308ec0adaa0e2be8ee139a1820b2af48f7ba182e595999efa4e3bf64f76dc80dbd9fe6b99152cfe1768bc83cbd0f52013d8cdd17270edf72237743e","ssdeep":"1536:qAj0W4ZuOjkI33R+a0WQ09uH60SkAZzvH6KomR7Gi21l:qAQTuOjkInuH9Sk2vAl","tlshash":"f49371497ae221018d2730bc1fafa0067274811b5409ad94f98d93d0af94d7993faff9","first_seen":"2023-03-12T07:21:41Z","last_seen":"2026-04-05T17:00:52.688349Z","times_seen":17994,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/search.js?v=28","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/search.js?v=28 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 7555\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-8a94\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: nZ7M9_rMCb-LpgB4agqWDrPy92_Eznp5w1jkJTnme-fWhC_114MRGw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":35476,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"35393d86efbb52e583f4a0ef8c605b0a","sha1":"86ea1d258468104439f4cd024633f9aa9a729abc","sha256":"83a0322ded0f37dd9abb9de4ee512a79f65cb916c65a52e82a1dad3b3a92cef8","sha512":"472aa0798ae1711a00d79f76c9f933a459daaf72779d2cc4b0ccaf86768ae693a03d77419a498def1173de63745ce1e37889ec5b0aa0f8c318da5f4356e66bef","ssdeep":"384:FEGVkJKd3+7K33Ew3oVNywa5qwRxBuWtXtTeEI+/LuA4:hVkJKd3+7K33Ew3oV4wgxPr4","tlshash":"caf2202624f204329db3b0a94be7ba45bf11d407e54ace487a4c8bc09fd1e25d7a37d9","first_seen":"2026-03-26T09:29:38.982821Z","last_seen":"2026-04-05T16:38:14.841059Z","times_seen":3238,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\ndate: Sun, 05 Apr 2026 09:30:47 GMT\r\netag: \"64b11d97-3fd8\"\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\naccept-ranges: bytes\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: bvqhg5e-oDlF4A9ewTkDhML3Pa6A7NKMCgMat-OwkIMVytuPcrpPww==\r\nage: 527\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-04-05T16:35:24.062943Z","times_seen":18016,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/3f5cfd080e6f5b5b97616a059e62a7f6.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/3f5cfd080e6f5b5b97616a059e62a7f6.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 30 Dec 2025 09:10:25 GMT\r\nEtag: \"a521e98b19ddf92b4dca176d6bb7ae78\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 30 Dec 2025 09:10:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 342\r\nContent-Length: 298960\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16782040118125862294\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":298960,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a521e98b19ddf92b4dca176d6bb7ae78","sha1":"bad2b03569cf864950a3544b11f5a9dc1d4b395a","sha256":"b9f4f73ca65685decadc35725a3e297ededc0f114c858a73d0fcd2990be4700b","sha512":"fc64ec06426c18396cb30f73f9bb8ef9435eae8b77b41aee8dab7c588963b216e206532813acfa3c24a54c30f9193bd989d7a32e553e5006bddf09c6264bb305","ssdeep":"6144:r/Iq9qPpIBk5zvo4mUStrt2SsmmV62DCQT2Y5dtwO1lKbT/:jIMqPaBmUzUSt862DYAHK/","tlshash":"a454227a92deec39d0828eb4692975e2c1c853567cb88bf1d71034f295f50e8e9c9b43","first_seen":"2025-01-04T04:40:02.787084Z","last_seen":"2026-04-05T17:28:59.587878Z","times_seen":9287,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":23,"dns":24,"connect":10,"send":0,"wait":9,"receive":31,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/layui/css/modules/code.css?v=2","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/code.css?v=2 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 545\r\ndate: Sun, 05 Apr 2026 09:14:04 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 14 Jul 2023 10:03:45 GMT\r\netag: \"64b11d81-527\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Um3OODnF-PgeuY8EKGAUG66tUx7wlNj_iFVqaXagze1qwnl3O8FAqQ==\r\nage: 1531\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1319,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1319), with no line terminators","md5":"986d0d70b033a195fc1bd1527b06993b","sha1":"69ea79bb09bddd3b988db70ef8b10be9ed0f0065","sha256":"3f27194c2e479212781a76f993b778d724ac9838e780b19472c0357cd3081431","sha512":"a3d1ffa0ba90c8ed8f1330c456760ad7098b683756f1f5d2aae6ec89502c0fe1ff6287e7b1180b9df8f50d517118b610566e9315de055d4780a230488eda10e0","ssdeep":"","tlshash":"d721493aa3852118354bf21574fcbcbca03cb1d6a5ea0eaaff416797c944c51083674f","first_seen":"2023-04-11T12:12:51Z","last_seen":"2026-04-05T17:00:52.648587Z","times_seen":26538,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/axios.min.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/axios.min.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 21089\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-cc17\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: dyUEC0AUULgw-G89sw_GOJzC5FKyaPt0ew_UhtbJ-NfqmD2aBw1e6g==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52247,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (52208)","md5":"99714d221df650b50da3b7bf97e2987d","sha1":"493b74178a63429fff2aab081b3a1ca73d362085","sha256":"8ad11c4cb079bba93156727270f510292eedcc0716c6f21725074a59ec8b9b96","sha512":"2520851e12838a54d14577bd6a4fc5276f1d729389c7341a09ddd783c33217a5c58ce0e1cbf60c08cf075b44c50dc90d1d651ec16fa47ef8629f8de12ad27103","ssdeep":"768:Wjp+L+sl7x97+om+oCICTUOD3cQ3F1C+SqImCjL/hQBf/MEVgnyzB/c2OiwBaGcj:Up+b0GUOLMPLJQf/CEB6iwOj","tlshash":"2c33b6cd76d6f06243a77174802f610bf23aad16a44d8460f224ece6bcb854e9337f69","first_seen":"2024-05-21T19:06:10Z","last_seen":"2026-04-05T16:55:02.749837Z","times_seen":26874,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260402/2026040217301365319.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260402/2026040217301365319.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 02 Apr 2026 09:30:19 GMT\r\nEtag: \"7a38bccec31228a19530a040ce4c1c5b\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 02 Apr 2026 12:30:58 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 347\r\nContent-Length: 210192\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11442190125503969097\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":210192,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7a38bccec31228a19530a040ce4c1c5b","sha1":"abb851ab77711a271dcaffb0847abf442df01100","sha256":"c3da7448340dcd8db9bd33630dd7262550a7a34ca69532720426c523f4c966fa","sha512":"b3a21456246b57fca3ea931e488b6fa29b95838957ebdc83618c387bef3fc5aec50a68db4e0412c203efa429b47ba04445bcd2779ffcc21c62fa1fe1d3f5172e","ssdeep":"3072:nXA/zmME7fUUtdWN5w5sxyqh06v1fvnpafqugdoriRfVhgxPqQ2cj:nw7mM4Fd8w6Dpv1fvYSuWDIxiQ2cj","tlshash":"9b24128ac925d579bdbfcc60b17e249c7a9542fa4c927b0a31532f7c782e500a62f47c","first_seen":"2026-04-02T14:37:00.701926Z","last_seen":"2026-04-05T17:19:08.026352Z","times_seen":2452,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260329/2026032914424441028.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260329/2026032914424441028.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 29 Mar 2026 06:42:49 GMT\r\nEtag: \"89c4f064454bfad21e6ab33adfde432a\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 29 Mar 2026 07:04:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 131\r\nContent-Length: 138640\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5107085057011959576\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138640,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"89c4f064454bfad21e6ab33adfde432a","sha1":"14187829b5a818ffd672352a2f009ac921a4cf9b","sha256":"801bd63d2abd726b7d40b7beec423908e86abcb700b0c80467399f478bdd933b","sha512":"1deb4ecaf5818cec7b5000997a83a51a8a51060e50ddb4e735fbaa9257d75ac5ca0c9cb29a7ad426956eb3b3743d001c0e7b60ab96b900d71622d3c0b5ee4196","ssdeep":"3072:1WpnFuQO8FNNExCg97AFHlRy+EOF9OXBK7RT1+h2d46QHxRo:1WpUQrE0ghsw+r9Owd22d46QQ","tlshash":"10d3127ee79a2e02fc900e0371c56e85579c76082e6d1d01f2d5aa9e3e9dbd391cb820","first_seen":"2026-03-29T07:50:18.458353Z","last_seen":"2026-04-05T17:06:58.024696Z","times_seen":2772,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-25/e53e1cb975ce3e81a8ddd8f23beee2bf.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.313Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-25/e53e1cb975ce3e81a8ddd8f23beee2bf.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Feb 2026 10:54:04 GMT\r\nEtag: \"b328c0c7d21077dcc512724fb6fbd3a0\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Feb 2026 10:54:09 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 53\r\nContent-Length: 343744\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14138663707501168459\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":343744,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b328c0c7d21077dcc512724fb6fbd3a0","sha1":"9c4cf075979de4b4bb02a22ac07d15f603154c73","sha256":"8ffd21d43f6ce8070ae9c78f2ef752d5f1bf8ef1cd65358fe9b7a361940f61c8","sha512":"73a56db882e239eff6b0e1b8c9a3c2c0e71257b1ba8b15805c71f1e63449503b40bc0e78f6077ac0618570ceced37dbe5c697c4c5ed477ad13f1481a2d5e8da7","ssdeep":"6144:NAqzpp4tb+UBk8NlKEAkkf2ehkPDH+7+m3OJSdWUiHxB9eJhHQvuFzFxgwAT7D9M:dpOHBTNUzf2zcSUiHxBQHfF6wAT/KcA","tlshash":"c774237314d928aea8e7c82c697b473311fcfaeb64387f5346de5bcd25058d104ea84a","first_seen":"2026-02-25T11:08:48.248298Z","last_seen":"2026-04-05T17:19:28.160392Z","times_seen":6383,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":46,"dns":0,"connect":0,"send":0,"wait":42,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-21/9df837fff5d4e5d944a4e8f15a4eb484.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-21/9df837fff5d4e5d944a4e8f15a4eb484.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Feb 2026 02:37:03 GMT\r\nEtag: \"37e55e0a65bd11bf0b09e26e2cc5fc4b\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Feb 2026 02:37:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 111\r\nVary: Origin\r\nContent-Length: 194528\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3646698677374885427\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":194528,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"37e55e0a65bd11bf0b09e26e2cc5fc4b","sha1":"2636825af37b7ff77428ca6166bd2e077b5f2a23","sha256":"fa43e421fa5628ed10ed010ce262f2dfd987aac964f43e92265465a028c350ba","sha512":"81efefc37e25fadaa70b2dcb53d2dc89edacf446743a3f64c6dd303f3f992f7229518cffcf950c2626d6665b4332b84b81e3e8f03cc726e8297fb28065d117ec","ssdeep":"3072:GBcKJN3g9nhsWMnoMHKH5Ix+ATJmNm3d9Jw8EykkUMzFYuk5YBDr7:GieghUnXM5I1NamN3bD5Yuk2BDr7","tlshash":"1b1423b2fde3145369a589716c03edf5992c897fce1043a34a2967048d123fd987ebe8","first_seen":"2026-02-10T20:52:58.052303Z","last_seen":"2026-04-05T16:38:14.804112Z","times_seen":4364,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:36.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nCookie: _ga_P6HKH41365=GS2.1.s1775381976$o1$g0$t1775381976$j60$l0$h31576192; _ga=GA1.1.1816695674.1775381976\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\ndate: Sun, 05 Apr 2026 09:30:48 GMT\r\netag: \"64b11d97-4104\"\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\naccept-ranges: bytes\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: qizpwmKc3nGD5CKUDp56IZnZ1J9a8y1UNELXsG2OJgllsXTflnZU-g==\r\nage: 528\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-04-05T16:36:29.65138Z","times_seen":19847,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/vant.min.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/vant.min.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 89193\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-3b3ee\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Qkxiubhk2vO7cuHz7gAvFG19b_iTLJ6DqmUgoIz77AgAjruQYifflA==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":242670,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (36859)","md5":"48c71ec4ea36fdd75033bbb278a861f3","sha1":"b47d16bde5c94e468ef249bd2126b846a39afe73","sha256":"0b18e273bc785dd0e5cc43218ee879bce10461fdf3b1274a1f2c8962aaecb49a","sha512":"bd3e587cf0fa0c2d777e1918b2067a2a2cce648996ea7e490098d609b20bacec6c2fb6dbe682ac1e212eafe2c1e33364a8cde40439ab6d24638b9b23b69489a1","ssdeep":"6144:XEB3BhYNbHp+fvbtgMAgMgQ8dOq11tUxLEm+Om0RbU:XEBIHpevogQ8dOw1sEam0R4","tlshash":"d23439a0f685f42547b790e6507a0610e1290b48f009d1e0f57ded8e2aede94b6bef7c","first_seen":"2024-08-02T14:48:31Z","last_seen":"2026-04-05T16:55:02.569411Z","times_seen":25956,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/e8e1e023702cb2535fcc5b8dfc237932.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/e8e1e023702cb2535fcc5b8dfc237932.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 27 Jan 2026 14:12:51 GMT\r\nEtag: \"60af2c4d8abb6b3edfa7e5b3f0af2c90\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 27 Jan 2026 14:12:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 216\r\nContent-Length: 139488\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3277475119995503359\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139488,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"60af2c4d8abb6b3edfa7e5b3f0af2c90","sha1":"ff01cec91d7ac12be695637f7f9bc1db1846b442","sha256":"33761d1d55e6319804742b0337b23716cfc9bdc57df7664750b11eb6b3b37976","sha512":"88283c6844b67a8bb6f85a933ba88699699caf084097ddd6fd536453892c7cd52f2e244807958a5fa597ddc43c4935cd286347d82fb65f446e8a3ca13df8060d","ssdeep":"3072:VW6g7V1QSflcmvjLY6EyrQatdxQbGxMLCBYIFDvdQpg/YR+rMToePvs:3gXl+CjLbrA5LCBYIFDvF/0+rMTrvs","tlshash":"76d312e10a29afb280c7534bb8925459dc02daf4c66fc66d0d923b1be67e73360945f3","first_seen":"2025-11-17T11:08:20.239469Z","last_seen":"2026-04-05T17:00:52.640149Z","times_seen":13155,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":91,"dns":1,"connect":7,"send":0,"wait":10,"receive":36,"ssl":87},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/de518aea55e39cda1f3e083511c581c4.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/de518aea55e39cda1f3e083511c581c4.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 18 Mar 2026 11:18:42 GMT\r\nEtag: \"0b0fdf9efe1395ca2e8bd6088f05ef94\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 18 Mar 2026 11:18:43 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 448\r\nContent-Length: 483104\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2760839190122097810\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":483104,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"0b0fdf9efe1395ca2e8bd6088f05ef94","sha1":"d953f58f67c88b79b9543dc606d1ebb3f0b698c2","sha256":"50efb6697bdb71826148571cc334ecfca084e97aaa5457f3cea08da707df2701","sha512":"c6b1416b8ba3a54558dd04bb55e2d905fc449e11bd83e18d8d7fa924a6ba2b768bc3183d36d3f3f36268925973e973f216a4c212b47de1834bc8712b2cd9fd45","ssdeep":"12288:A3tpOCsReeKp3qsWwg8KXTtBtNEj1rlDbyPy0:6yCZRaPwg8KntNEprN2f","tlshash":"78a423dc7d5504c8c86ef85866f46f128c341a1983bb9a3f4b9b30b5c6f8306d5ba687","first_seen":"2026-03-18T21:18:37.787698Z","last_seen":"2026-04-05T17:19:28.158921Z","times_seen":5003,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ap.dc-report.cc/api/eventTracking/report.json","fqdn":"ap.dc-report.cc","domain":"dc-report.cc","tld":"cc"},"ip":{"addr":"13.251.76.74","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:41.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dc-report.cc","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C2:B5:BA:75:40:71:82:8A:0C:30:43:7C:87:CC:C2:C3:63:69:3A:16","sha256":"41:CE:19:28:BB:9F:95:C3:A8:5A:6E:DA:C9:CD:C2:6F:06:2F:9D:37:81:96:91:C2:D9:EF:88:93:F2:EA:18:E8"}}},"request":{"raw":"POST /api/eventTracking/report.json HTTP/1.1\r\nHost: ap.dc-report.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded;charset=utf-8\r\nContent-Length: 753\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":753,"data":"src=https%3A%2F%2Fpic.lfvjpw.cn%2Fhc237%2Fuploads%2Fdefault%2Fother%2F2026-02-21%2F9df837fff5d4e5d944a4e8f15a4eb484.gif\u0026uri=https%3A%2F%2Fkcm4489.top\u0026event=ad_impression\u0026page_key=category\u0026page_name=%E9%A6%96%E9%A1%B5%E5%BC%B9%E7%AA%97\u0026ad_slot_key=home_pop_ads\u0026ad_slot_name=%E5%90%8C%E5%9F%8E%E7%83%AD%E8%81%8A%20-%20%E6%99%9A%E4%B8%8A%E4%B8%8D%E5%AD%A4%E5%8D%95\u0026ad_id=TJ-001_tj_web_6\u0026creative_id=\u0026ad_type=banner\u0026seen=true\u0026channel=\u0026uid=0\u0026event_id=2048c560a82b2a51511dd62fd97e391e\u0026app_id=TJ-001\u0026sid=de42300b7d09fc989b7aadfaef720d6a\u0026client_ts=1775381981\u0026device=PC\u0026device_id=1c4811d873aba2fabfd93c7a0ed1756a\u0026user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026device_brand=\u0026device_model="}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 09:39:41 GMT\r\ncontent-type: application/json\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: null\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":332,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/index-ai.js?v=20260307","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/index-ai.js?v=20260307 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 11675\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 13 Mar 2026 08:07:44 GMT\r\netag: \"69b3c5d0-a6f9\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Bsf_wUszKlBuWx9yR2gVl7v7M9r9aKzpg2uE3_grVetVjLF28Tl7dA==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42745,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (306)","md5":"1d48dcf030752fbe3aa418bfd7db3eb4","sha1":"335b8a38794605aeaab4a5a9f40fce253e2740a6","sha256":"ed65e14e569f8d33ae104ca1cb6e57b6ae666e12c002e048d0ef82770cc1497c","sha512":"a944a1db6164e00d95041933bf19126255b4e745371fea9e557ea02e2e2046d952102901f9e8c3db760e3e82522437dd15b788e1cca8a0bafa59623d33625e19","ssdeep":"384:IkSVlcz8cJPkBj/r5pRWSLFwzY18zkJsMNFCoGp5va6Tr6iIVep:MVqz8cJw/r5pRWSZuYRJ/NA7p5Prqep","tlshash":"ec13a50a3aff74118567706a6befa0057630a0177209df087f4d87985fc252996e3bee","first_seen":"2026-03-13T08:37:15.167396Z","last_seen":"2026-04-05T16:38:14.7598Z","times_seen":4048,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/js/user.js?v=14","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/js/user.js?v=14 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 4274\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:45 GMT\r\netag: \"69c4f419-3eb2\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: SMQ9991f71DeyigtNRP4CE-5bAwfMcgGqS8wpORnOWLFjHYGc8gZEg==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":16050,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"8d95cebf26c81a43cc2db9bb3dd2bd4c","sha1":"734e62d7f43f72a137ade8e66e38f693b6256bae","sha256":"1d534de6c385ea7ae90712551fcfea20e61bab348af7745882685635c4f17feb","sha512":"9b60e85ae53d50b4dcc763e6146314244c8651ab93263f2137a135982eaf0b223e054c9fb735dc8ecba2d98c2ae4df2146588c34e321bca7f9846a109210cc77","ssdeep":"192:G4pcNs9UU7MENyT7ACneMrr4bUDUrMVCr1JB7yifGQ/FoWjxk0vwnaI3QUGMugCA:G53Kmuj/J6KUBn","tlshash":"c562730ab1f905624b5361b06b9b2204713195072a0add1c3e3d9bd82f5ed79c2e7bef","first_seen":"2026-03-26T09:29:38.978452Z","last_seen":"2026-04-05T16:38:14.840577Z","times_seen":3236,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-10/02c4a558efde747af7c9efe32c67bbb3.