{"report_id":"2969b629-471c-4018-a69d-82c1d30b2504","version":6,"status":"done","tags":[],"date":"2026-01-02T04:47:21Z","url":{"schema":"http","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":0,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"title":"tp官网最新版下载_tp交易所app下载(TPWallet)-tp官方网站下载app\\tp官网下载安卓最新版本2025|你的通用数字钱包","dom":{"size":146,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"b758902c11535f52e2e15005935a3c98","sha1":"18c95a57c3c2dac3a1d26d607dd9aa2a5784d5cb","sha256":"0a1ee78003e72494605ebb02da5e93a2e363d1103fabf54ff63f7ad1c5c75d12","sha512":"d741deb19a8dd72fd9279f02eb20a9ef7771d4c4c7010d78eee666a9798b53ba48bcc4d78d1d0ec1eef7f42cdd6ab68d7fb0d27b6bce80cf5e3784124484df75","ssdeep":"","tlshash":"2cc02b0c74636548dd03115017c33240c288c33f685ec011390d8583b3cb2bac4c33a5","dom_hash":"domhash18da208b3b39949e9ba09528a720f5c0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":0,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-06T04:47:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-02T04:47:12Z","timestamp":1767329232,"ip_dst":{"addr":"172.18.0.4","port":45786,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"severity":"medium","alert":"ETPRO HUNTING HTTP 200 Stat Code with 404 in Body","source":"{\"timestamp\":\"2026-01-02T04:47:12.061254+0000\",\"flow_id\":1465519308209157,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.90.30.70\",\"src_port\":80,\"dest_ip\":\"172.18.0.4\",\"dest_port\":45786,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2847953,\"rev\":1,\"signature\":\"ETPRO HUNTING HTTP 200 Stat Code with 404 in Body\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_04_01\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_04_01\"]}},\"http\":{\"hostname\":\"m.baijichuanmei.com\",\"url\":\"/404.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://m.baijichuanmei.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":118},\"files\":[{\"filename\":\"/404.html\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":148,\"tx_id\":9}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":68,\"bytes_toserver\":7263,\"bytes_toclient\":82283,\"start\":\"2026-01-02T04:47:02.523269+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"m.baijichuanmei.com","ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"domain_registered":"2024-04-21","domain_rank":0,"first_seen":"2026-01-02T04:47:22.783018Z","last_seen":"2026-01-02T04:47:22.783018Z","alert_count":135,"request_count":67,"received_data":1939217,"sent_data":32533,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"WOW","description":"Reveal CSS animation as you scroll down a page.","website":"https://www.delac.io/WOW","common_platform_enumeration":"","icon":"","categories":["JavaScript frameworks","Web frameworks","JavaScript graphics"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]},{"name":"Popper","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Magnific Popup","description":"Magnific Popup is a responsive lightbox \u0026 dialog script with focus on performance and providing best experience for user with any device.","website":"https://dimsemenov.com/plugins/magnific-popup/","common_platform_enumeration":"","icon":"Magnific Popup.png","categories":["JavaScript libraries"]}]},{"fqdn":"oudngmslhifnsf.gdmgcyy.com","ip":{"addr":"206.119.188.34","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"domain_registered":"2020-05-10","domain_rank":0,"first_seen":"2024-02-01T09:47:13Z","last_seen":"2025-12-30T12:02:54.31966Z","alert_count":0,"request_count":1,"received_data":1837,"sent_data":423,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.21.4.3","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/scrolltop.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"36e8c3c87020b0ac057fa96463619793","sha1":"3bab73ad0a2528b80270b2413ab7955f956acee8","sha256":"8a29dd36263e340e17993bc8a3f8a17c7802b07b36c8592a493c4d0f31bc3fe5","sha512":"a331ee92c98981f94db0000507b636e8d033f4a61e5f0574330f859a1a532dc557b4d1ccabd693cb5939696d91a8ccdf376d9c91d539a853b8a4b6ea951263ff","ssdeep":"","tlshash":"8f41d04b79a3134a09eff8bdca9f138d7734e157b9059854788c16b98f1053856e2f8c","size":2239,"data":"","first_seen":"2023-03-07T12:04:25Z","last_seen":"2026-04-03T18:30:23.402223Z","times_seen":724,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/wow.