{"report_id":"1506cfa8-95b3-4383-9463-7563ae245f63","version":6,"status":"done","tags":[],"date":"2026-01-08T14:31:55Z","url":{"schema":"http","addr":"oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"176.32.37.236","port":0,"asn":49392,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"oedy9.com/mob.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"title":"访问提示","dom":{"size":2325,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"4b48f9804ff0327fbc34f8cd5eef7389","sha1":"fcc5fc7cf1cd5e733ffbd7fdbd3db2c1c68625d7","sha256":"f9140dcfe10e9f2c4fbc122e774bd803449460032932a9bfccd945e0815a60b3","sha512":"4ca74e152a4b4fab9bd3d7843f65dfe143bd53fb2e1fbd3f13cefcba5acf1df6c98ba5e4d4e2829a9c3cd11180c05f4a13baa47a0626ddaf46832e00d8ddd2c5","ssdeep":"","tlshash":"8341b8d307a68426bd92d8507a526fc6329cd807e40bc6a47ab5a06ccec0eb742333cc","dom_hash":"domhash9f56b4cf3fd7b1f4dab033f1c1ced99b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"oedy9.com","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"176.32.37.236","port":0,"asn":49392,"as":"LLC Baxet","country":"Russia","country_code":"RU"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-12T14:31:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"oedy9.com","ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"domain_registered":"2023-10-27","domain_rank":150266,"first_seen":"2023-10-27T10:41:23Z","last_seen":"2026-01-02T01:23:02.47592Z","alert_count":4,"request_count":4,"received_data":174079,"sent_data":2123,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"api.qrserver.com","ip":{"addr":"195.201.128.178","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2009-05-16","domain_rank":342339,"first_seen":"2012-06-20T10:01:45Z","last_seen":"2026-01-02T07:08:20.666202Z","alert_count":0,"request_count":1,"received_data":835,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"oedy9.com/mob.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"fb592fbec479fcf86b148138d910bb35","sha1":"45ce0041ee6d4eee4ad3631c79803cfbe0dc48dc","sha256":"544e26b4c403cd52e0df7ab03a923a311ccef4a1d94b936dd6b566488ff9abd1","sha512":"2695d92d187d48260309cc4567d303bc8891bb5c63a475327a52efdd0b2011d2103deb942f81be5efc25f0acb9698035821c0fdde85d4d37bbf42ce219606a0c","ssdeep":"","tlshash":"2df09eef1b121525af8fc68b173f3a15a59da10f5881df09742dd1021fe0f6c222b9d4","size":493,"data":"","first_seen":"2025-12-17T23:26:10.099061Z","last_seen":"2026-01-31T13:21:21.717068Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/wntheme.js?v=1767882694","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"60bdf4117f35d4dd14feb178af7f4c71","sha1":"2003798e6f9a60edb5374c3b01cdbaff9c649cbb","sha256":"cad017f5b61569bdd35060b114147c285cf6d8d2d4237cd5a3ad15eb736ff2b8","sha512":"d565b2537616ff17cfd333d605802b6878a14da23cc01af885de63c6ded24e5b390a278893abb20e859264986c28a1ea6cd6b3b32d278e281ad703f4b40959cf","ssdeep":"","tlshash":"3841e153dabe4c42622f40865656f4e8732c947300739eadf28c70a95f8c86e035eb79","size":2236,"data":"","first_seen":"2025-12-16T20:01:54.266129Z","last_seen":"2026-01-31T13:21:21.702953Z","times_seen":57,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/home.js?v=1767882694","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"85f42ef4e95aae5215b22b5f93b2068b","sha1":"cc2754e3130e779adc24935278dbb8651a12214e","sha256":"cbcd37a5cbf49c3c1e5a63613a2770458797cb5f94c17e7d644fe84a414769c2","sha512":"5299634b71ba0cb1eee36114fda95c3a25fd3c27ad3700aa92e1c33550305973bfa96f37d03d42c2845eb72c09491306fd3e76fbb3b94148923fccba5edb304d","ssdeep":"","tlshash":"8811ab135a66d64857c26fae4bcb2c0b93f4d34f085410fbaf7231ed9624dc11476e18","size":1000,"data":"","first_seen":"2025-03-05T19:45:29.856239Z