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.098Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-10/02c4a558efde747af7c9efe32c67bbb3.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 10 Mar 2026 09:24:42 GMT\r\nEtag: \"a9dff727b65970e1a6bd972bb1f35107\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 10 Mar 2026 09:24:43 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 606\r\nContent-Length: 494224\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 17276280223142550940\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":494224,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a9dff727b65970e1a6bd972bb1f35107","sha1":"1e354597d97c2231378995e247f60c555bb4db19","sha256":"909dbd4592ca7e4412a1372b77d380a5f9eb116f01f77050923f9b5880ce4285","sha512":"abf5973a2a882be7c6d965314f21ee410e5273f4391d741f2b66d6b0ba54a4771f19a86c013fe755f71b18032ddc77376b91e9b7c10f5a4289e11dcf4ed8c420","ssdeep":"12288:NC8QHL4w488K2NGlv+oQuLCmKdLzySKv6B8KYC:XwfTKGlvQrdLIChYC","tlshash":"4cb42329052e46d09f9db1749fe1d904431ec4bef95ca0eba450478bff23cbce25662a","first_seen":"2026-03-10T11:07:41.060489Z","last_seen":"2026-04-05T17:19:28.145726Z","times_seen":5602,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/DPlayer/assets/DPlayer.min.js?v=5","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.js?v=5 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 66689\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Sat, 01 Nov 2025 03:49:21 GMT\r\netag: \"69058341-4a650\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 9eAikkg8N4Q63_4xlfo3mHER5C7nENa8epOoYoUWSw5ct4L-Dm1RnQ==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":304720,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4046f013cf323ea4de2e2518386c3d5a","sha1":"cc1bb7b97ba97a03c92593de7524a22ea87c78b0","sha256":"5c9811be07c774e5465097e43c4945941c501333fe482a90f5286cfb3c88e280","sha512":"b50531b05b763c25361b5fa23e258acf12f1c470bdcf0fd60d1a22451f1f954f55761446344067075cf4bc794177c83dbb9eec21565c2ffcde52bff93acbbae6","ssdeep":"1536:PFri4r9aKySaa3rzg7hSwaKySaa3ref7j3MEwOMEa8vTDadMcBjOsCSwixK1LzV+:HNDyMgjKbixKVhjLIR2INivkJ","tlshash":"4a54b20b364131340262afe8c6db534a36347310e9729729f65ef9de8f9d84c6427b7a","first_seen":"2025-11-01T05:08:56.775869Z","last_seen":"2026-04-05T16:55:02.684551Z","times_seen":26580,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload_01/xiao/20260403/2026040318250565846.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload_01/xiao/20260403/2026040318250565846.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 03 Apr 2026 10:25:32 GMT\r\nEtag: \"fa31f176b725219ed3ab40fe9771e8cb\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 03 Apr 2026 10:25:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 113\r\nContent-Length: 189280\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14188199940366087592\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189280,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"fa31f176b725219ed3ab40fe9771e8cb","sha1":"912b95745a71e84d27e744c8b3e5418732b10bd1","sha256":"dde188cb998add1a5a74c26edc33a4740e1cca88b650733646164737249bdd12","sha512":"bb2a23e74a0af4dbe3b570b2099be39385a62b98ff6add6f86532d495fa422a5a30e61ecde2d9240e0559faaa5455d51a5a6a44fbd7d112455512b75dd18c55d","ssdeep":"3072:LdSG3k74Mu9he1SbA1urSW96uEZi2Zh7h5F9upAWdBeLwWF24heFdNkNw33Hd:LdSG0Lue18AVW0uoBPXWdcLwx4henNVd","tlshash":"380412e34213cedebbd94ac51cdd599aabc3040f13495eb879e76383d65a628c443c8b","first_seen":"2026-04-03T12:10:17.896457Z","last_seen":"2026-04-05T17:19:07.976748Z","times_seen":2443,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":58,"dns":2,"connect":7,"send":0,"wait":10,"receive":21,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260331/2026033116430599566.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260331/2026033116430599566.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 08:43:09 GMT\r\nEtag: \"ea3bdfef2f3516ef3255eab42ab35c37\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 08:51:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 827\r\nContent-Length: 112432\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6304391373136308949\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":112432,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ea3bdfef2f3516ef3255eab42ab35c37","sha1":"08968ebc206e1944fdebbdbd931b3834a05fae13","sha256":"c3f92cdd4c4d8d33e6b001318f04ada747c22a16b99c6add50247975edb52adb","sha512":"b82b2a6137e3d50432754c303eec71b1ab3f6826805dc6379d828d3ba519065024ca09c7d436bfbe9f18558811c8767c5889126c4556785f97cff9f2e4f7256e","ssdeep":"3072:rvy3TGNzw4EyzkoMjxuvdSeLVE/b1YNBfHgZJ1Yq:rqjGNtEyzjMjItLVQb1SBfAD1Yq","tlshash":"94b312b1c6e6fbe9fbe024ba34ccdd00d098786c594017799d1a5f1ab12a83f8d9c2d4","first_seen":"2026-03-31T11:27:31.353196Z","last_seen":"2026-04-05T17:19:07.974845Z","times_seen":2669,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260329/2026032914154087683.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260329/2026032914154087683.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 29 Mar 2026 06:16:03 GMT\r\nEtag: \"c6c864af2119dd0e651495a3478e845b\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 29 Mar 2026 06:23:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 135\r\nContent-Length: 218544\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4487637827238243018\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":218544,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c6c864af2119dd0e651495a3478e845b","sha1":"ae47135b2358c19d2741978001f2ff48667bb2ff","sha256":"a5e00d7f59cb0a3e9ba3c8e045787c19493b0016ff2a9212f3b55aa657d2688f","sha512":"e89137e8c6f036c3c953386c022d8bbf0546e7504eb67a53a924892549b43addd23bc626cd1c74c0dcb24d8e3e18c9431fe10a6172deea3c5fe896494bc10653","ssdeep":"3072:yIOguAdXjeBhbMdmSFHjoXvCC5czkPuKWCikEsFh2jMWV2HEaQFIXxO7so6lKI/t:yIOgjvMSFHjoXv75TuNbjwEa6+yEKwl","tlshash":"372412c0099cd0e4ab71c20534378ff7ee8f7cd516994951eb83a6a8ed97068fe460e9","first_seen":"2026-03-29T07:50:18.482011Z","last_seen":"2026-04-05T17:06:58.043661Z","times_seen":2772,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=20251216","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/mirages.min.css?v=20251216 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 42592\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Sat, 04 Apr 2026 06:49:53 GMT\r\netag: \"69d0b491-3172b\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: dfVCy6BtwGuLga9VDVDG-NE4-OgGnpxfd6MVJ5FNcscRCh8Ic9veKA==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":202539,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1228)","md5":"7a63691074945b970e7127a37cc8e2fb","sha1":"a02ccfefc24ff1fd72fcdfc08e411758eaa50386","sha256":"beaaf1bfdd4ae35e67716a7d0aa6372c619b132271f21e9c0c7abde93d912308","sha512":"efd9576ae59f63fb257ec366c747cd0566661f0abee5d894546a8d9e1e6ea7462e7d679dc1d85e4ea1a52a7d9c796abc983a0659480cc5dae294a9211566e7eb","ssdeep":"6144:PwcGuP/Y1iBl4fOBl4faYEG8PnXNsSd1XmFRtaSgofgO:PwcC16I","tlshash":"bc14847c954111d46373ca1aafc4b6582738f226dd052ebdf12721d8dbc2b9b12e2b8d","first_seen":"2026-04-04T07:27:39.536324Z","last_seen":"2026-04-05T17:19:07.995707Z","times_seen":2413,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/popup.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/popup.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 2210\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-1a0d\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: mF0_JgnnE2dTBL5R43_LYxVBjSrrCKw3iO7udYkGnPdrZuKz3ny-Uw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6669,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"026709ed231cf8d920385fed59c17ca6","sha1":"19696886744402cb73a48a41e625b23f5acbb813","sha256":"3438d0b2d18590fa1f7f0c324a5ba9f42b699de78006ed372ad043bdf46a7e1e","sha512":"aa01a6f89fad627df9437b5bcf8c3feeb7bb9719d12f12ad8e00d031f3092d1de299ffa4cd98229ddbfd3c455a21934e0e391e1c06d979cfe65fbc0f08cf99e4","ssdeep":"96:P1spJ1L0gLrdAZLLCWICzj3nMjnjOSdFsCaxud:QTo3ZLLCvQj3nMjnjOSdFsCaxud","tlshash":"c4d12f9931f3213082abb27e6faba0143230a0477108dd197f4d5f900fc573a66e1bea","first_seen":"2025-11-08T04:26:01.83069Z","last_seen":"2026-04-05T17:00:52.688851Z","times_seen":17929,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-21/cc7087fb438de9101ba9bdb6c0921afb.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.819Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-21/cc7087fb438de9101ba9bdb6c0921afb.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 21 Feb 2026 04:04:32 GMT\r\nEtag: \"629fde6db44412241a00dcf14e0dd72c\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 21 Feb 2026 04:04:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 322\r\nContent-Length: 135184\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5183410506609605076\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":135184,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"629fde6db44412241a00dcf14e0dd72c","sha1":"2b8426836b16e9f4fbfaae0042642d35ce00e00b","sha256":"7632fc799d6af6fbceaeea93408e5023912a8361f38e18b94f0c4c66feb49ce0","sha512":"da4a017a4579d15e0007d0332a6110610a565f519dfdd62738406f012379991481bf8d00bce0a50aed6e77aeae8237e3b8010535c5829f976f05f073b7246336","ssdeep":"3072:zj7iQtHAseYSV4hYvzWBTyJ83JqEHG4nWerZgpW5rdGWVL:79HnjSVRqBC0JZHI2Air8u","tlshash":"64d313538077830d5e786cf97e054e46c7147f0393699aa3150bf105a4ae0ae77f9e47","first_seen":"2026-02-21T02:51:35.034032Z","last_seen":"2026-04-05T16:38:14.766236Z","times_seen":4402,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":32,"dns":2,"connect":36,"send":0,"wait":9,"receive":22,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/86b16c3ee0e7d34c8b5b10ccef8d5eee.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/86b16c3ee0e7d34c8b5b10ccef8d5eee.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 31 Dec 2025 11:30:40 GMT\r\nEtag: \"a7765d45a33330edfbbf67ba0e66f2c7\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 31 Dec 2025 11:30:45 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 72\r\nContent-Length: 308368\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 8958377736167321555\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":308368,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a7765d45a33330edfbbf67ba0e66f2c7","sha1":"d12b6a6e34647358ee13355d93174e48a248e1fe","sha256":"9342ddbd6a4e054b0f4450b07577687faa96398e215c46dc51cd1f408e5a113e","sha512":"fc2bd4ac433b9391673b62cdd1a00b8270e9a3824bf4e36348437a6b42eff27c2dfe5339b31ff88444459d33b7e7c86a32bb96a6eddb90a4f01a26290cd80a54","ssdeep":"6144:Jbk1A4+QKHSLfYM33iW5VDfYjeYwAw0K5dMwoY/Xpc4uLf9qo56gFk:Jw74HSEMnPDQs0K5djN/XpNuLVqoQgG","tlshash":"b26423db231e41d3394f0f86850bdcdab9779bba190310b2ec575e59b56da3a2880e42","first_seen":"2025-08-14T12:52:38.397864Z","last_seen":"2026-04-05T17:06:58.082055Z","times_seen":9635,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":81,"dns":0,"connect":0,"send":0,"wait":38,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420561150988.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420561150988.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:09 GMT\r\nEtag: \"e3cd4c01559c4c07d1139d8cf0fd8f87\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 06:26:13 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 17766\r\nContent-Length: 864\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 18113763966973878693\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":864,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e3cd4c01559c4c07d1139d8cf0fd8f87","sha1":"ed230b75680db09a681f949947a50d0fc73a7f7d","sha256":"4fd50bd19c882486279b1e1ce4ce6bfbf09488740e86f89c87e1435062585b47","sha512":"14f75f1a24dac2aaaeb50ca2fdd3b7097b0c987fe373eddbdd76c99d804ae904b1f29e9f8f6c165752f20f99ecfd140eabf80c6cdd3952543f39e8b6d09f53cb","ssdeep":"","tlshash":"d81196ba04f2d7a15f0c43115fc5c6285aa06b51c22a6ee9ea4254f72b04021804370a","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.301618Z","times_seen":18019,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260330/2026033016381327719.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260330/2026033016381327719.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 30 Mar 2026 08:38:16 GMT\r\nEtag: \"38b21a365409faa02b07d6c5b9e376cf\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 30 Mar 2026 08:46:14 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1067\r\nContent-Length: 107344\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 3581784298280072021\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":107344,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"38b21a365409faa02b07d6c5b9e376cf","sha1":"127050010ab8b4bed28b66b124f2448ac73ce166","sha256":"3aa9daf8aa2754dd35cccb83f247400249311e7d9a40959e03646266c96309bd","sha512":"13e0db7f37e61911573bbc8a8d4a79c1d49c7268c82b8ea3bc5da563f35c8f81c1642ab1abf14d9bfaaa38eb869156432c85a5ed218a74bd4828696239452286","ssdeep":"3072:uqpKxLZx4HArUZajhyxBz5HpD0+kWn6YA9:P8pm6hyDz5JD0+kg619","tlshash":"87a3124974d1eb93311c70be2f9db6ea200904d76aaa255f8d237223b7cd6ba011f13d","first_seen":"2026-03-30T16:40:17.098651Z","last_seen":"2026-04-05T17:19:08.008815Z","times_seen":2713,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260401/2026040121340354363.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260401/2026040121340354363.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 13:34:07 GMT\r\nEtag: \"c60071b4e5b3c1967331ed65a34ec838\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 13:41:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 133\r\nContent-Length: 93200\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 932369450170620522\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":93200,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c60071b4e5b3c1967331ed65a34ec838","sha1":"8ed8d8123d50526f9d614b7d36296db3eb309aac","sha256":"101ad9389920d03175d6b7ea379436270f1bc7a463bf058ea44b927e984be19d","sha512":"93a23637c4dd0998fafbb1cf19f19247f5ccc4a361dafe5ec8cc0f454b522402dd08ed683fbe58aab8d899dce0d92dda6d7cd8798f23157d7ff1628097ab8b36","ssdeep":"1536:fqLqaRxvWLgwLYgGz33CRC+eGqypKjuVbxH9ujEZCXDWBT1EmHvSc:fq2sxnwcgGznCRETjuVV4jmc+10c","tlshash":"db93127dcdde468dfe1c7f48d560ef02019ba632e67c95a34c7a0c83666dd9648ba80c","first_seen":"2026-04-01T14:30:16.915392Z","last_seen":"2026-04-05T17:19:07.990762Z","times_seen":2487,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-15/a24ffd8fcdc19832fcc83c061c2b70ff.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-15/a24ffd8fcdc19832fcc83c061c2b70ff.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 15 Mar 2026 13:54:19 GMT\r\nEtag: \"60ea483e187de18413242fed51abdbc4\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 15 Mar 2026 13:54:32 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 73\r\nContent-Length: 168496\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1152756860487888987\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":168496,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"60ea483e187de18413242fed51abdbc4","sha1":"301d58d12ff997205668dc738c2ad5c563bf81f6","sha256":"93e587024fc3f07eb2823387af8be692fe12feb500c7a9596ea89e31d9679f37","sha512":"d4a14c67b7a7a6917bba60f5d094892a39b8ef3455252b323ddb2b19d90c91ea6714fd3ab867ad861e507203a60dae480eca67fee51da23816472a48a2603281","ssdeep":"3072:rDrbLOBeW64gmm6ogHRgQGeBUBDwzGpjpRFV1qDDN21I9myXRiUcpzPnm:rnQtdoWPBUBDGGptnfqXY1J0opk","tlshash":"6cf312a39367407079628362f9b13c0e8e032cc99de47f374e3f5612e4a734e69591ae","first_seen":"2026-03-15T15:08:50.327233Z","last_seen":"2026-04-05T16:38:14.861958Z","times_seen":3747,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/fonts/OpenSans/300.woff2","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:36.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/300.woff2 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nCookie: _ga_P6HKH41365=GS2.1.s1775381976$o1$g0$t1775381976$j60$l0$h31576192; _ga=GA1.1.1816695674.1775381976\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16344\r\ndate: Sun, 05 Apr 2026 09:30:47 GMT\r\netag: \"64b11d97-3fd8\"\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\naccept-ranges: bytes\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: gtknFoMI0B_Ej8g0gnEXNBZsIBJBII3coUgmzZNYp9HiEWraxR0y7w==\r\nage: 529\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16344,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16344, version 1.6554","md5":"c027111d6febba054f7cd5e5fddf2243","sha1":"7c6ebfb74210e4d368ba5df96b2c5aa448a3953e","sha256":"c347496b917562bd48ed65545fbced7c9fb2a3e48c1102708a7e615fd4fb2ed8","sha512":"1a819ee0993cbed2399265606b2adc0866dd34fcab1272b6d1798e08010cab4e38af1a2299d74a706690a3188d0081d92804568982fd23f6d2ce946ac29fb61c","ssdeep":"384:sO3z8BPeD5+oRjlrvO+uuGnSDKDPVb0fOovWO1aDDBAb:pgdeD5jRjpO+ugDKDPZ0mwV1aDD6b","tlshash":"ad72cf62810dd851e31137fd7c6622e0878cb0a392121bfc5bebd8ec09204e67ac43be","first_seen":"2023-08-07T12:25:19Z","last_seen":"2026-04-05T16:35:24.062943Z","times_seen":18016,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/js/qrcode.min.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/js/qrcode.min.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 8132\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-4dd7\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: XRJcNrbMXcwWGHH9XYAs1UVO6kemRG4dq5Qw9yQCyr8zGq9lNKHijQ==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (19927), with no line terminators","md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-04-05T16:55:27.506095Z","times_seen":50321,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/img-placeholder.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.767Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/img-placeholder.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6700\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 27 Nov 2025 02:09:04 GMT\r\netag: \"6927b2c0-1b01\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: q_KcMfsf33OBgqhA8_3Mt0yplvHGSGZXRNoI8GZEUmMlUHNfTUAYuw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":6913,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1380 x 954, 2-bit colormap, non-interlaced","md5":"2bf55fff5517780aaa0fc200869329da","sha1":"ffa84727c18f61809a1be5dc98983ae80f6e47cb","sha256":"57b0e2330b07df346bd10d657be6483138c6f5c7e69434d51a45b4a5f9115ec9","sha512":"b3505d64dc4d1c94ce39c0e1c1e93dd1cb8b0307c1b9fc7c345cecfcf19a631d43f4f64941fa0bf20f8c4c8d66f24d6d1c1cc86a52907bb86cd445fe61eaf893","ssdeep":"96:QuKUEfIuGFUxmpghh7sEfvhShKynDWSatIvj50mkh02R4jRKZnPtZ/8nF2OiOLwQ:tXhuOqhpnEETSaSvjRkhh4Fyh8VMKbb","tlshash":"efe1afb28831df82d16e81fed4ff1a7b453d03607e431e6a52cbc1256b2650f05c0179","first_seen":"2025-11-25T05:01:35.035896Z","last_seen":"2026-04-05T17:06:58.032455Z","times_seen":11803,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/96973f3cbc7fa3ac563b144d97ffab19.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/96973f3cbc7fa3ac563b144d97ffab19.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 05 Jan 2026 03:13:17 GMT\r\nEtag: \"9be8face9a0c71281c3304b61e86ddd1\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 05 Jan 2026 03:13:17 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 28\r\nContent-Length: 667488\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1238290294173840043\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":667488,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"9be8face9a0c71281c3304b61e86ddd1","sha1":"c870ba41710513af0bc27805e71bfc912be6463f","sha256":"fd84827a448c92a0e456aa7fcce612d239716895273632e9c6728b5323bbce1e","sha512":"1658a60f82c609bc3271c5f901f5dc9725d6ee6f537f460752197dd7fd543da92e59a0f5326628cb2bad0c090cab5e793341c607081e9caf9662de35ea4e5b68","ssdeep":"12288:Bl0eA4CdONfZUiaJgigupqlvTymUX1Om5Vu1u8Mn1jWwX08tJjrm/if:z0tlqZUn+iIrylXMi58Mn1RX/tNr9","tlshash":"cae423403385c22f64bb2f43a8159ba13843dbc8edbdfe05d4f95a1b928176de328578","first_seen":"2025-12-08T12:36:29.171473Z","last_seen":"2026-04-05T17:00:52.660708Z","times_seen":14719,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":42,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/Search/pc-nav-icon-tg@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/Search/pc-nav-icon-tg@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 728\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:43 GMT\r\netag: \"687f821b-2d4\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: iMUuSDiT9f8nZfSoaWtYant24U40QSTGXKLdMBHmjosYWECbcyzaTw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":724,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit colormap, non-interlaced","md5":"f85347d7d3b89528c8ed9b2302cffd75","sha1":"f867345d5d76084326d8e0fd56165e943887c1b2","sha256":"0d4dea28dc89bf49c23d0b981000855ab6b6353641619c737afe4a1581ebfee1","sha512":"90da37dce95e7282af9bff7b041c2cd4c5becea138cab3be876170067c8480398981bcdc0b43185f08e7fc0e34f921c92dc118e8fb3aa9608626cd9b9efb70e5","ssdeep":"","tlshash":"04018870f1841d38cd34a85c9c73abd56e019d0b1354f062c8d5bd747dfc04eac45420","first_seen":"2025-07-12T04:18:50.990855Z","last_seen":"2026-04-05T17:01:50.283209Z","times_seen":18088,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/fonts/OpenSans/400.woff2","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/fonts/OpenSans/400.woff2 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 16644\r\ndate: Sun, 05 Apr 2026 09:30:48 GMT\r\netag: \"64b11d97-4104\"\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\naccept-ranges: bytes\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: NL53V1JmSA8B-7anTmZ3_qMvKIgViE-wAXvv-dBp4_-Pl0FzNyIDKg==\r\nage: 526\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":16644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 16644, version 1.6554","md5":"6276351c3fd3053a0cab736572d6ced1","sha1":"326b281cbcf5070d140fadedc4b1354f1a5d916c","sha256":"43640ab0efbdbd50a1162047c1f62f338fb84de407411b98bfa6a1f8666ef0af","sha512":"c9885c9fa086350a150efae1c40c9ab22314db0baf47b457c3de4be5c7e609313b9fec4f9000b133a9f8b365c2d5d3703bbff579833a8b81195062e5f6bfe5e7","ssdeep":"384:JK4eVLUx4mqjtgI4cwDn/HnhbXOU7WYb+KFqEevY5:Y4edUqmBIkD/HhjHWYb+KFGvY5","tlshash":"bf72cf83f467d9f0f42836305db116e3b979ef357761ace0621445aa1232bd02e847dc","first_seen":"2023-05-08T23:10:23Z","last_seen":"2026-04-05T16:36:29.65138Z","times_seen":19847,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260330/2026033012455224267.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260330/2026033012455224267.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 30 Mar 2026 04:45:56 GMT\r\nEtag: \"064806c15cd8ffc4514afed80d5dea34\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 30 Mar 2026 04:51:32 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 3121\r\nContent-Length: 99472\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12582312484144075016\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":99472,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"064806c15cd8ffc4514afed80d5dea34","sha1":"fe87f9055d910770287980339c9e149f766b70cb","sha256":"e9abcbadf814f1c246e7604f1d5bfb930c078c9fae78f8601cf48eb81a7f8b0c","sha512":"d2e420c03d60ed5ca8ace503c0eef5446f6d1c80a6399a655d7b0fdc3009ec4c2da5b94ef7f914561b779942ef99da3611ade82f04c6222d1018b5ac9f20c61d","ssdeep":"3072:3mBCs2fWUVvVfWqnfd+D4QnECpC/Inm+VAMDI4K2Fsro/pKS:3mBCFuUt4qnfgECpC/ILAMM4Fsro/8S","tlshash":"eca3125e98342661c52762ce136dd951b93983eb0cb02fe1d820262e9f7d7e73a3e1d1","first_seen":"2026-03-30T16:40:17.041194Z","last_seen":"2026-04-05T17:19:08.001842Z","times_seen":2713,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-04/0d68a510e106cbec4f0a5351012398b1.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-04/0d68a510e106cbec4f0a5351012398b1.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 04 Apr 2026 10:33:56 GMT\r\nEtag: \"e51ef3e3ccaa62a426cd789a66d473ca\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 04 Apr 2026 10:34:01 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nContent-Length: 270864\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6947922655318997028\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":270864,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"DOS executable (COM), start instruction 0xe9ef8714 1779637f","md5":"e51ef3e3ccaa62a426cd789a66d473ca","sha1":"a05cb57a2f8db0aeae557521e780877145edf257","sha256":"96b2b9bd671adb756ad94afdc92b3aa857675576a8e6d7cd0213257b0f709618","sha512":"175474ef55db136c5e02ad56245b84aaaafd812137da51d51341f379f436590a12225824a4bb6fb5f2e7e2b9b2410e883fcbe5fecf24b0f71f5817453ffe9dbb","ssdeep":"6144:pwgF6Tu1KzzpvLsUEtVrJqnhas/I9j3x90sIvDo:pTF6Tu1QNQ3zJqha93f0sIv0","tlshash":"bf4422a5f3aa67f7e9ba722cf2efdd067ea834f0627b67511d06d103418c7884982474","first_seen":"2026-04-04T11:37:17.990311Z","last_seen":"2026-04-05T16:59:41.045043Z","times_seen":3363,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":35,"dns":0,"connect":0,"send":0,"wait":20,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231025/2023102511321596540.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231025/2023102511321596540.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 10:47:00 GMT\r\nEtag: \"17bd572f88a1fee3c902a691acdb8574\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 17:52:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 63000\r\nContent-Length: 608\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7111708489535105142\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":608,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"17bd572f88a1fee3c902a691acdb8574","sha1":"1dab6e54398b54b5b1082bb52a6ebf923434826b","sha256":"8c6a0267279f65b90e630d1f0c58c2d29b793c05aac1b343b0c10b77eb4455c1","sha512":"92c347130852ae789476448e289de577641145551258eb0fe4f263fe2011f36775d4c775da4898f413948943c1b5f92abe09703effd88b3fca236d0654ba2f76","ssdeep":"","tlshash":"e5f0b71c829184fd618009947cbfcd43005da6ef5dbd0321f14a17505cede0ec6e262c","first_seen":"2023-10-25T11:55:10Z","last_seen":"2026-04-05T17:01:50.285235Z","times_seen":18059,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":98,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/Search/pc-nav-icon-qq@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/Search/pc-nav-icon-qq@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 712\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:43 GMT\r\netag: \"687f821b-2c4\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: JIvN1TtQ9MuVYPoGbjadKxO82beBR-dvu5tXvTeTf6SM4YEy2FowIQ==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":708,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit colormap, non-interlaced","md5":"0032e13d45b2dc636e67e98a52d66792","sha1":"9cd222e4079d7ab780b2d4ac38d05fd968f3e85d","sha256":"45dcff2f7f3f48fdc5fd0a3a8720827db74347b89c41de15f215af07beb780f6","sha512":"caf32cbaf55c3efdfadc2f0c1aaea7e61b8a84aeba5338372cad9248bda6eb0a8782dd4a3568c6e8307a3f7b2310a576d6497c70ac038ffc94adf4398cce91a0","ssdeep":"","tlshash":"650188d2271f8ca48e0ccc1b4daad0c56c3456b72582f907b517d8676314b5dd3ea004","first_seen":"2025-07-12T04:18:50.988139Z","last_seen":"2026-04-05T17:01:50.280661Z","times_seen":18059,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-15/61deaa6ba18626493d9c1a626de1d519.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-15/61deaa6ba18626493d9c1a626de1d519.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 15 Mar 2026 13:54:54 GMT\r\nEtag: \"d3ece6cd4289edb6085771a82508c573\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 15 Mar 2026 13:54:55 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 528\r\nVary: Origin\r\nContent-Length: 98640\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14560176750164937887\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":98640,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"d3ece6cd4289edb6085771a82508c573","sha1":"b195f0b5dac759b0a103c9a695efe0e07c964a1d","sha256":"6531e632718c07c6b38dc6035be2aed5405c9e263c69135ed5ebf458a771000c","sha512":"4849a3e04c7ba79765522c8e07d4b8099b5507a35b72041aec07cea63f5b09fd80fb6b104713a0457754eaf5cac34d28cf4859189688fd98d38c399a0a8958ee","ssdeep":"3072:qQyVEt3Hjye9fYituhOKOGZwjrWeWNSe1:x/XOe91tbK9ZErWeuSe1","tlshash":"f6a312f842d196aa5c1f6e4509d31ada13fd0f06f43ecd7f482186722e42a38b553a7c","first_seen":"2026-03-15T15:08:50.270713Z","last_seen":"2026-04-05T16:38:14.786434Z","times_seen":3590,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ap.dc-report.cc/api/eventTracking/report.json","fqdn":"ap.dc-report.cc","domain":"dc-report.cc","tld":"cc"},"ip":{"addr":"13.251.76.74","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dc-report.cc","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C2:B5:BA:75:40:71:82:8A:0C:30:43:7C:87:CC:C2:C3:63:69:3A:16","sha256":"41:CE:19:28:BB:9F:95:C3:A8:5A:6E:DA:C9:CD:C2:6F:06:2F:9D:37:81:96:91:C2:D9:EF:88:93:F2:EA:18:E8"}}},"request":{"raw":"POST /api/eventTracking/report.json HTTP/1.1\r\nHost: ap.dc-report.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded;charset=utf-8\r\nContent-Length: 531\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":531,"data":"event=ad_impression\u0026page_key=float_ads\u0026page_name=%E6%B5%AE%E6%A0%87%E5%B9%BF%E5%91%8A\u0026ad_slot_key=float\u0026ad_slot_name=AI%E7%A7%91%E6%8A%80\u0026ad_id=TJ-001_tj_web_346\u0026creative_id=\u0026ad_type=banner\u0026seen=true\u0026channel=\u0026uid=0\u0026event_id=895bad08c99c1d3fad84f80bed43483c\u0026app_id=TJ-001\u0026sid=de42300b7d09fc989b7aadfaef720d6a\u0026client_ts=1775381975\u0026device=PC\u0026device_id=1c4811d873aba2fabfd93c7a0ed1756a\u0026user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026device_brand=\u0026device_model="}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 09:39:37 GMT\r\ncontent-type: application/json\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: null\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":2362,"timings":{"blocked":998,"dns":0,"connect":340,"send":0,"wait":332,"receive":0,"ssl":689},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/DPlayer/assets/player.js?v=2","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/player.js?v=2 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 3223\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Wed, 09 Jul 2025 09:40:44 GMT\r\netag: \"686e391c-26f9\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 1aW6ZtAZNyBjpdJoHpUX0RAp4Ut2GUYUFnh_aaQzJit4BgfkQJDL0A==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9977,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"83892d8a68ef40d8b590aaffe1a1ea90","sha1":"bcb851f390bcad66b9abf380d853804640f79f19","sha256":"f19af12f8a2524ead69cba2e384d9ef22dcef4135142487205339766c4bf83c1","sha512":"40e845b726eed3d9fcd6ef5814804a74d0c9cb8de0104886e959966789392fb1b2c54959549e7b5dc101127d08a8923887051b752cad60bd3e9c327dc70f9919","ssdeep":"192:46DT0iUiKNEhZJ+Ec1A7bUMjoSxXLHyiZ/9S/ClPM1SptIEu7VfWkhCv:zDT0iUZNEhU4Rn/R3IvYkK","tlshash":"bb2241ddb7f310241163a06d5baf91147234c20b4604ce54bd0faaea9f19daad6f27f8","first_seen":"2025-07-10T19:56:45.015538Z","last_seen":"2026-04-05T17:01:50.30494Z","times_seen":18503,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-02/10f92ed44f4098d19c7fbff9768e93a1.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-02/10f92ed44f4098d19c7fbff9768e93a1.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 02 Mar 2026 06:48:25 GMT\r\nEtag: \"187f99ba1efb62f4fd77a904fc7c446f\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 02 Mar 2026 06:48:27 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 652\r\nContent-Length: 396320\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15547016945160697277\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":396320,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"187f99ba1efb62f4fd77a904fc7c446f","sha1":"44f5b0b73f5ee7005f26286cf274659683a72f7a","sha256":"6e4b07c831dfcb366ae49ad9414f061a97bf6950107408e1a8a1330ab6d83d89","sha512":"94b98f5dae6f93b865110bf3487f022fb888157f52fd19023b20b14403173711c4d5c8290516741ae86bf88b9f12bb35430cd3568fe79c6955deba4a9b5c8897","ssdeep":"12288:fBAD4bQPB/CV9NI1R4CB7Q6096U/Q1ghvm9:5A5p/iNETE60AMh6","tlshash":"8484233ac855e5b3c51179cc22c61de1ea8f2a24d3e5cfa9c0efe44fc26a5593b8161c","first_seen":"2026-03-02T13:10:46.72352Z","last_seen":"2026-04-05T16:38:14.774645Z","times_seen":4272,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":3,"connect":24,"send":0,"wait":26,"receive":75,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/206b381a7070d0098e45adff94142a4e.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/206b381a7070d0098e45adff94142a4e.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 10:36:31 GMT\r\nEtag: \"aa17b2abf016a6a67f1abc758d9f953b\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 10:36:32 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 528\r\nContent-Length: 223536\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13004576905363328982\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":223536,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"aa17b2abf016a6a67f1abc758d9f953b","sha1":"c6e40dc70565bd90849b6752ef3e0f878080b256","sha256":"5e0f020fc8b0c96f00a6a4b22b024f31de337fbd25ab451cafec5cd48afb8d65","sha512":"119bf79be647226e334d685c9898fdac7b4ea4a9e0736fa3a261483adf43aa84202201b55086e6c067d75ca49b0563a4f63b282ffeb1f4dcd3f195e6f63a97ac","ssdeep":"6144:I3CYPO50ViUpOZeYLeeYY7h91QTQpXCHcqzBp:I34k4ZLeeYYxXCH/7","tlshash":"6b242387013b903a7e17913b9daddda170009eb82802aca1c347a4c9d755facf99eb46","first_seen":"2026-04-01T11:04:29.225549Z","last_seen":"2026-04-05T16:59:41.114255Z","times_seen":3484,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231025/2023102511321748042.