","last_seen":"2026-05-17T05:51:41.218888Z","times_seen":182,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/jquery-3.3.1.min.js","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9a14b26aef8bba135e0749ec536f608","sha1":"096cbb5ce5fe7992c85f0bac682974196ad78d09","sha256":"cad9fc1485e97aca7816e5ef8406c7cb26648ee9fb2552e98c5dfc0e531474d4","sha512":"93abc3b0d3fd8546ba52c21dcaffdfaef6d29b8b931a8f6b1ed1d0739c86c6bbd4019c2b48dd77a36b7ec2061ccc21db9e0537a9234c4ad6205104ca61cb62d6","ssdeep":"","tlshash":"2611e59d3224f26d27ab10a4523b860ff2a1513c346d5453477dc8f4b8a58bf4227658","size":1000,"data":"","first_seen":"2023-04-29T08:43:09Z","last_seen":"2026-05-22T08:50:37.03921Z","times_seen":1828,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"oedy9.com/","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-08T14:31:33.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Thu, 08 Jan 2026 14:31:34 GMT\r\nserver: nginx\r\nset-cookie: think_var=zh-cn; path=/\nthink_var=zh-cn; path=/\nserver_name_session=8e24b569a590272a9b4329bb58acd27e; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.3.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":163363,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (21047), with CRLF, LF line terminators","md5":"ed7bede93e80f3a3fa6e173501a93e58","sha1":"22e832f76be42f252ceedd4438d72f20466ef9c3","sha256":"9d7e90a2780e1e10ab7ab01b72d629b52ef4156ce94a99e31275f99eb3cae1dd","sha512":"51799bf988cff741c693d2215c64da7b7fc9e614b5d6c03ba98a28c51f72d8fbb2e1b37f0178ab3681745f79d95d4d2e971992a65825ff365800a9df5fc98a29","ssdeep":"1536:JcEjZfrQy+OXoSYs6vBCVpii+4tCWC/BfqWxr0Fa+O:JcEjZfrQyDXcB0iY3QqWxriC","tlshash":"8df3869588e5993249b7c0c588902b2cf3d2924fdbc16d46b9fc2a7bff58d12720b25d","first_seen":"2026-01-08T14:32:04.283771Z","last_seen":"2026-01-08T14:32:04.283771Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1407,"timings":{"blocked":588,"dns":478,"connect":47,"send":0,"wait":238,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/css/common.css?v=1767882694","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://oedy9.com/","date":"2026-01-08T14:31:34.666Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /template/oedy9.com/asset/css/common.css?v=1767882694 HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nCookie: think_var=zh-cn; server_name_session=8e24b569a590272a9b4329bb58acd27e\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Thu, 08 Jan 2026 14:31:34 GMT\r\netag: W/\"690382cc-cf7\"\r\nexpires: Fri, 09 Jan 2026 02:31:34 GMT\r\nlast-modified: Thu, 30 Oct 2025 15:22:52 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 1174\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3319,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"fd1883f3175814b2ab831a61de46270f","sha1":"6bdb5ea6e5742b603065968175146f37490efc34","sha256":"aef52165eda8d9be75951262896f8831842b93e8db7f1a99a5f281294d2f208b","sha512":"6de5d8af1052bb8baeee9239d563732dbf4df9e66aa86a846cfd1888ba675a3350f29a0d401b0f54b32576e73af40abe16edc2edd871ae5f8cda71a584737590","ssdeep":"","tlshash":"5761ef4219022c85d52bf2a798f786eded4f6403a78360eab9e17805cfcf69700225d8","first_seen":"2025-07-04T12:12:16.310038Z","last_seen":"2026-05-19T00:18:23.863424Z","times_seen":77,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/mob.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-08T14:31:34.