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231025/2023102511321748042.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 10:48:33 GMT\r\nEtag: \"0a924cade949087f8b6bf7313aa986ef\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 17:35:53 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 63986\r\nContent-Length: 480\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 16660291057716337962\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":480,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"0a924cade949087f8b6bf7313aa986ef","sha1":"056a7262d79428dd375e0804bb442f31d8c8c075","sha256":"bed19286a8429e9bba96a38393b3e23dab3449f3080833745238aab768ea7bdc","sha512":"20f6cd8832039db48068c7176c216dea73aad21c694784c0c5ed352c25f7bbad9907fca1b3c58e43ba73d26ccb7b54218b571b79ca76f03914efda6156855d75","ssdeep":"","tlshash":"0ff054bf501576ec00345ec404a5d026351e90cf6f4dac5f91d0b2c30e1ee643207180","first_seen":"2023-10-25T11:55:10Z","last_seen":"2026-04-05T17:01:50.246655Z","times_seen":18037,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":119,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231026/2023102620184160107.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231026/2023102620184160107.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 28 Dec 2023 12:12:49 GMT\r\nEtag: \"a6bdcdf9f788925c40b4933ade16e75a\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 17:12:44 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 65375\r\nContent-Length: 736\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 240436665389418342\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":736,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a6bdcdf9f788925c40b4933ade16e75a","sha1":"b9d417252d52c8bfa41462a728c67205febfb9be","sha256":"67f7c7ed605dda502279353b1b43c59fdabd43a10d84c1f9b4b925a0946db40a","sha512":"a9f62b51d36b29c6082e1730f497d0f7f9b9be8f15773600f0776c9dc955b1c18da3887c521ccafba00301bddf7ea3094976e162a8c8adb597d017b6b5744b7e","ssdeep":"","tlshash":"dd0165c210e56805b694a517758086f9ae44195987209c7dda568610ee33d338c54279","first_seen":"2023-11-12T15:49:18Z","last_seen":"2026-04-05T17:01:50.251639Z","times_seen":17862,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":113,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/layer/default/layer.css?v=3.5.1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 3428\r\ndate: Sun, 05 Apr 2026 09:14:04 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\netag: \"64b11d97-37bf\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: JT6RNtIlADvgzsdFLfbRfpCMnU0N_035hWCMNy9M8YsC40rirop2Sg==\r\nage: 1531\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14271,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14271), with no line terminators","md5":"c234eb06d5f32055092294e78957f17d","sha1":"f15ee0bcb9694f32f5e1d524f2653aa0dd043402","sha256":"5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540","sha512":"3f06b51116d7f8026d81c7eb6a3c4d871462d09fe0a5b8cc8b7feaf20cbc88b0b6a545f0ec7cbc17566a9ff609405f58fad6eddfb3a8b3f6d530ede8fa3fad5c","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXi0nMLPD2OtLzAyPHL/LztJDzyv2OQ7KGx1j9d2/nWUU:1ELr2Otzrzzt42OQ7KGx1j8WUq4S3cU","tlshash":"f75242e144911299b0278721d6dc7eba32f88d43e5630caef2573c1f874c6dba2b6647","first_seen":"2023-03-10T11:40:20Z","last_seen":"2026-04-05T16:54:54.435074Z","times_seen":42699,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/qq.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/qq.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 692\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-2b0\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: yYweQTZDFcz1govYoHnvSanYcE9VkaBcbaC3ec5P6f56kS0buHzB7A==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":688,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 84 x 84, 4-bit colormap, non-interlaced","md5":"b438b2edc7a587a3d2d692af6ee71aca","sha1":"f0a18a1d84367d4ff0882cfd080fd8d30106b3a1","sha256":"b0179e7817d4ed817b4410cafe2d175db262c5b1c0e6ef55b31e18d801fa5e17","sha512":"969e750e8aa3209213fa782ecd4d5bd2a929d6e8e7e566288c0b716cdf5f55c122a7f57fcd70d34b13ee038f5ed34be3233f6fbb560a83756958731a5a0c3a38","ssdeep":"","tlshash":"310123c58ec66a0523af66d656f34013e4276faa242c762c6da27858ceb515050136af","first_seen":"2026-03-26T09:29:38.938458Z","last_seen":"2026-04-05T16:38:14.839592Z","times_seen":3234,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/search@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 634\r\ndate: Sun, 05 Apr 2026 09:14:09 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 05 Jun 2025 07:04:02 GMT\r\netag: \"68414162-276\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: O-GaqScQgBlw2G8zbqIK7yzekysJ7AS8LBNcXZ7txSnB86Yv0sFSeQ==\r\nage: 1525\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":630,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 4-bit colormap, non-interlaced","md5":"a4b5282346fb42d90c59fa556c76e8e0","sha1":"0a12261356eef879559d3bc1dae88cf08dc23a1e","sha256":"aa5da5e9cc04a263402c2c75dc6485c929de92186e8efb80ba3c7cd9604bf950","sha512":"c385c6f1f449891870f786d9fc9bf140cb4218633c39b09ce7895b0c8950ae918327a49036b63f793e58dfec8ba308050d2cef338caffc1b6c856eb31893e6ab","ssdeep":"","tlshash":"bdf00251822d7c9bb34b2916c0177762f858d915771113cfcf0aa83c59151d6c2fd209","first_seen":"2025-06-06T19:17:52.685678Z","last_seen":"2026-04-05T16:59:41.07205Z","times_seen":19605,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-04/8b92c321e3cf3990edb0a7ae0f121f1b.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-04/8b92c321e3cf3990edb0a7ae0f121f1b.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sat, 04 Apr 2026 10:25:04 GMT\r\nEtag: \"75f10b7b10d237f65701f2ba4cd0f160\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 04 Apr 2026 10:25:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 85\r\nContent-Length: 243872\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6330614851852801285\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243872,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"75f10b7b10d237f65701f2ba4cd0f160","sha1":"9a345f23ec749b16f77e9e2268fcaa76dc207def","sha256":"d2ff23efb11bb7babc7218da09e45e5de163e8636c4d8b138babecdde1ea19ed","sha512":"3fc535e7dde7eb45bdfa4cc75d1d851f932e52dbedfd2f1c440681056c5616d948dd1ef4e10a9c2ae1ba38d6d1ddac0c9de3d23139af1322f4a5931589a011f3","ssdeep":"6144:HjXSQ3IS3rvVRw6rKNP6ybJak2sBRvSU752V8bYg:rRT7dRwxt6ybJYv+5Ag","tlshash":"183423a2e1f2d669058c1d72512799e1d7cfe1ec70e562cda7e4c8e60381d822f7f690","first_seen":"2026-04-04T10:46:05.491268Z","last_seen":"2026-04-05T16:59:41.070053Z","times_seen":3363,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-25/017a6f8a35080f8dcd14327a325d9ef2.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-25/017a6f8a35080f8dcd14327a325d9ef2.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Feb 2026 10:48:11 GMT\r\nEtag: \"f359e4e211f9ef0333facb7935ee2c6a\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Feb 2026 10:48:31 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 135\r\nContent-Length: 501008\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 724188120910054246\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":501008,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"f359e4e211f9ef0333facb7935ee2c6a","sha1":"9e022264cf40e011823b4460f13795cfc38afa8b","sha256":"d041ff5176b7f88072c72e38b0dd6f0b4fe15f6eb6a7ad7a8578a6e524025fbb","sha512":"e1312ed955c861fded1da75dd9cc86de0f04a4b498571a398052296445b41c0082c3e0cd34349ebeb5d63d4f399d0cd1d0ad7782ca67e68ee665a58b40d63989","ssdeep":"12288:UosHVKU3eFUqKTvVZE1JZvsIr/ue7weNbxnZgsBRotUeB:xsV3eTKTvVZE1X//weN1ZgstK","tlshash":"98b4239dd2c0c09a069572b0c458276fbda746e3f58c7b3c22e1269e77849899fc807f","first_seen":"2026-02-25T11:18:39.742443Z","last_seen":"2026-04-05T17:19:28.175101Z","times_seen":5988,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-P6HKH41365\u0026gtm=45je6411v867709946za200zd867709946\u0026_p=1775381974547\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=a\u0026dma=1\u0026cid=1816695674.1775381976\u0026ecid=31576192\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AAAAAGA\u0026_s=1\u0026tag_exp=0~115616985~115938466~115938469~116991817~118131810\u0026sid=1775381976\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2Ftnbnfwikil11.nmmwgwa.com%2F\u0026dt=51%E5%90%83%E7%93%9C%E7%BD%91%20-%20%E5%90%83%E7%93%9C%E7%88%86%E6%96%99%E7%AC%AC%E4%B8%80%E7%AB%99%EF%BC%8C%E5%85%A8%E7%BD%91%E6%9C%80%E5%BF%AB%E6%9C%80%E5%85%A8%E7%9A%84%E5%90%83%E7%93%9C%E5%B9%B3%E5%8F%B0\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026tfd=2656","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.32.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:36.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:36:32 GMT","end":"Mon, 08 Jun 2026 08:36:31 GMT"},"fingerprint":{"sha1":"F1:EC:3B:52:4B:66:50:1D:0B:50:65:93:DD:B9:FD:40:BF:2D:6E:7B","sha256":"46:A7:13:4E:73:FB:45:6B:0B:73:AF:6C:C5:72:C7:83:79:46:1B:0D:3F:B2:A1:0C:AD:70:4A:EA:1E:4A:D1:2B"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-P6HKH41365\u0026gtm=45je6411v867709946za200zd867709946\u0026_p=1775381974547\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=a\u0026dma=1\u0026cid=1816695674.1775381976\u0026ecid=31576192\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_eu=AAAAAGA\u0026_s=1\u0026tag_exp=0~115616985~115938466~115938469~116991817~118131810\u0026sid=1775381976\u0026sct=1\u0026seg=0\u0026dl=https%3A%2F%2Ftnbnfwikil11.nmmwgwa.com%2F\u0026dt=51%E5%90%83%E7%93%9C%E7%BD%91%20-%20%E5%90%83%E7%93%9C%E7%88%86%E6%96%99%E7%AC%AC%E4%B8%80%E7%AB%99%EF%BC%8C%E5%85%A8%E7%BD%91%E6%9C%80%E5%BF%AB%E6%9C%80%E5%85%A8%E7%9A%84%E5%90%83%E7%93%9C%E5%B9%B3%E5%8F%B0\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026_ee=1\u0026tfd=2656 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: null\r\ndate: Sun, 05 Apr 2026 09:39:36 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:178:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:178:0\r\nreport-to: {\"group\":\"ascnsrsggc:178:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:178:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":118,"dns":0,"connect":21,"send":0,"wait":31,"receive":0,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-P6HKH41365","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.359Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:36:38 GMT","end":"Mon, 08 Jun 2026 08:36:37 GMT"},"fingerprint":{"sha1":"8B:73:AE:59:60:F4:D1:86:E6:25:8C:8F:1E:F7:92:DD:D3:8C:F0:DA","sha256":"F6:EA:BC:29:37:15:42:CF:41:13:28:BA:F3:C5:86:88:DD:C6:3F:81:75:10:45:14:D6:EC:E6:F0:E6:B6:B1:04"}}},"request":{"raw":"GET /gtag/js?id=G-P6HKH41365 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 05 Apr 2026 09:39:34 GMT\r\nexpires: Sun, 05 Apr 2026 09:39:34 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 167881\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":517877,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"404d910728f330f88b6d242a3b88e94c","sha1":"8c24eac37e1300082c8f9f6e6abc573cae648f9c","sha256":"2a9eedd86a7e45c61481b0192a86a77b834de180d811a54fb85f0fd178930623","sha512":"7251a7228e2aa13c8f049aa21c64d23713476bf341430c3eea9ae58e5e2a7ba0abd86673c95b61a78386781b3c0c165a6c20e3742c06959f7e0a38f86d088b10","ssdeep":"6144:Gl3eqQGzLr8DP9EGb/F8x/aGW+/5EiWn6powUL8gftB:2zH8KGbt8U+AN","tlshash":"feb40aceb3d674225396f478d43f01cba97b25e2b45cc8aab089cce01e3455a5267f78","first_seen":"2026-04-05T07:04:02.034235Z","last_seen":"2026-04-05T17:19:07.983544Z","times_seen":1238,"resource_available":true,"data":null}},"time_used":630,"timings":{"blocked":234,"dns":0,"connect":27,"send":0,"wait":51,"receive":83,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/swiper-bundle.min.css?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/swiper-bundle.min.css?v=1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 5081\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 29 Aug 2024 12:37:00 GMT\r\netag: \"66d06b6c-3e37\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 6Nrz5fR9oz6Kz6H6W5UrBfd7BxgXT3Q_awSbXjTUTzb0gzdx81vgTA==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15927,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (15672)","md5":"4f58978f1d4b2860f7cd2a14aaccacb7","sha1":"ecab9abbe6e9fd3f1f71760d665a6ca09a889065","sha256":"5e47bcf3c1df613cfc0c373b7ae064c7e9ef7b2d3cedba73baa10532068bd256","sha512":"79eb9b500a1711dd9ffe55be53f443a0be9dccffb04323238ebe4d6725c518b9d812c01f4b82112ab22762d757a27ccce7e059fd731da6093d25432d0aff4216","ssdeep":"192:obvmUJbiKneTT4bHZ+SKbP3p/a/AMQfHff21eesedOJ9A5Pz+c3At2/E:oKUbeTMbHZ+VA/AVfHfd4XYD","tlshash":"de62136813402c2753274f364b71cbb9ddb444924b93896e92c0ee84d7b68bd236f6e9","first_seen":"2023-06-27T01:17:46Z","last_seen":"2026-04-05T17:06:58.023572Z","times_seen":16137,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 758\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-2f2\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 8rM4CZWFxQtoUiFgymS62gWIMZoW9mn1_IuHCth1HqdXu5RxAQApfw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":754,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 84 x 84, 4-bit colormap, non-interlaced","md5":"e8c4a2f11a54a236d01be9d480bc6416","sha1":"60c3df5c18916d70592285db2870114ed8884a09","sha256":"bf7dfa326c23f9d45ce5b96e8b614ed975104ab649ad7c8ee20e9f09be632ed0","sha512":"04a77830842646fd45b2a03f6c7c4919049787a2bbde091024e677edc8884102b9165737d1ec97abbb504ab207f53a840d4c29ee6b4672ea1e0e276fe3d7320b","ssdeep":"","tlshash":"aa0199a6c0990d56f96964fae75fc045e9b11d905d100407dd16f41d68ba2b245c439f","first_seen":"2026-03-26T09:29:38.990317Z","last_seen":"2026-04-05T16:38:14.759116Z","times_seen":3233,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260331/2026033120144880492.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260331/2026033120144880492.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 12:14:53 GMT\r\nEtag: \"55bcdf48ecdfd3384e525d6f487bd583\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 13:40:52 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 44\r\nContent-Length: 86672\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6986029885301926870\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86672,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"55bcdf48ecdfd3384e525d6f487bd583","sha1":"e8914a574331d2ae472009dca3e1e30ae5027980","sha256":"93bf7cb08201fe2882f7a9adbeba1f05791a359772bfa47f0707605a0e64c85a","sha512":"ec6694aed4a5ab110dddf9b341381999a99c4db5aedf46f5d73280164a98ffdf4bb2ccbe4c8a210a502228121d5010de5553020f250e90d0966a4c68c9707aa1","ssdeep":"1536:IAuJ2b45f88Ws2YE2MS1Fl0uzS7eyyN6SDIC2bSfwfa+n2D:7uJBf8FzS7pzuehMSDJ09k","tlshash":"08831213907f0190a68b2fc4619e4c16d3c15f88495eba7d21fc14a2de722fafeb4d56","first_seen":"2026-03-31T15:35:28.963455Z","last_seen":"2026-04-05T17:19:07.972399Z","times_seen":2576,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-01/65e8a85b3114aa59613a126ff1708de5.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-01/65e8a85b3114aa59613a126ff1708de5.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Sun, 01 Mar 2026 07:14:07 GMT\r\nEtag: \"adcb1db33f4a184c0af8339266cf5260\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 01 Mar 2026 07:14:23 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 21\r\nContent-Length: 279856\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 414930754114774846\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":279856,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"adcb1db33f4a184c0af8339266cf5260","sha1":"1d165d534628185acd0e20d1fc42002fb99db090","sha256":"946a0467fc1aab75b9b4835b41bf3159e87cf4a681b0d466ff4351e6b47002ab","sha512":"305072ec0c6ecadf427596d2a938d7af4de5948884b14abefc479490ddf680671f2b143f266cc1b710a1eab8f7e8ba07950a65a8eefc7cdf484ce2b60b37d285","ssdeep":"6144:PQ1+mLNRW8vQTvN3e8qx/UdjiItHcvBZBcDVs+xp02Oqbz6:Ic0WKQTFu8qFU4IOv7BcDVs/Joz6","tlshash":"13542325a249c4c9502ccb48525beedb67e1e81f2f1a3744b0e870ed9d6e19ce5c06fa","first_seen":"2026-03-01T08:27:11.685811Z","last_seen":"2026-04-05T16:38:14.768073Z","times_seen":4879,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231025/2023102511321783155.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231025/2023102511321783155.