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /mob.html HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nCookie: think_var=zh-cn; server_name_session=8e24b569a590272a9b4329bb58acd27e\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Thu, 08 Jan 2026 14:31:34 GMT\r\netag: W/\"695f77fd-8ba\"\r\nlast-modified: Thu, 08 Jan 2026 09:25:17 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 1349\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2234,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"5c51fb444fc1205c3a42b70b904e678b","sha1":"09a8e7ce92f73c926ffb3877642430862f8bcede","sha256":"f43c3539d343da017cc419e37d029419a7e3635463b7e9406d779fb5ee333886","sha512":"0183d89acdf6b0c596689747f0b7c518dac125c08ebce830a835262ade5b0fdabce02c48a51115b88a278ef4a6709fe2eea92bef3f102bb07ef697e7ec74fd57","ssdeep":"","tlshash":"3f41a8d347a685267d92d8507a522fd6329c9807e00bc76476f5e478cec0fa642333cc","first_seen":"2026-01-08T14:32:04.285826Z","last_seen":"2026-01-13T21:50:29.315705Z","times_seen":9,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.qrserver.com/v1/create-qr-code/?size=300x300\u0026data=https%3A%2F%2Foedy9.com%2F","fqdn":"api.qrserver.com","domain":"qrserver.com","tld":"com"},"ip":{"addr":"195.201.128.178","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/mob.html","date":"2026-01-08T14:31:35.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qrserver.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 22:18:40 GMT","end":"Thu, 26 Feb 2026 22:18:39 GMT"},"fingerprint":{"sha1":"23:4D:ED:B3:2F:0B:6D:84:79:B1:6A:20:D7:E3:E9:84:89:BE:9E:73","sha256":"5F:77:7A:06:7C:63:17:CC:DE:43:B5:D1:76:CD:CD:98:2A:80:61:7B:F9:7A:7A:4D:A5:BA:C8:FE:FA:22:0C:BB"}}},"request":{"raw":"GET /v1/create-qr-code/?size=300x300\u0026data=https%3A%2F%2Foedy9.com%2F HTTP/1.1\r\nHost: api.qrserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 08 Jan 2026 14:31:35 GMT\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 7200\r\naccess-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 1-bit colormap, non-interlaced","md5":"de44117dfc1c6396b2139c7855385a6b","sha1":"eee7f4fcdd85ea01c753de719c7c2edf04480c4d","sha256":"4033e9ef0c4d5b03043140a8c80dbf4ed472d4659ae2014bfbc56af364abb3f3","sha512":"c19ac481610294b96cc27feff32dd6fc6c3fac975f8de1f46bb06ea099cfe8f5f3337f1832192197c4ebb87daca79e9b3ba559e38a41dcc69c79d208059a0531","ssdeep":"","tlshash":"f7f0b3d33b108c2b0a19b0a2bb2e0020ce72681b214d34ab378bce3646b21048c4001f","first_seen":"2025-12-17T23:26:10.098235Z","last_seen":"2026-01-13T21:50:29.324086Z","times_seen":37,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":112,"dns":14,"connect":25,"send":0,"wait":26,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/favicon.ico","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":443,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/mob.html","date":"2026-01-08T14:31:35.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/mob.html\r\nCookie: think_var=zh-cn; server_name_session=8e24b569a590272a9b4329bb58acd27e\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Thu, 08 Jan 2026 14:31:35 GMT\r\netag: \"6933481e-fc4\"\r\nlast-modified: Fri, 05 Dec 2025 21:01:18 GMT\r\nserver: nginx\r\ncontent-length: 4036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4036,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e59ad0a9aefea690d92ffc6266516c6","sha1":"f82e7a5e38ad362b54a94522fd99963bc1515d27","sha256":"fa3958fb852fab1c92b41cbb3a1ad0c4487ee1cd1ef4712e6817fab8b8fde0eb","sha512":"3b4c28339115ca408dd153651ca8a2447b50788ff8499e51986f4062a8124e3145ef0d0ee9dbc36515be338d7cd0a21e1d6eb9725e9905454911af9c6d8827e0","ssdeep":"","tlshash":"a8817e69280b2a67e7f9a51b07360117ddf1a0ad62d7a88dc909c037bdee2b73086414","first_seen":"2025-12-05T22:31:48.407286Z","last_seen":"2026-02-14T16:06:52.824936Z","times_seen":254,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":49,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-08","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}