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 00:08:40 GMT\r\nEtag: \"ad473bd0f40ea84076e2363e66e2243a\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 17:52:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 63000\r\nContent-Length: 448\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12504296868403059665\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":448,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"ad473bd0f40ea84076e2363e66e2243a","sha1":"c07cbfd2ff1f55c522953b9263c9b13e49385b48","sha256":"6090398a69e190aecc12c1a2a33838ff286c8530df40898d7fe2c6f5346b7452","sha512":"a2fc9a46dca25b7d169ebacc6f7ad1215ed47e2556a63f790b74aaf62b784f7b67d41480a96c46b9c1f5d51e5ebc25e18a4dc67fa00e21cff2ba3a90eafa3a6b","ssdeep":"","tlshash":"e9f02b343d29c0f1a0d1b53b9e54cd01d211724d3d7c41bfd235731607ac5574451163","first_seen":"2023-10-25T11:55:10Z","last_seen":"2026-04-05T17:01:50.23238Z","times_seen":18059,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":122,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/search.css?v=2026032602 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 12929\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 11:11:31 GMT\r\netag: \"69c51463-12697\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: rYMjEKU21MJ1Xnle2bX4aPFQybWtfndJV01vHhcn_azDoCt-d-vOMQ==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75415,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"7314edd6a2d0f543b8c6087c4f439241","sha1":"505c5b7d58b2c0cf04da6cea47e23977062258d0","sha256":"dab1aeb8960447b5b8d759965383796acdef3900c891cbd9d7215eb304fa6072","sha512":"7f99c294e0984e06a9a43ac2007d20f9b6d5b9eadd7b66ab7427eca809e26b8b1fd00bb8e008a54f862d55a78da384eaceb999ace6c324f1ca90f9c807f31346","ssdeep":"1536:rH1OEnq8Zo8jc2dod5dwdKdjdgdQkKLOLHEh:xZo8IkKLwO","tlshash":"d273cf0b9b530125fdb744ac2b6a7b842729d407ed05ceac7bcea584cfcb954b4a17c8","first_seen":"2026-03-26T12:11:43.176385Z","last_seen":"2026-04-05T16:38:14.805715Z","times_seen":3211,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/tbxw/js/zzz.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/tbxw/js/zzz.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 20137\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 14 Jul 2023 10:00:50 GMT\r\netag: \"64b11cd2-c67b\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 1gWSxaSldCFCF4ZTA_T5HcPw7B0Z_fNWIrh3v6MbNWz5cLt775muCg==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":50811,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (48316)","md5":"78dab9fcf576de8cba46edd716dd2309","sha1":"7113abe41f95159f9bfccf70d01bdda1055af2ad","sha256":"7c66d6c8e2c470780513a282b66e2b5b7429ed863d6a0ecd6054b38dcda004b5","sha512":"dbb858875e532b475f827c930c154cac09e9a952b20053a0f7e1b34a050100a0a3a41f8aabeeab4af2dd90082363fe3ced3a5957f7250a4918d305b49655e040","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpn6ZFCsUleZ:vZYDc6lXJd1mZpZEdq","tlshash":"da331bc5a19c609153a774d50d7f704bb4637526170d89acf228e8eeecfcaea9039d38","first_seen":"2023-03-13T16:33:51Z","last_seen":"2026-04-05T17:00:52.62584Z","times_seen":26402,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260326/2026032600091186129.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260326/2026032600091186129.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Mar 2026 16:09:15 GMT\r\nEtag: \"b532963eddc9689f32f9c21e5063c9fa\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Mar 2026 16:14:54 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 620\r\nContent-Length: 121168\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12716492151510272231\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":121168,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b532963eddc9689f32f9c21e5063c9fa","sha1":"c197d0cc943a079ad243409adf56fbf944c962d9","sha256":"23ff636ab5b3a9f7e5c6e3031e3dcf701a775eb28c1ca985dbab1b0172828eca","sha512":"780015b889c2a1983af81940ed80520730652aea8ef333001119110cdec89a0db35a42e4b60a5bbd4aff8717c0c85bfca6619a6e6f76893f8d7f294b051efdf6","ssdeep":"3072:q8zx9D9rq1IxxhRjowyae0biqFZIT4wufSZFrmewb9mEOAeXQ6:qm99x0aeWiYZO4wufsQewxmpVXQ6","tlshash":"abc3122a0ec4482b19f28c3bac58c7add6088fb7b93b5c5591b16646553ce52333da2f","first_seen":"2026-03-25T18:46:40.418932Z","last_seen":"2026-04-05T16:38:14.808243Z","times_seen":3276,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":59,"dns":6,"connect":13,"send":0,"wait":10,"receive":15,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-01-02/5cb046860966755a832038ab7bf87beb.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-01-02/5cb046860966755a832038ab7bf87beb.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 02 Jan 2026 07:33:13 GMT\r\nEtag: \"7732554aa56165e5e79bc7baa73f28b6\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 02 Jan 2026 07:33:13 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 61\r\nContent-Length: 139696\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1188664705898221014\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139696,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7732554aa56165e5e79bc7baa73f28b6","sha1":"3850fed723a2043456859d9984f77192250e8e46","sha256":"a60df5a59fbed98d6d14e2b8c322ad10995b5997ddfd6923767e8e043d21339e","sha512":"083b3c8c26286343d42e5b3d8b465ac12386bfc5bd461f5e68124e02c5503365afec4d7ba1a24648caa4dc920b4e2fc19a392ff629918311604805f1ae2b5499","ssdeep":"3072:6WUpH1vHlc2a7tivnOYy1jp40vPq9p0wnvtghUFvnS9w9CXO3QhkD:IpH1vzPOfjpzvS9CwvtgYvTp3QhK","tlshash":"dbd3124c9c60c82e175b4673a4f2498f166b060fe82e84b277691df377539f696083dc","first_seen":"2024-08-07T12:14:14Z","last_seen":"2026-04-05T17:32:01.087647Z","times_seen":7430,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/d17322eacc370df9d8c74917a4d81688.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/d17322eacc370df9d8c74917a4d81688.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 27 Jan 2026 14:10:23 GMT\r\nEtag: \"8e78105502fd4718f8c170301ef24f37\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 27 Jan 2026 14:10:24 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 15\r\nContent-Length: 152560\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13823036549183666026\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":152560,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"8e78105502fd4718f8c170301ef24f37","sha1":"99359fe1c90ca4f43885b194682566cdca7a2732","sha256":"0f233333867ea57405d816c09f33ae4474a9c274045e730233930f9e334943f4","sha512":"08fff58185fd6d81eafd8f5980ba8bfc2a7dd8da92fba6b707b7c862e055c02851fb9679d34fc988c7b4cb18ea007ad114dbb27deca0b3b182ca2dfede87b9d5","ssdeep":"3072:B0nNq9uJdr2tAenbIW2Q5Xh2qBFXNJ5d6cDlf9xttJ0MtSll:iNqogFIW2A/FXNJ5P9xltSll","tlshash":"0ae323fcfde77e30c6743ac6986500e65b82fb9d62063729ee148fd4087697a39e0548","first_seen":"2025-10-18T12:51:03.886963Z","last_seen":"2026-04-05T17:01:50.236348Z","times_seen":13713,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":115,"dns":0,"connect":0,"send":0,"wait":26,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420520426003.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420520426003.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:09 GMT\r\nEtag: \"51419f3b333d8eb4ea1815f60c5aa1f8\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 09 Oct 2025 03:12:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 83847\r\nContent-Length: 480\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10654910064629060797\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":480,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"51419f3b333d8eb4ea1815f60c5aa1f8","sha1":"73cca655def494d52431bf6b70b03a53d2266047","sha256":"b940f4a6ea758b9ffaa1a7cfaa9ab6d08ae73e2fb77b30c60b15fb64200af77c","sha512":"ccf724c3e0eb4f5a6a59a5ae7dd96089f9b2d89b82330d6dd64f0baa9286666be0eda76656715f2290203f5241dea851a59823eb18b1ef8ea42fc5b2c2a018bd","ssdeep":"","tlshash":"c4f0540ddd7b01e4efcc28304d03950b71ba3e2947016f2c234f89e21d1d1c41195815","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.25492Z","times_seen":18011,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420561168459.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420561168459.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:09 GMT\r\nEtag: \"745e05087f2c2985a982f236036c750b\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 11:18:57 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 202\r\nContent-Length: 1008\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4063523616946821186\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1008,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"745e05087f2c2985a982f236036c750b","sha1":"0ee044b91f7f2e3c88b43f1f3f33d474a032f09e","sha256":"0e492574eefb14856928c6210ed8a109e0ae77e529168ac15d2993d64d4e0953","sha512":"e0dd8a6d0a05a00b4049f721654da619e50575a7466e2e5e7d4ae620ac753c34d78f529b58ce566048cf49fad7d205dbc95da3d519352500229ce0d04723d4ff","ssdeep":"","tlshash":"571165b9805d5187ab6d9b6734ed26aa75e5174de3fb3d5b8261658374040060044c29","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.236875Z","times_seen":17858,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231026/2023102620184263484.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231026/2023102620184263484.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 10:47:00 GMT\r\nEtag: \"946b371c92f41dbca23c565c90e21f03\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 14:05:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 76602\r\nContent-Length: 688\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 4135191319859615950\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":688,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"946b371c92f41dbca23c565c90e21f03","sha1":"a6a99ac271f1bc2b2589ffd9811dc10b6079e927","sha256":"9f48835d6b4ad4d6310dfb1b45049caafd7517008223e12b7003cf06080e4ad3","sha512":"af96d4ec2af6ad354f58d1319b35c30d9eab05e2988f5569223cfaed1cb0b06f1893255d459963aeaf89a0f4728b505715f31c1baef587935420edc3eebfd1da","ssdeep":"","tlshash":"f40144f482df411d82a8de89623063e4320e98063761c351f522d9f41d602b7444aff4","first_seen":"2023-11-12T15:49:18Z","last_seen":"2026-04-05T17:01:50.268223Z","times_seen":18034,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":110,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/mirages.min.css?v=20251216\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\ndate: Sun, 05 Apr 2026 09:30:48 GMT\r\netag: \"64b11d97-12d68\"\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\naccept-ranges: bytes\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: hNtYoJAf7u6TFtyBiSJk34ooiviiocF2N3JagbzgqZw1W4M620_XRQ==\r\nage: 526\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-05T16:45:27.588207Z","times_seen":413580,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/abd51bbed55f025430536d4e75e4a27d.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/abd51bbed55f025430536d4e75e4a27d.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 31 Dec 2025 11:00:15 GMT\r\nEtag: \"70a375bcdfaa14189a1336bb44d43a3d\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 31 Dec 2025 11:03:12 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 96\r\nContent-Length: 222768\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5494418510011985085\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":222768,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"70a375bcdfaa14189a1336bb44d43a3d","sha1":"9202eccdd3beacb9960d1ddcb77d9535e0823a2b","sha256":"2dfa9d0dd22a7d0bb2d1913c0fb967f63ba85bd04a0cbd56ef95c6621af10849","sha512":"9ec858e427ef1f8ec35c4d2c5681ad89c91d0772502cc41dea7821240c635f339b83e688badee19e9547bbc9a22fa845fd9f656283660009cb79655e2387da6b","ssdeep":"6144:ECyE6fRsUAqjCoN3lXMrMlHNbBzbWtuTky02m:EyU2XNOHNbBzKNy02m","tlshash":"8d242310ca7d9001ab8684d57cd6a4bcd133b730660c5b1f91b8abe269cf1b50e7b69b","first_seen":"2025-06-14T15:15:15.370117Z","last_seen":"2026-04-05T17:06:58.058935Z","times_seen":14183,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/f5435c59304ddd630112549ac85616b2.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/f5435c59304ddd630112549ac85616b2.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 15:14:36 GMT\r\nEtag: \"11314708f043cfd3853f62eac2445b73\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 15:14:39 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 53\r\nContent-Length: 189840\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 11167781591449004697\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":189840,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"11314708f043cfd3853f62eac2445b73","sha1":"9b18181feb41e10bac3ec0c6285757b12a4f5bdc","sha256":"9e37f1dd08c4f908ac11571212da3c4eb12a518c0f0b8647b57224673e7f5850","sha512":"acb74e143326ffa5b4b582791869e8d08a82127d9f39269ff7c0eb82297e1419482513d034c45c16bcf8e2bd48c308317e3fc82f2024a78d7dfedc79b2082077","ssdeep":"3072:Yz4oIw7wolccUA189H14rjsA6V78pPUCHNvtnYCkT3GfkWjeAAKyianrmvmWJYVB:Yzj7TlccUAuV4/DlPUMN1nYX68IenKy5","tlshash":"ba04132338dcd3a020d7af6e7896cb65c9d7de61e7d037d00674e06d3559e86220e1e6","first_seen":"2026-04-01T16:23:23.553891Z","last_seen":"2026-04-05T17:19:08.003784Z","times_seen":2494,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":9,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/3fe7cbf54b558455ba3f6cceb89edb3e.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/3fe7cbf54b558455ba3f6cceb89edb3e.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 10:44:33 GMT\r\nEtag: \"61b5d004bb8e2a9c005aa7180a66a8ed\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 10:44:33 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P1\r\nAlt-Svc: h3=\":443\"; ma=86400\r\nAge: 1\r\nContent-Length: 150544\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5029732566431178095\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":150544,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"61b5d004bb8e2a9c005aa7180a66a8ed","sha1":"611e02b138efebc908cf88097ec1628a9dd5fc85","sha256":"dd9d4a44a5baee8d26ab61ffbda1b70148fcf307b30fb6b6ecfcd512c102ad47","sha512":"c9fbee0b4a6c0861b4b595756469f2fb1f2d34cb26c431c59eb6438dc1f9bd3374ae0b64650e02a2dd5d64afd63a5041d6e12e425d6329ca8fedcf0fda1c6f4a","ssdeep":"3072:Cu4OHV4Qx6B8iM7fQLGUf+mIBWNAyqWD24IA1lJtFLE1T3mVRv:GOM/M7fQtftI0N/vVIilBpF","tlshash":"27e31328cf1b4d9126b7ef8ec08d1d009436e9c28b3f2dec25566756d1094b9f4cae6d","first_seen":"2026-04-01T11:04:29.203387Z","last_seen":"2026-04-05T16:59:41.074066Z","times_seen":3500,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":21,"dns":0,"connect":0,"send":0,"wait":30,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/ads-close.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/ads-close.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3684\r\ndate: Sun, 05 Apr 2026 09:14:47 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-e60\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: TWVfH0HHFH9a9LDJHFUdfn6PrrlaHP2qfOr4l2d4JkkTH8fS2YQczw==\r\nage: 1488\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":3680,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit colormap, non-interlaced","md5":"bce8f4b10d2dbc022ab99bd81cbbe96d","sha1":"7241af47b82f6a19a2a2ba433ccc1cc5eaba299b","sha256":"86a0628056be4dc9d7da2e94f7378f668ff982214766518e8a802f7a5bf32ca6","sha512":"83aa88f2d13b612767153b2261897d85055a96e25eec5efa91c7f9f7acfcf1491915433f9e1438d5d7495def7467d7a3511db0f50341a2c7dd2a05847cb06329","ssdeep":"","tlshash":"e4717ed9faf95c9697058e662851f0ed7d33b5c0090310ef447120ad6cbb9e446edb92","first_seen":"2026-03-26T09:29:38.920905Z","last_seen":"2026-04-05T16:38:14.802078Z","times_seen":3168,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/icon-delete@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/icon-delete@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 593\r\ndate: Sun, 05 Apr 2026 09:14:12 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 05 Jun 2025 07:04:03 GMT\r\netag: \"68414163-24d\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: TfCfvt5ripdJrd2QRFbF1UjGF1u5p6mfXDF_dxZJlZe5-qPCIrHSjw==\r\nage: 1523\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":589,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 99 x 102, 4-bit colormap, non-interlaced","md5":"186ec31c3c1154addc6ec1fb8ebeaffd","sha1":"0f2e9a7e94ab44760f72705d02718e34697a7c0f","sha256":"9715ded51f20950c770eaec0f8eb8953163ce508df6e080d7a3b31660a21f1e3","sha512":"f441cb908e51513292262abaeaff1ea380a131dabbc5fb124e3a244845c8d6ee7b4ddfa7401c7b0e27ecf2abda4e6f38fbe4735121c421748b1e0bda39139ded","ssdeep":"","tlshash":"c0f0e141a9568ee4821d0c3a3c9bf4c4926f017ea09ce15d803b995954cbf9144d1ec2","first_seen":"2025-10-28T07:13:52.652764Z","last_seen":"2026-04-05T16:50:32.406993Z","times_seen":4675,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":30,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/hot.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/hot.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 951\r\ndate: Sun, 05 Apr 2026 09:14:12 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 21 Nov 2025 03:35:28 GMT\r\netag: \"691fde00-3b3\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: m_9Tp7YEVpCXsbdaPtPGtiOoGJ5CpKCopbYBczVNonzes0axH3Rcug==\r\nage: 1523\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":947,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit colormap, non-interlaced","md5":"60606d4e0f59fbdfbb8f5aa250984060","sha1":"6e1c590ce130c507335ec0c0dcea49778f73ad74","sha256":"9f7d99be622dd7e4cb5faa8518e99b4d0f3b7ed67c5407b0496532135707951f","sha512":"5679fa0685c1ee0e400c4647ef1ede417c69a3123a2c252255d4f7d1baed7189080874131ad2585ff6f5ad4a792e2083fb5b3036ba52b44cc95b5a2799ab4781","ssdeep":"","tlshash":"2b11c464bdea5db14e841e22436af245ac35b6ecd3332548da8f1040299f02abd817ae","first_seen":"2026-03-13T08:37:15.113735Z","last_seen":"2026-04-05T16:38:14.84915Z","times_seen":4028,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":29,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/rank-2@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/rank-2@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2604\r\ndate: Sun, 05 Apr 2026 09:14:12 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 05 Jun 2025 07:04:02 GMT\r\netag: \"68414162-a28\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Hyg7LIXE0d6Hi7Zw1Y0QUKMn2NN8l4K6uuQcU7J7a3hmNWzRICkTcQ==\r\nage: 1523\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2600,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 8-bit colormap, non-interlaced","md5":"3438e5aef62d0d9bebae0eb0b884de9e","sha1":"e1570b5c068b735a7367b83212a0524493913dfb","sha256":"490d481dc60eca11bff657185331c5a6ccc25f201b20bdf36c78ba833853293f","sha512":"104f434d690b6f3bf31d38487050c7d8e6b6a49ce380910313aeaed3dc0935c81898d917f9ba1a078af455a04ec4e0b2083b0acea69b04db762564f973873519","ssdeep":"","tlshash":"12514c68930cfcc6f060bde6017785a02af74e3b31b29acdde48ae206e79f84a4d1100","first_seen":"2025-10-28T07:13:52.634902Z","last_seen":"2026-04-05T16:50:32.488122Z","times_seen":4674,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":28,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2025-12-30/b0b6d72cb3831e4af86d892f5322f51f.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2025-12-30/b0b6d72cb3831e4af86d892f5322f51f.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 31 Dec 2025 11:30:36 GMT\r\nEtag: \"4d4782772c66197e7bb72273464acbcc\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 31 Dec 2025 11:30:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 182\r\nContent-Length: 266704\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10412439549037121183\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":266704,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4d4782772c66197e7bb72273464acbcc","sha1":"bb5180f3a210440991063df7c71a5f2a73235d66","sha256":"d1b7c5ceaec125a25f11bc63a88adefca0ebf8d4fd47586ac9e5e8c86d94c10a","sha512":"a9f581a25de284a7a4496c8d4f601f60b686cf7048ec0b9015e3131fbdef9e6a43af3c91fe84ba4e7335f516bfc38e28f07580bed9393be30a0943bd41ed2185","ssdeep":"6144:HZHcEA6bo7O9Do4nLk2E//R/+YFihoUDtUeZ7:HZ8EzSOhos4DWYFihoUBD","tlshash":"324423cb5875e0a1541ffa2ee80de01da06ad1fd46e4dda886adf2c53f13805c1f2a8d","first_seen":"2025-11-23T05:10:59.088648Z","last_seen":"2026-04-05T17:00:52.674802Z","times_seen":16525,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":87,"dns":0,"connect":0,"send":0,"wait":29,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/rank-3@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/rank-3@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2500\r\ndate: Sun, 05 Apr 2026 09:14:12 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 05 Jun 2025 07:04:06 GMT\r\netag: \"68414166-9c0\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: tP7CcNX455GRrGAIzC6xkFtkKekQ1Ln3629FN6tslv7qs76sWhRupA==\r\nage: 1523\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":2496,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 8-bit colormap, non-interlaced","md5":"44b6dc38e9133c0cea22f7458442ec3e","sha1":"4963100db4a6f4e33837a07f0d62370524423673","sha256":"28a64014ea2e54dee4a96dfd9923ea4693ea6a0532cf6cf5cd1c8f1aaa1e543b","sha512":"7351991697ad02b03a4e5ba0dbe7595cd5c89eb88749fa4c4df353b97bc896d0741a485faf72198694af42e58610ec3981e32b4752042b14127415f972f3db15","ssdeep":"","tlshash":"40515bda280dcc1bc2261875342cb81de565582c41f3e4adfee3c5a066a8c98c2f9d43","first_seen":"2025-10-28T07:13:52.658458Z","last_seen":"2026-04-05T16:50:32.419586Z","times_seen":4674,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/swiper-bundle.min.js?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/swiper-bundle.min.js?v=1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 45534\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 29 Aug 2024 12:37:03 GMT\r\netag: \"66d06b6f-224ba\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: ikcZ9-m5TTMjs_c3-dB9OIHOZJQThZ9qqeXjw5QcjgxFURRnp6AuMA==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":140474,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65282)","md5":"f9cadf6d58ee7c472ec17cc71a5cbe09","sha1":"1ff2760a4dbbcb6c9b5b7b5d614041f5ec0f9646","sha256":"ca14261d766828dfc9120faacc847fbafc086fb2948c5e219ac989403ba8ba2b","sha512":"f0fc4bef7db4a44d983ce101de96da366b94a0fd17d5fc8f721713f66f98cce0b602f570aa3134766d5501c86fd4f307bd31d0852b892e99d346a49f69980b4f","ssdeep":"3072:QJVnjuHkOVtuD6poy9v8cnWDkwV4y+6GEcTYEfBxK/Mxz:QJVniHkOVtuD6pl9v8cnWDpV4y+6GTcs","tlshash":"e6d3f8997320b1a552e3268b92a9c611e3b51400b409c4e871bd4c9b6d7e99c13ffffe","first_seen":"2023-03-09T03:55:40Z","last_seen":"2026-04-05T17:06:58.028514Z","times_seen":16199,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/Search/pc-nav-icon-gh@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/Search/pc-nav-icon-gh@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 736\r\ndate: Sun, 05 Apr 2026 09:14:44 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:43 GMT\r\netag: \"687f821b-2dc\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: fnZ4sw_9BiYg9s0O7DV7TJXf8iJ4N7kR1WfD6oLvaSPlbQVN5dkXsQ==\r\nage: 1490\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":732,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit colormap, non-interlaced","md5":"0065fa7f70b2b08b15d3fd0f5791d5b8","sha1":"d3de2f101b2f9e8b9bf41c2b896dafd6d760199e","sha256":"4d6b1fc6cfb3528a1ad9dc78c51f7005a26fd2251c49b1060e37f30e2a9caa2c","sha512":"8ed33dce5119cb2fd93dad87b72b3325e627c40e3cd20d50bb6726986a915e22daa2f23fc38fb09d2580295babffd0b55b20592fc9f41d1a7a7cd2888e8a6221","ssdeep":"","tlshash":"0501886323d95a3dfff841b7272171e46d455cf8996281c67a6d3001463d1ac9740762","first_seen":"2025-07-12T04:18:50.94389Z","last_seen":"2026-04-05T17:01:50.308854Z","times_seen":18084,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260331/2026033114340364980.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260331/2026033114340364980.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 06:34:08 GMT\r\nEtag: \"671b59df48e582fc3c0043f4caa3b55e\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 06:40:35 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 891\r\nContent-Length: 207312\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 15534690077377144859\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":207312,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"671b59df48e582fc3c0043f4caa3b55e","sha1":"2422d5b204ced6be9980b5586220397f9b7300f7","sha256":"761e71f2f65d2b7a418c0536583caa08226324a6f4fc550ec312066a3f4a5ab3","sha512":"fd1d4f6adb276d0c31ec552b630a35e65a3e9e0ca5446035fa7cdb4414f9c1eba2076eacefbba61591f3cbd03c7453447ccbdcc6c7de089d60910435bc8dca12","ssdeep":"6144:M+bUWKzV04btC4kd4wcBvaLimYvsGr3gFK:M+IWKzV0sc4muWlYECgK","tlshash":"a51423d9b10c4681ea38412f0c4cfc75362f86f6f8771b866a6b38d9564f793a228f51","first_seen":"2026-03-31T11:27:31.365792Z","last_seen":"2026-04-05T17:19:07.986767Z","times_seen":2669,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-04/50945d1881aefabc96de458175b2a50f.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-04/50945d1881aefabc96de458175b2a50f.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 04 Mar 2026 07:06:26 GMT\r\nEtag: \"4f893061f066d30499702a3adeff5c5c\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 04 Mar 2026 07:06:41 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 164\r\nContent-Length: 318976\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6998447391355217213\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":318976,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"4f893061f066d30499702a3adeff5c5c","sha1":"cbe04a3f6c0a7cea8c544305df90a65dcfe21d39","sha256":"ded2a60603f93906b6e3727ace27ccd454c34c1ea5299b1814cc5cd0c6192d73","sha512":"80d57eb8378b9f99f45d190d28048ad6efabc3dfbc877195043eb304c2c971843ecd654efd8a3b6a2a147f13a2e72e24fcb00fc62784722d9dfc75da500d60bb","ssdeep":"6144:j0oGFmvZ4vYXHgkAXLfxLTRPIoJ1R9DjIa9FR0VUlIGxqkn:gozR4gvcIoJ1THRym7qkn","tlshash":"83642287ea7bf5f78f9e320c4474482c144aaa437e868a852509f6d1c3ed7b03d16c79","first_seen":"2026-03-04T08:58:20.533314Z","last_seen":"2026-04-05T16:38:14.764508Z","times_seen":4063,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-02-23/591a7e6d2a7870a70100a2152adb9d09.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-02-23/591a7e6d2a7870a70100a2152adb9d09.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Mon, 23 Feb 2026 10:54:26 GMT\r\nEtag: \"b0794521e0979d1448429959272c2cfd\"\r\nContent-Type: binary/octet-stream\r\nDate: Mon, 23 Feb 2026 10:54:50 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 732\r\nContent-Length: 911984\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13073513170630838114\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":911984,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b0794521e0979d1448429959272c2cfd","sha1":"8ba087e04e60ccd8d7452ae669a287a23c45082c","sha256":"5c90a161c2094dcd2088f4d896652a78ba7728291bdb7899c2b1d872dc5fc67f","sha512":"eef910831eee04f339cc996fa936ea1d3f8c212a4b4d9b1edc9ed32fa49638b059469e57662958ed0aa67e437f3041778480dc725fc2b783b0da8b53fa751d94","ssdeep":"24576:QsLGssiQ+jlgtl77xXpUuSKcFaGuwXxMdh+LS260uMxLnSmd2o5K:QsxQwok3KcFgldhMS2oMJDdA","tlshash":"911523e9d44cc98acdfd4c25957774c6602750262318bbda6ebeb2b9c539320b134ef2","first_seen":"2026-02-23T19:19:00.438963Z","last_seen":"2026-04-05T17:34:13.205491Z","times_seen":4747,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420520535158.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420520535158.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:09 GMT\r\nEtag: \"6e220a8ec043e7945835b16c327d6346\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 25 Jul 2025 17:40:59 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 63680\r\nContent-Length: 544\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 449179749802781817\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":544,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"6e220a8ec043e7945835b16c327d6346","sha1":"c8481ea75ba92c081353928d121f7b8cc98cb382","sha256":"be2dde197704a4ecdf8ce80a296fee2e32b9a50125d3da59c7ddd324145dfde7","sha512":"9facd03c5abdfed6145fa35a475684e69768951cef50c530c7897f23ec332ec80ae338f9eadab69ff4efe542c30225646c8e29e6b8c8112838f7a3cfd877317f","ssdeep":"","tlshash":"6af02613537e004e2e1b198a6fad3107458164ef416a432d7bc21716695e7277465528","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.241909Z","times_seen":18028,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":103,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ap.dc-report.cc/api/eventTracking/report.json","fqdn":"ap.dc-report.cc","domain":"dc-report.cc","tld":"cc"},"ip":{"addr":"13.251.76.74","port":443,"asn":16509,"as":"AMAZON-02","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dc-report.cc","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 07 Dec 2025 00:00:00 GMT","end":"Tue, 05 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"C2:B5:BA:75:40:71:82:8A:0C:30:43:7C:87:CC:C2:C3:63:69:3A:16","sha256":"41:CE:19:28:BB:9F:95:C3:A8:5A:6E:DA:C9:CD:C2:6F:06:2F:9D:37:81:96:91:C2:D9:EF:88:93:F2:EA:18:E8"}}},"request":{"raw":"POST /api/eventTracking/report.json HTTP/1.1\r\nHost: ap.dc-report.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded;charset=utf-8\r\nContent-Length: 675\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":675,"data":"event=ad_impression\u0026page_key=home\u0026page_name=%E9%A6%96%E9%A1%B5\u0026ad_slot_key=post_list\u0026ad_slot_name=%E5%90%8C%E5%9F%8E%E9%AB%98%E9%A2%9C%E5%80%BC%E4%BA%A4%E5%8F%8B%E5%A4%A7%E5%8E%85%E4%B8%8A%E7%BA%BF%EF%BD%9C%E7%B2%BE%E5%BD%A9%E5%86%85%E5%AE%B9%E4%B8%8D%E5%AE%B9%E9%94%99%E8%BF%87\u0026ad_id=TJ-001_tj_web_215768\u0026creative_id=\u0026ad_type=banner\u0026seen=true\u0026channel=\u0026uid=0\u0026event_id=ca6a517073d58cfb7e814725c73e9aae\u0026app_id=TJ-001\u0026sid=de42300b7d09fc989b7aadfaef720d6a\u0026client_ts=1775381975\u0026device=PC\u0026device_id=1c4811d873aba2fabfd93c7a0ed1756a\u0026user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026device_brand=\u0026device_model="}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 05 Apr 2026 09:39:37 GMT\r\ncontent-type: application/json\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: null\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T16:47:07.54892Z","times_seen":13384334,"resource_available":true,"data":null}},"time_used":2308,"timings":{"blocked":970,"dns":1,"connect":332,"send":0,"wait":332,"receive":0,"ssl":671},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/DPlayer/assets/DPlayer.min.css?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/DPlayer/assets/DPlayer.min.css?v=1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 7242\r\ndate: Sun, 05 Apr 2026 09:13:49 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 19 Dec 2023 06:51:05 GMT\r\netag: \"65813d59-b0c3\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 7w9vqjYcrqLEUgK8hnao0MJNDqKTLeH7Tf9Vj3tT_KN55llLUjOQAw==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":45251,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (36675)","md5":"ff7847191034537246a2df423495711c","sha1":"2d2979c608fcc9bf6da72c0b33b3a3f065e22db1","sha256":"59633b01804bc787c7d0bd6ada99332b3724cc6d712c7d7832f12f693ec0c61c","sha512":"b6dc149a7b2cb6f0211a1557865c7871404f4f607ed9d282b2da7dabe6cc38b76619356729db097eeec21d7d6eac9c0e9fcc3d7b77135aeedafa8400aa7e00da","ssdeep":"768:7FK8KSkZqtIfw3YH4ZqtIfw3YHvHYr/hizxdUDr5+0ysGif0y9f:9HYr/hizxdUDr5+9soyf","tlshash":"e413bb1618a5329891225b91cbc8676c6738d312e9224f8ff31b780ecf8e69d215ff57","first_seen":"2024-01-03T10:49:02Z","last_seen":"2026-04-05T17:01:50.255957Z","times_seen":18920,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/index-ai.css?v=20251210","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/index-ai.css?v=20251210 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 3690\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:44 GMT\r\netag: \"69c4f418-2c41\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: BsaO8cqPCkbAS-NEAU-E7Wg_G_XADeHo7Uj8_tgZ-uda1J49OsAMYQ==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11329,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e589c31b3d44df7a1333b54148e77ec9","sha1":"1eb26afcad71481d3a775c26848099f21a0fa89e","sha256":"74cd118c7b61b20948fabd0bb6ea2239b7e1ea5ea055b7008ea45d825624d164","sha512":"92281528b0c09ff5bd60aa456bb918d18079a40ad9c3308294ee7943088e61489a870f163619c1c3188c3620938960699292d4845c365292b78a0e4114b6c05c","ssdeep":"192:8nfAMTN/pMlr7BwFbuA+ZmVckg5plXrcOY:8f9Vbuvm+kgJW","tlshash":"f432a610e25f385b761b80b8badcebc4272c2404bf049fa8b56579b2478e3d514b37e2","first_seen":"2026-03-26T09:29:38.87734Z","last_seen":"2026-04-05T16:38:14.796868Z","times_seen":3236,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/logo-2.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/logo-2.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3929\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:43 GMT\r\netag: \"687f821b-f55\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: l-cclq1sQ_5iT2UwhL371cyDuxivMRm4ZVibFaCkgB9MbH89LPa2uw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3925,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 264 x 78, 8-bit colormap, non-interlaced","md5":"1bb369107c5b5cef8e13d2b8a3ac6b41","sha1":"6dc85fd0c3b5706dfedd89307330c1aa928d1c08","sha256":"38f665614823a4fa0265c43f274a286219775d73b0964f1d42dcb4d669c84963","sha512":"21f2d3637669c713839a80ec2d6a48f4c265b4d4ca77da6709e9f842fd32e64a1d8860646d13677e30ce3b28acc40bd1dc9c4289dae10cf6f89680a77792443a","ssdeep":"","tlshash":"86816d609ef35ccb1cdbf81e2b21f250b07a7da927f646a3c230c1126c1971438579e9","first_seen":"2025-07-12T04:18:50.913032Z","last_seen":"2026-04-05T17:01:50.253721Z","times_seen":18079,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/app-download.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/app-download.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 536\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 26 Mar 2026 08:53:48 GMT\r\netag: \"69c4f41c-308\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 9rFbQNz61KjBQBXVHg808dz9EmK359Fm1HcxUuBhSVuZY_BzT4Fyfg==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":776,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b178f7a7536c73fbac0afb970f249403","sha1":"9920bf020d4b8f58cf66869be87b459f648f8446","sha256":"caaf593068e7236c228e9a3872980e4e6297f90a6d14eddbea4934f0a374ea80","sha512":"eef21fc9c72c0adc9d090a661d9e9ab8057a592fca6891a94833916e19bb5a94459c81eaacaa6313381ccbe0ff42f8991b7f899b5af4e0beac0127e1b93c01d9","ssdeep":"","tlshash":"c501ce25e2bc702c8233e3f9470f62c45235106789000c1208acaefc8db312aa362cab","first_seen":"2026-03-26T09:29:38.905848Z","last_seen":"2026-04-05T16:38:14.785736Z","times_seen":3236,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/1468bf21928470e1af878d6edb9869a8.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/1468bf21928470e1af878d6edb9869a8.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 15:12:44 GMT\r\nEtag: \"eebbe2b856d1aea0f658e9cfcdfcdb28\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 15:13:14 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 639\r\nContent-Length: 259536\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6343427744688954356\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":259536,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"eebbe2b856d1aea0f658e9cfcdfcdb28","sha1":"bd5ebd8ad0091e6c7400940d9c530b7a066f8eff","sha256":"0cb07ff739ed0668963d5af783c0f2439ffd80ca77acc93dac48af4f3985a1b6","sha512":"b15b4674100e74f1cbd99f9b0acf27b94c16e1b03fd014be1ef40df8937a771a26d008c3addeb4012cd071cfbe6d6a15b6ff1e65c8b526a3d8f1693d6d34af23","ssdeep":"3072:eCSQAps1bhXxp6w+50nO6HRIZPFWLqqaoKVQncr3eWL10QExjnBvfrOM9chZaXqC:gH8R/+IDBUWWLZABvbgZaXqX/9+7VmG","tlshash":"094423e448f41a63d332bbba4950ab03f8b9d91ee6fd1a0ffdc419114c728941d01acb","first_seen":"2026-04-01T15:30:05.715655Z","last_seen":"2026-04-05T17:19:07.999078Z","times_seen":2481,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/index.css?v=20251211","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/index.css?v=20251211 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 1944\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 27 Nov 2025 02:09:04 GMT\r\netag: \"6927b2c0-196a\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Ub7CKM6BUHXWNonlWzyY58q3ByCwAq8Q0ugS7cZt1UTcqv8wxyJBjg==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6506,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"e592e786121f1c2964a908b5467f1ab5","sha1":"878e9432b2caf058293e1cd37ba7a7ca05f432e6","sha256":"ec2269fed1b5f87e896f270f0de37e654e7951ff0bbfcf0f6795a8b90a7f9317","sha512":"4c08eced3920cd5d4ef4bc881c96842214bb7060d5587c35a9ae87469c7b008985aba7ba0b4af235acd94e57edaf9148e95e46aa2dc6b3e6a03bd0786cd720fd","ssdeep":"96:2XRNI2UFGs/S31TYgHAl49+P8Pc/63m63mZ89X1Iy45mg4UP:2TI9FY31TYgHA+9+Ycj7e9Xycg4UP","tlshash":"87d113621e573008502ee5985ff96b9c567ed043bf4b4d2e72c63999cf8d2c801bbad2","first_seen":"2025-11-27T02:13:30.893926Z","last_seen":"2026-04-05T17:06:58.041464Z","times_seen":11966,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/icon-close@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/icon-close@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 541\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-219\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 5z6745FVN74hjJMR3l-6LAquy_oK4IPI7gjKswnPaK1kpLO-nHKluw==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":537,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 156 x 153, 4-bit colormap, non-interlaced","md5":"ba62950af5049c3c88ef5fd0ec364fa1","sha1":"a6c5416ed6e9a40f7f637698d217f34b37bee260","sha256":"e0615fada85561a85c67f203cd404d52bc466b55032da71564c42c0f2a21a245","sha512":"0d57ac84b018219151809b99517a90879653a286e49d9f8e990a0d33c6da0cceab55b12290912fa7ec78cd1edf3e9d004fa02b02a3e0eda9b3b9dbc1ce7a20bb","ssdeep":"","tlshash":"96f0209e6e73bc38f18d0c11a1f39280788138506514651f6a01f9e8f5b72d18708a43","first_seen":"2025-07-12T04:18:50.926806Z","last_seen":"2026-04-05T17:01:50.307331Z","times_seen":18088,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/logo.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/logo.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 31308\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 29 Aug 2024 12:36:58 GMT\r\netag: \"66d06b6a-7dc8\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: hB1F-pi__StgdvZI-81tCVecbl39ezUlaQlaPjGquTxKl6r63l8uSQ==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32200,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"7a470606279b5e4dfd967948732903a8","sha1":"b1600388cdad26d8aec3ebaa4aa38fe414a37e08","sha256":"2dc60de251493f96979fb12130ea615a4b8aa40e8679fe7909e7c12caa749a91","sha512":"d6de3014e30d339f342f6b53d32f864fa775aff55a0020c59ee2975b7bfb141bf2a65b5d6ea5d67edaf891e9c9b3c666cde745c27084f953db8f4a1fa27257c2","ssdeep":"768:UT0Y3QZgIJZNLrCwT+4+sxQ+44bsBtte4O5l+sjiffGP++:UT/gJLnCwTN44bsPtej+smHE","tlshash":"7be2d1ee393b3463d40189b5ceef289d8f39759de883646e6749bae55614a0885c003f","first_seen":"2024-09-13T00:49:50Z","last_seen":"2026-04-05T17:06:58.088016Z","times_seen":14664,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/layui/layui.js","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/layui.js HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 107853\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\netag: \"64b11d97-471d6\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: JUsV32YrtfKXbtFXTMGnv5nduBvS2aZABh48Se6AIG5kNAhqbfZrHg==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":291286,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"70ed0e8151d23de969de514bfd802a56","sha1":"569e6c1b0ac0b8efaa7dc0015b691334947a9665","sha256":"92c7997b3dce6ab2368b1bdb34ff4b67ac77957898a126c7eba452a8080bec95","sha512":"947eeb19fb055b07a191ec89625941abbdc8b2247b447dbec2e3958ebd3aabc34ac07a79c559e4752bd49bc44db77d500913aab4fae300077556e347d084b1a9","ssdeep":"3072:tVo+F//NOM0SF0Mz0pZN6TPKWjZIpYCrYtJ+8CZrcNBf4XcIiOb9:Xo+FdO3SF0Mz0Z6TfIpPS+8grcNBQcIZ","tlshash":"02543a9d758574b3237360a6406f990eb17b093daa0a8060f166d4fa2dbdc885237f7f","first_seen":"2023-03-07T12:09:26Z","last_seen":"2026-04-05T17:00:52.631562Z","times_seen":26604,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/js/index.js?v=20251205","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/js/index.js?v=20251205 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 8422\r\ndate: Sun, 05 Apr 2026 09:13:51 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 04:31:36 GMT\r\netag: \"693b9aa8-f250\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: dSrwWE3g7t05qq124E_SGx0BsCxN7AhdAv7K7LMSKR9fzDEB0Y0C2Q==\r\nage: 1543\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":62032,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"e2ad1d1df5ac8f6a22b4a7318c4ea830","sha1":"da681999fe3f9c153b93133204311d6f90432802","sha256":"9333f887c1b4bde80c4451eb806795179aa6dfab3b7a6566fb923ac76ba8b0f2","sha512":"127b92b87baa965853e12a14717f4a8d4166b5d565631068bba786c87b305aad0141ede31c09f6508c51641fc092238f4a7a7000dd2fa6bcfc0837dc0e3a8d7f","ssdeep":"768:rP4lBd6lebchYzp1DT6ekRmmTEXEHkYRtQ+zqDxbFxAespKSzEXEHG4lEd+zVuQy:Mu8vp1n6d9Rt6bQrKEjl7zVuQgl","tlshash":"5753636e22fa150a5b4330292f9f300a3210a4571d49ee9cbe0d97d45fdd678e1f2be6","first_seen":"2025-12-11T05:08:28.597561Z","last_seen":"2026-04-05T17:06:58.064518Z","times_seen":11014,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/icon-up@3x.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/icon-up@3x.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/search.css?v=2026032602\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 358\r\ndate: Sun, 05 Apr 2026 09:15:24 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Tue, 22 Jul 2025 12:20:29 GMT\r\netag: \"687f820d-162\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: TITJX9BYf0BYb_-8g2AUl9C_qXkxVH9Mmmk5-Uyi8hdrrjYIDil1Bg==\r\nage: 1450\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":354,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 90, 4-bit colormap, non-interlaced","md5":"81df81c8a4d658d5e3e22e9f14a90cf6","sha1":"dba2119bec81f3ce458ed0ffdeefde0afc5eb5e1","sha256":"a5007a2bd7b90cc4566abf22b92f0365ae6377209b749dbf74626ee96bfb0fa7","sha512":"c7f98e5eaf3ba2336c5138c45242f8c96ce2eee72fbc8c00dabf7ae58515d3ebf35534dbfbb85796e8e8058651462c0ec404fec9080140cad917e57a14adfaf8","ssdeep":"","tlshash":"0ee02df4da09ea9040744c2bd8b163d0feb29d8c3120c0dfad68303823b8106d2437a2","first_seen":"2025-07-12T04:18:50.98186Z","last_seen":"2026-04-05T17:01:50.285736Z","times_seen":18066,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260402/2026040212285565919.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260402/2026040212285565919.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 02 Apr 2026 04:29:01 GMT\r\nEtag: \"7e8366c50c255de3a97c89a204a9e42b\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 02 Apr 2026 05:30:16 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 1989\r\nContent-Length: 238448\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 10425696322717315413\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":238448,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"7e8366c50c255de3a97c89a204a9e42b","sha1":"9acd1446a893854c581972d09a7758f985384fa8","sha256":"5b10ee82f9e81c12ce89e85f1fb9b9d82694c3e485d1f5a93c2a5fc47532f4a9","sha512":"7294ed238fa2223602b3fe12cfca5f33d8247a552445a4dae82f411430cb8ab1dc838dc19f40c07d17623c6ff05e99c5ab176bcf0e3ad6474e9dd022e308d128","ssdeep":"6144:e7Y2hb6e/YWgXz0DjfZkXzNYRBtARUY3zJObYz:e7Hui92zNUPopzJObk","tlshash":"2c3423eca9405789c9178986679a81ff2175cb8b1c1ffbc23c3a31343695e7c295e293","first_seen":"2026-04-02T08:18:53.817238Z","last_seen":"2026-04-05T17:19:08.006297Z","times_seen":2457,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-31/9bc28f493ccdf4da2854482aaa9c39f1.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-31/9bc28f493ccdf4da2854482aaa9c39f1.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 14:19:57 GMT\r\nEtag: \"ed4513572d99563359227808402d94ee\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 14:20:50 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 311\r\nContent-Length: 3231392\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 12070147772627328647\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3231392,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"671dbc20ddcce5e270ed6c9c350ff065","sha1":"861ca61d40027d2d5582a23b4b9cd1397650dd34","sha256":"462a27c55d786f55641d1f49b87000fda0e4a0032488a6df203f2a2a9fd5b361","sha512":"01362ccf737502963bc5c589cd6584f843ab1f194ca634533661d34c1cc71f5680dd67dc432432a302c893a4c43145efab41d7a5bc53a5a282543a02bd6038bb","ssdeep":"24576:7HrU2mQ6aPiTCO9nBRY549HmR9QgeGqDP6PZpSH+R51qT5QYYky2B:7LUVQNPiTRnByXsDyPZ8eRKTznB","tlshash":"3e2533c32061bf91c5d5a22d8666a18bc1e066115edd78d031b4eb8f3a3bf5bae4c4c6","first_seen":"2026-03-31T14:38:15.678099Z","last_seen":"2026-04-05T17:19:08.020695Z","times_seen":2598,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":693,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/FootMenu/assets/foot_menu.css?t=20231032","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/FootMenu/assets/foot_menu.css?t=20231032 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 836\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Wed, 28 May 2025 04:33:23 GMT\r\netag: \"68369213-bca\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: wDH6vCmVIexrKT7ad7V4yyG6XjODN8FaD-2Awiw5JQhMtkXcufTrtQ==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3018,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"38409875f4c2ac41817851ed5e5eee82","sha1":"0c26a3b9ed9b83c061dfd5fa77f814b9069736e0","sha256":"a5145cedc0d537b7340f185eb2d065cbf323a971819781fe6a9baf05b91d0697","sha512":"b2d8df27917759576bf1b2a360c66ba8c59f8bd6d0950078d386572987c230d14727a36fed8e2b055c81d7829f69a4295474e69b951a6c8958e0cd6d502d5fb6","ssdeep":"","tlshash":"b5518f2966b30e60b9634968bb994684b37ce2038d4dbd7ffd1913c48f8e494add134d","first_seen":"2025-05-28T05:10:55.041625Z","last_seen":"2026-04-05T17:01:50.249683Z","times_seen":18860,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn//upload_01/xiao/20260331/2026033118092475044.jpeg","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET //upload_01/xiao/20260331/2026033118092475044.jpeg HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Tue, 31 Mar 2026 10:09:27 GMT\r\nEtag: \"c9940e6337be8488c662bf4dc3e1d7b6\"\r\nContent-Type: binary/octet-stream\r\nDate: Tue, 31 Mar 2026 10:13:39 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 193\r\nContent-Length: 139856\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 14898818316393872826\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139856,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"c9940e6337be8488c662bf4dc3e1d7b6","sha1":"bc0f3cbea4f79edf9d8bdaf719da7b43832fd049","sha256":"75c687d86007bc92b0f78ecbbd4eb9cf65aa4165314d9d00f900b1502e0d9e05","sha512":"8362c6591c185b964d7acee7cd7543db69084a699b9a0a2cc9e9500d22a4fca28cdfb2f6b6ffe083a59ee726d97f2800a02e7b1d9a0184de35d2bb7b5989d4e4","ssdeep":"3072:r9abkOu1M7/hkYiDTWnSO9f1IYpA4F33X9gtCZfEsUGbbIby:r9ab3ua7/hkYiDTCH9fSWF3Ww9EmfIby","tlshash":"1cd312fa642d795349a11bbca52219a0829da3c7d31b138f3438f66235d2cb73c20f36","first_seen":"2026-03-31T11:27:31.442168Z","last_seen":"2026-04-05T17:19:07.9792Z","times_seen":2669,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-02/3f1c316ab2241c11744b0554cb61a4fc.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-02/3f1c316ab2241c11744b0554cb61a4fc.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Thu, 02 Apr 2026 09:44:36 GMT\r\nEtag: \"e0a93b4d3099f39173abca5404c6caec\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 02 Apr 2026 09:44:36 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 5\r\nContent-Length: 719840\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 6403254255589173670\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":719840,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"e0a93b4d3099f39173abca5404c6caec","sha1":"7c936ecd6126a2bc9388e50c4178c70fdda83472","sha256":"86901d9a50a6002af6cb245ce36f3ca3dfaf5f8e130d42ff19129d47bfe2099f","sha512":"456f83654d0d6664d28762383f89dc37092f840e087bbedbc8ce93914d50500a47a5272f49541dfd3ec84f4d2aaa7d7f70a2f68ca6b060b796ccf23b79b33178","ssdeep":"12288:D7QiMNGQfbVsAGo6XWe582oxqENwrgyMpJ1vVbv5Ak/wYHGgRJ:QLPxFGo655RoxNOr76J1vVbv5A7M9RJ","tlshash":"b7e433fa675501725bdb2800e1c21eff48ef687848387fd06512bf92b60c4997694fea","first_seen":"2026-04-02T12:47:33.793225Z","last_seen":"2026-04-05T17:19:07.96945Z","times_seen":2468,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":39,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/fontawesome.min.css?v=20251204","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.361Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/fontawesome.min.css?v=20251204 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 25461\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Wed, 07 Aug 2024 14:34:32 GMT\r\netag: \"66b385f8-18f6f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 2PE42J1N81yCer949C3SFXbcDKciQPMRfeVk8pCIngjLhs-ui6Nq3w==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":102255,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (62333)","md5":"35c423c7a0a87e2e4f3646e582e2dd67","sha1":"aa640d874aaf84764c2a4c94290624166fa81d2b","sha256":"98e7ef32e76852a8a836cd1ca9efd953628a0cc8739f7d847ea87ca525db73ae","sha512":"d81bb1c55dfe6108d57f19f8aa37dc01f770ce9ccc16d0519710a1dfbcd0da6c9c71d85ca1a940aec83c81b5124aa2c6fb9ac0409517e38db02734300b006d8b","ssdeep":"1536:E6MnM+M8MMMtMFM/QS8EfluzvQrp6mQzsWdCENdA9tVg9:/pfluzYQmQzsn8dA9ti9","tlshash":"b4a339f8e48905e8a372c84fcb55b36c663afb70d5425c81f10f9a4d8ec2b5815dab2d","first_seen":"2024-08-12T04:36:20Z","last_seen":"2026-04-05T17:01:27.897741Z","times_seen":19379,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/css/7.10.0/common.css?v=20260327","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/css/7.10.0/common.css?v=20260327 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 4269\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Sat, 04 Apr 2026 06:49:53 GMT\r\netag: \"69d0b491-3bc4\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: ZFk6_sRJU4aiCC7VxUzWk95r1GZx1UpbR5Ltaz1-PMkt2h4Tc4Yf7A==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":15300,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"8ccb68e292edb16fed43db108ce7e273","sha1":"7d39a911cda3df00c388a80d631742feec011017","sha256":"5e97433c8fcd70ce3061cd8db6df27592546a60e1d796463f23220871b5fde82","sha512":"2e1faabf2e397811dbe8ee83a03c2d715a1bbd6ddaf2f2b526b1e139f44f3c1564cfd14db87e6f976194ce24b2434fe5c44efe27bdac20fee30c0466cd98b7c8","ssdeep":"384:Q6fYJ9F6C6YjvrDdcqYegaDbSAxB8M7dtqo27Jn:Q6fYJ9F6C6YjvrDdcqYegaDbSAxB8M7m","tlshash":"b162035e0563060069daa5655f6d2ac8166dc00bce0ad56d3edf728ccfce2d4f4e278d","first_seen":"2026-04-04T07:27:39.529964Z","last_seen":"2026-04-05T17:19:08.028362Z","times_seen":2411,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/css/index.css?v=20251212","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/css/index.css?v=20251212 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 10214\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 12 Dec 2025 04:31:36 GMT\r\netag: \"693b9aa8-eb78\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: jnXUoSEY0v972NtcCQo-KUw-sS2B2iGWtbK6vAH70PsHdMX7Jq-9cA==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60280,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"eeee4a364f1d03a38de7fa7d93145fa5","sha1":"42d0408a60d2f71c2cabcadfaf9644c7e66fb8e5","sha256":"5b95e1df2a0900e6f4ff021f20333df104b13e7f14aa5d76f2dc4d95441b8521","sha512":"1bfdc8f504b9a529bc4244592b48ab8dd0cbdb048db7890c3f876d85f8825af5ad84c1b8ffeb23cf55126c815ffa308133173e6ea6568cbed955390f40bcc9dd","ssdeep":"768:pB3/VjKqjwp5G9ftXhudyF23LeBKQRQqQoURvKFxXRC/YeJh:/JhudyF232KeBORvKFxXRC/Ye3","tlshash":"6543440426230904789795babf7b17c56258c087cd0ac96d7fcfe649cf8e128b5b6bc9","first_seen":"2025-12-11T05:08:28.58001Z","last_seen":"2026-04-05T17:06:58.048187Z","times_seen":11012,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-03/90e567b7a28f119a0da93b420f0d4708.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-03/90e567b7a28f119a0da93b420f0d4708.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 03 Apr 2026 08:00:46 GMT\r\nEtag: \"4f877f2f895fbc28f70ea6276ff69397\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 03 Apr 2026 08:01:53 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 480\r\nContent-Length: 1369824\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2694762912371598120\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1369824,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"18a0c62a2a0c392314a53038b0ae7939","sha1":"234a8e9cf07832918960d716f1ec26f048e98278","sha256":"3bd5e01abef3a44aecde650e21c920ae947a28ca137d92568c34e62e40e921d0","sha512":"8e929ac32684bfb8d304839989c9ccf16872d46fe972ad08e66ad42895bf0aeb18eabda9a1b2aac21fdad5b603b2ed4a4881fdcb70b09b3cbc3df61e54fb2059","ssdeep":"24576:cZfYVxkRqYsZMVHCvJW7+LVJ65Uj2l9AeKc29+E7YPyWVq7V2cxwC:cCrWqYxivc7yu5UjyBPE7HQEwC","tlshash":"d325333e3e21c1c6b544b23054c31495b870a1b26ddbee25fcef9eb8920a416d56f37a","first_seen":"2026-04-03T08:12:48.792344Z","last_seen":"2026-04-05T17:19:08.016927Z","times_seen":2449,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":139,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-01-09/59b499a5ce5448958a1340b8381f0616.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-01-09/59b499a5ce5448958a1340b8381f0616.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 09 Jan 2026 07:53:17 GMT\r\nEtag: \"a9f865eb59ee8e3bf3f7fc72a4302f2e\"\r\nContent-Type: binary/octet-stream\r\nDate: Fri, 09 Jan 2026 07:53:18 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 120\r\nContent-Length: 359888\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1422102011889770329\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":359888,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"a9f865eb59ee8e3bf3f7fc72a4302f2e","sha1":"3f6fcda9efd58635a808fb35a010f0e9d7c466eb","sha256":"1a43af44a4f789e9dcc4bd18aa655cc374fe96f36511032176ec96f432cac9b5","sha512":"cc95d13531f4232093083bd57fb65343b87bbb5ad38daa3b22a60b9b2adf9a5d2137195c1930445b195c46aa7b16780448dba5155fed89be4c56dbf3237bca9b","ssdeep":"6144:8+Mh/ZqcV+yrS42LFPxi8POcnHAp6QVf372i0rBDfdc5yxopf/FDskWcS:8+6ky+m2LFPx/OcHwTDUBDfdiaoxNAkw","tlshash":"847422c57058ed420b5e963cfb6b57ea863befbd9bc29087a96348526544c320ec48f1","first_seen":"2026-01-09T08:22:22.642907Z","last_seen":"2026-04-05T16:38:14.791838Z","times_seen":5987,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":12,"dns":0,"connect":0,"send":0,"wait":34,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-18/fcff7a5519c5585b84022fb22eb9b990.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-18/fcff7a5519c5585b84022fb22eb9b990.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 18 Mar 2026 11:14:20 GMT\r\nEtag: \"b623e1b55f0930c825f1f77ccf2aa695\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 18 Mar 2026 11:14:20 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 40\r\nContent-Length: 312944\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 1098892600696919379\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":312944,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b623e1b55f0930c825f1f77ccf2aa695","sha1":"2a3fa46412096622bfbf0c8c804e3569563ab50d","sha256":"257c25438d69e04240ed40ad37b4a28caf7fd4aabf061e969ee9235a79f6ba91","sha512":"9640217cfc3e64b0b3f5d8e1c9dc97949071f55ad898a1d2299fb29fdf3e429aaba6a05d5d8c9f00cd6878ab95e5b84db7bdd41e9bf1ee5f72c3d70e5a76e638","ssdeep":"6144:TN11eIfw2XlBj5XN+lXYm2J0ytC/xxX8lTnOJ2xk3/qtXfD:h11eIPT54YCykpxwTnOJX3/wX7","tlshash":"a5642310949180eb15cad88a5ecf5a30a2afc993d7afb41af0d3974b50ec7e93311b57","first_seen":"2026-03-18T12:48:21.453772Z","last_seen":"2026-04-05T17:19:28.142491Z","times_seen":5163,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":45,"dns":0,"connect":0,"send":0,"wait":49,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420520546340.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.382Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420520546340.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:09 GMT\r\nEtag: \"27ae198fca34876f072bb644aa9242c4\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 09:17:38 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 7481\r\nContent-Length: 272\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5363037852732666265\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":272,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"27ae198fca34876f072bb644aa9242c4","sha1":"be8da11fbe724e2910ff65d54bba67bdbf86fb05","sha256":"26e9ae75be4e86f7ecccc70c05f9d1742f2a7520fed7dd1258a94284c08101c0","sha512":"977e72a9845b87082d55e6a7e55dbdd5dc004cdde4ad3ad0c3f63b627c550958ff86add8f5aee020dc08f188ce747d9c7d909ed01669bb19577eeff9e8c6b6b9","ssdeep":"","tlshash":"b7d02b1545220b922f9aa72e4bb154644f63c292405f4a765184e61a1de2454b100d57","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.26412Z","times_seen":18856,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":100,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/plugins/AiSuite/assets/common/vant.css","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/plugins/AiSuite/assets/common/vant.css HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 60280\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 09:30:37 GMT\r\netag: \"691aeb3d-30a89\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: cunKQ2ahucYCu9ML6L03UgYAX43wN2AZOcuw5J1IgugF4WV5HKjAog==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":199305,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"ec97f98b8f11e72ca35d2a8939500e67","sha1":"fcdcaecbd29eb74c4d507c0f23d3758052aba3eb","sha256":"52fcb2a7486d329611d7fc1562e0dbcde9f4494728b88dc26932388fee77391f","sha512":"16ec7dfa0d84e113ac71cf66bc4aa1659d3a9089fe76c8e2834d0bd1ee25db5fb2ad0dfe35dbb9ba2340957396a603a09c8ebbacf49c90a65df12f522d9b851d","ssdeep":"1536:VjQbFNJ+jqkiHckCwsBlDOFIxuVoxJPBik/1Al5aIzb2VTVaxA:VuClDsIxuVSmRdJA","tlshash":"ec149495e69091bcbf27f275ab8b96dcf23cf560ed01daa4f10051580ec7bf50623a1a","first_seen":"2025-06-27T04:20:30.581604Z","last_seen":"2026-04-05T16:55:02.616914Z","times_seen":25895,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231026/2023102620184288771.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231026/2023102620184288771.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 10:52:07 GMT\r\nEtag: \"f1b7329bb20d3bf35a27caaae871c85c\"\r\nContent-Type: binary/octet-stream\r\nDate: Sat, 26 Jul 2025 05:35:41 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 20798\r\nContent-Length: 816\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 5234177699989283014\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":816,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"f1b7329bb20d3bf35a27caaae871c85c","sha1":"3b3791ca288fdad4cef0b48cd6081aed157b521f","sha256":"c6cd5ff057ebb6c6b3686110e90c6f1d61283197527b89a571a008bfc98aac30","sha512":"41bf59a3cb85338b083881001d96d59f51aebfdd62b60611487455d6b763ddfd3fd5bcffd159f7e616126d25e515521ab929027cda0011aab15fd0a9d73e9a98","ssdeep":"","tlshash":"5e01868cbc48f9d99929e10dd1880d73a890662b166e0cb13485ce6cbc8551c41d02b7","first_seen":"2023-11-12T15:49:18Z","last_seen":"2026-04-05T17:01:50.233584Z","times_seen":18060,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":126,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20240424/2024042420561219898.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20240424/2024042420561219898.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 24 Apr 2024 12:58:09 GMT\r\nEtag: \"b6f6d478d3e25a828f113463607a175c\"\r\nContent-Type: binary/octet-stream\r\nDate: Thu, 04 Sep 2025 12:04:04 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Miss from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nContent-Length: 992\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 13886853856518154679\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":992,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"b6f6d478d3e25a828f113463607a175c","sha1":"86b2ce61c15e61abb950f6903c6f23882c23dd7e","sha256":"dbe1684d86e552a2b97e3d2e1fc7a537fa0ef75da7b68fd10bb93a7f9a2d8ac1","sha512":"d5d3f7797e0f6a51d268768a0827a4ee8e404090469c70aabfb2e58ab02e34346daa77903d86c8a1d95af38b352a4899f3e4521add5fba9b2c099b9fe36d0a20","ssdeep":"","tlshash":"2511c84bdc791af9773d9bd10c816e880051858bf55f09092cb5633d988616ac867827","first_seen":"2024-05-03T10:06:21Z","last_seen":"2026-04-05T17:01:50.303868Z","times_seen":18017,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":113,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/layui/css/modules/laydate/default/laydate.css?v=5.3.1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\ncontent-length: 2101\r\ndate: Sun, 05 Apr 2026 09:14:04 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Fri, 14 Jul 2023 10:04:07 GMT\r\netag: \"64b11d97-1cc5\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: 3e3l8_--q-U5RlWQ5yFUTdW81w-RmPN9OciaXa0lPI8dkClRpNuR_A==\r\nage: 1531\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7365,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7365), with no line terminators","md5":"e9078eef34fe9a44e44bdd55b48fdc55","sha1":"73ef00229810ee179915661786d9b66b7fc2d568","sha256":"ab9dbdf922a26509951347fcfa83704d86afd2df855c827740c23df72fd8ab3f","sha512":"dbf200ca6effc6bee2f7e8f516dafe6b25fa66093f19fff117a8bd87732a3ca0206480319d5f733eb07d18f564cba1dfc6143587cbc5ea1d5d370948d8ab3921","ssdeep":"96:7OyDQi4ijYyC43i7hlVVZ4LyLk5bYsBE2rBOB:7OQQfyPCoiFVqHbrBE2rBA","tlshash":"45e1cc71b1542cd4702bc222b4a87cbfaef8dc02dae3265ce5b8621b85c15b7957d34b","first_seen":"2023-04-11T12:12:51Z","last_seen":"2026-04-05T17:00:52.694345Z","times_seen":26472,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/js/7.10.0/index.js?v=1","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/js/7.10.0/index.js?v=1 HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 982\r\ndate: Sun, 05 Apr 2026 09:13:50 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 27 Nov 2025 04:43:59 GMT\r\netag: \"6927d70f-848\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: u2hkarvq7-1uznLMxHDv_Ch2OXVy1c2f84Q_QVmGzCm419VGcfblzA==\r\nage: 1544\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2120,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"cb2dd3d6af2a6071e0dbf36318294dc9","sha1":"a70950d23dabdc4376bb9114d86a812a174a747f","sha256":"5cebbf2bb3cb87701b4dd9e3c34c0b7555911210fa40093005c06a7b0705348f","sha512":"d721819a7ce31aa954a00baedef7a516d5339200b2f9f1e53656e457bcc33ea756cbdf3a586634824afb40a19c27080c179c2a01e5c7b99680e6d4057997f330","ssdeep":"","tlshash":"0241cf9831f720704b67e4792baba64d71301097112adc14bd4c07959fa8f3c9af67da","first_seen":"2025-11-27T05:35:58.063413Z","last_seen":"2026-04-05T17:06:58.072546Z","times_seen":10968,"resource_available":true,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-04-01/7599bba208a7b244eb73fb465899dd3f.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-04-01/7599bba208a7b244eb73fb465899dd3f.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 01 Apr 2026 12:30:38 GMT\r\nEtag: \"edf5cac1a01801285511078ad3874636\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 01 Apr 2026 12:32:37 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 59\r\nContent-Length: 319040\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 2471250631332818121\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":319040,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"edf5cac1a01801285511078ad3874636","sha1":"394cacdd81129d1fb0f0cde5cdc43d03a1082394","sha256":"f6f0dc5b529a90845651a585edd06b749afbb810d7c3dbc674c16e2f4d90d12e","sha512":"cb89264f8eddd68f91497658ec137d25d73119d1ecbf8c1c26cf5066548f1323898e671d06af04f8ca2e278fb3ecf4b08c4daf0a740b5b05dc7c7d0e36fe9e79","ssdeep":"6144:d8cqwwzLykrcT7P2UpRpK4h7DRcO57gR+OEDDvDDEdHfB1DbRuyFfy5gyp:dSwwzLHfyRPuk7gREjDEV3nKWyp","tlshash":"7364234b28d460d2d1c8faa2000d4a1a93cd47547867be16137e78ebcbf7e173a9971b","first_seen":"2026-04-01T13:33:09.049351Z","last_seen":"2026-04-05T17:05:25.314833Z","times_seen":2970,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/hc237/uploads/default/other/2026-03-25/18cd9e8ccaacece0cc88b8d977398e35.gif","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /hc237/uploads/default/other/2026-03-25/18cd9e8ccaacece0cc88b8d977398e35.gif HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Wed, 25 Mar 2026 15:14:27 GMT\r\nEtag: \"56e97081356b4cdbe834471cc492b95b\"\r\nContent-Type: binary/octet-stream\r\nDate: Wed, 25 Mar 2026 15:14:27 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 37\r\nContent-Length: 584704\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7023353186799185497\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":584704,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"56e97081356b4cdbe834471cc492b95b","sha1":"d67ce5aa74e2a4251f44c63e447f99c1a3743db7","sha256":"1e4e7d73225028284447bf5f931e11ea3de9b9bb7a0be6ad221c19f330fe23d0","sha512":"59c8e2883b5962c00febe111abb951891b0768ad39ba0bea023b1b10a457900a997446804b57e811ba2679e3a8076bb906f347e1d529a08b9d661134c95f1c2b","ssdeep":"12288:8gBj1UC/hxPVvpJpEM6OZOShDr38rbs2Odol8ycvxiScSs+cZ0Fu:8gZJDvpJiXujdG+AjAcV","tlshash":"b6c4330457e5510b63aa0be1a78bf5c7df2768dcc826d0587caae3bb5149da3cf31460","first_seen":"2025-06-14T15:15:15.321259Z","last_seen":"2026-04-05T17:00:52.636454Z","times_seen":18354,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":91,"dns":0,"connect":0,"send":0,"wait":26,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pic.lfvjpw.cn/upload/xiao/20231026/2023102620184376167.png","fqdn":"pic.lfvjpw.cn","domain":"lfvjpw.cn","tld":"cn"},"ip":{"addr":"43.152.140.79","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:35.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.lfvjpw.cn","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 28 Mar 2026 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"49:50:94:73:42:C6:0C:BB:3F:F4:80:2C:27:65:FA:CB:AF:DB:18:A3","sha256":"68:95:0A:CE:37:E8:D9:4A:1A:5D:8E:D5:B3:E6:E2:20:17:3A:EC:9F:9F:FB:8A:4C:30:AD:15:F6:9F:C1:9D:A5"}}},"request":{"raw":"GET /upload/xiao/20231026/2023102620184376167.png HTTP/1.1\r\nHost: pic.lfvjpw.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://tnbnfwikil11.nmmwgwa.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nLast-Modified: Fri, 29 Dec 2023 10:47:00 GMT\r\nEtag: \"690d560840f8d9cee1ff120270fcbd88\"\r\nContent-Type: binary/octet-stream\r\nDate: Sun, 09 Nov 2025 17:45:05 GMT\r\nx-amz-server-side-encryption: AES256\r\nServer: nginx\r\nX-Cache: Hit from cloudfront\r\nX-Amz-Cf-Pop: ARN53-P2\r\nAge: 25601\r\nContent-Length: 880\r\nAccept-Ranges: bytes\r\nX-NWS-LOG-UUID: 7646645045659564391\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Hit\r\nAccess-Control-Allow-Origin: *\r\nCache-Control: max-age=864000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":880,"size_decoded":0,"mime_type":"binary/octet-stream","magic":"data","md5":"690d560840f8d9cee1ff120270fcbd88","sha1":"246376e425fdd500d98060cafdbd0117d8f6edf0","sha256":"2a040f5c1e9cc1a4a915caa5148db70d4677ac31b5170af578590b049cb42a55","sha512":"d1593fbeaf0721e39b02dcb9b6e6b1d0b40c0c5306f5b9189bc9638b02b76ddd4b6f71278c7b81a084f2237ead91af43241caaf8467810c6413e46953edb9b6d","ssdeep":"","tlshash":"3d1163c3c089449600bd12724efa62460e3707c2eedb32ee6158c39f9044e5b8ef4d6a","first_seen":"2023-11-12T15:49:18Z","last_seen":"2026-04-05T17:01:50.274023Z","times_seen":18022,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":109,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"pic.lfvjpw.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tnbnfwikil11.nmmwgwa.com/usr/themes/Mirages/images/zw.png","fqdn":"tnbnfwikil11.nmmwgwa.com","domain":"nmmwgwa.com","tld":"com"},"ip":{"addr":"52.84.50.89","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tnbnfwikil11.nmmwgwa.com/","date":"2026-04-05T09:39:34.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.nmmwgwa.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sun, 05 Apr 2026 00:00:00 GMT","end":"Mon, 19 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:C3:66:71:AB:A5:62:77:52:AE:44:7D:CE:6B:D4:DC:9F:92:6A:07","sha256":"1F:09:14:AC:A8:DD:A2:62:02:D5:05:0A:E5:59:A4:04:D0:CF:E7:88:72:3A:CD:F4:59:46:75:47:47:15:5E:E9"}}},"request":{"raw":"GET /usr/themes/Mirages/images/zw.png HTTP/1.1\r\nHost: tnbnfwikil11.nmmwgwa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tnbnfwikil11.nmmwgwa.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 5432\r\ndate: Sun, 05 Apr 2026 09:13:48 GMT\r\naccept-ranges: bytes\r\naccess-control-allow-methods: GET, POST, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: nginx/1.22.1\r\ncontent-encoding: br\r\nlast-modified: Thu, 25 Apr 2024 03:27:03 GMT\r\netag: \"6629cd87-1534\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b0a74a1c8b6a1560cd851a637b999ff4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nx-amz-cf-id: Q3jeUeWVJgu_fvcPjfmZpnk963dudq4sQyjUlvBg3oIGS0YApLO5XA==\r\nage: 1546\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx:1.22.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5428,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 92 x 92, 8-bit/color RGBA, non-interlaced","md5":"f12fd774a936ea90093610c2419d6234","sha1":"4ad7307135cb8a71aa8c258920395319768d6062","sha256":"eeeb303c911ee99adc975c3e99594e3b12934cdbfe47383dc6412b938d81547f","sha512":"0ab7f4bed1f3a668146e76114ed56022bb381348e31b363d9d8b75213c3604675cdfb39df0fe9910f086d7b319bd9a1168bd37339cb36c5da51e84285a7ed22d","ssdeep":"96:+JllcHitlIxv9vk7C1+I4wWHLihk/xZScy9azEG+TViv/nxy2dLihgYH1reDNDQy:nIIHUCD4wa3ScOyNCivZHLiiYHADNcAF","tlshash":"d7b18eca04c55056500e067d37bf9d931b7bd18042d86e1cdeab425e8324ed16fa6fab","first_seen":"2024-05-03T10:06:20Z","last_seen":"2026-04-05T17:01:50.281665Z","times_seen":18280,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-05","alert":"Sinkholed","trigger":"tnbnfwikil11.nmmwgwa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}