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"36050285bfeeb7395752f0f9bbc08273","sha1":"5924f7bbbf1dfa3f0926851d01f782f23a59e805","sha256":"0ec632e6ab02d4fdd514da7f5edc74aa28c9d4c71af76f1c8b93a1fba85bcc69","sha512":"bf887e087c52583114b77bfb417d7dffa0ee8634d39155af14591a24b2add9ef4c8a0c0555364122800d07a55f5f1fb0c723b39541b069a437ff558ddbf380a3","ssdeep":"96:UrZgL1xvPV6GqKgR6TYLWHFMLJA6pOROVEE1fosvGeaMozHImBaoqbl:Ury9PVfIFrlAJROVEEdos+eatzHILoA","tlshash":"750267c97a967031d75796f6833f0106b6361aeeb028047cb5b88dd57c78868523bf38","size":8415,"data":"","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-03T22:59:20.081874Z","times_seen":9664,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oudngmslhifnsf.gdmgcyy.com/tj.js","fqdn":"oudngmslhifnsf.gdmgcyy.com","domain":"gdmgcyy.com","tld":"com"},"ip":{"addr":"206.119.188.34","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"75744fb2ef623aad85ddbffa4cf8d621","sha1":"f4b47226e8c7acbb1aed3b53e1e41ab5edd01973","sha256":"3aa8a8bf8c2853aa2eb294e9303ae7aff22aa1d076dd91e1ddbc13b888fa91a8","sha512":"c51b00c3235de1998281f2bc4e9df5883254da82233265b6ed7dd497e1ac776feb5c0172656e4447a8fe67ec675e226ade7b159422af333fdfc12e8cc1825b54","ssdeep":"","tlshash":"77316578374b14a23337f612144b541c62b5d3854b6f08e0e3a576997de6948d04bf7e","size":1546,"data":"","first_seen":"2025-11-25T12:21:30.366924Z","last_seen":"2026-04-03T18:30:23.366728Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/modernizr-3.5.0.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7c97fdd45a562ace6cffddc9437a779","sha1":"eb6a5e550ab67f95986363a87da875212ba2f139","sha256":"525ba420f42f72699e059e5c20dd3acd591da3d54d70a319b0e360369482dde8","sha512":"65ef6c5b824d66c2546b3cedceeefa967aad3787002be2e2721c14fbd846cdd75b63a8aa102005276356fff04cc5bd9a79d53f216385e001e79fa49247669633","ssdeep":"192:lDYT/2wPZgoOfzAL0kvzaPZNI1C/W0DVLzcuQWyn:lMT/2wPxOfzapbaPZNI8/tzGWC","tlshash":"2602c9a97697b672835a3070117f040ead3b2c096e05c444f02dd5ac7bbcaa46367e2e","size":8636,"data":"","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-03T22:59:20.070493Z","times_seen":2085,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/counterup.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ef36cca760bf1cd76cfcd0e4dc10cef1","sha1":"ef38469f60d58850fe55c4de2ec7e289a2415d71","sha256":"26d40f8ffdf1b9bf286a954c6888a33cda0cd031e802d821fe0c0562e379ae29","sha512":"77c175276932891a30041ffcfe9016b2a525d304843a41b92804e4555e2c95f6e5abd55143a3320d95715a5dad59dfa63e1b826e94c1e0ceee53fc7d165810f5","ssdeep":"","tlshash":"37118cb93a0a298daa80e459f1efb0989176bdbc0c80884b91c558401fa5abc3b5b730","size":1067,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T23:43:45.344809Z","times_seen":9080,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/popper.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a22f3f7e61af6a069aa6b422537c3f49","sha1":"682fdc625ae80a890d10af2cb16e62540e2186a8","sha256":"d2b9f29ea1f42a60a8beb1c04f76868287f2a48d6ec50fb39d6b888584a03c49","sha512":"71b8d409a48fbdcaaa28f8a412248163857b2cb9ed6a5c4fe2bd0c4898ba3ef7f34d0d538097d94568246bc88a317cdaa509f05095c59caf5c567d73a973e2f6","ssdeep":"384:fYn0vf4wzTC9nNbR1PTM4CrBEQxkxpOxvYLmD75zfC5vIfg3rzGp/TidOgHhXjEN:w0vAwzTC/nM4BxpOxv/D7pC5vfzy/Ti6","tlshash":"2992a3dc3294b06647ab91a7a07f960eb1335875610e9410f19df2e97c30ef9613bc79","size":20336,"data":"","first_seen":"2023-03-07T01:02:57Z","last_seen":"2026-04-03T20:18:31.249551Z","times_seen":2115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/waypoints.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dfe0eedf8da578f4a4c43b05448c51d9","sha1":"812d7071b4e44b1aa5d5ea6c7ce0b79eb9d46520","sha256":"a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833","sha512":"9084433d6201a0aa45efd1c9bf7c413d08192a3871cea3061b637af2cbef21de39c3dbe9fe14d7a11edc0c44588551212c94ee4866ff737f991e07907cb9b41e","ssdeep":"96:uLBvpnG3nnRh+1pRVKmHyjyYfAPiQc954LT4KN/WzdBUVKdBJEdfdpu531v8L7:uPG3nC19KWssPVpX4KN/eU8Ju4e/","tlshash":"3bf1f9c9b4c7b4221befa0b5d43f060bb33a9e4561098064f194e4da3db4a2da567f38","size":8044,"data":"","first_seen":"2023-03-07T01:07:26Z","last_seen":"2026-04-03T23:42:18.514182Z","times_seen":9207,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/ajax-form.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fdd4d0f0ab7d63fd10bbc56f73b8874","sha1":"2895c175d93e8d0a6d205a9d47fc11386db126b1","sha256":"6f9e9742293db7a493b19c68bc2885796c5f90e6e9449b3e633ea56780e5213d","sha512":"8ccd207ee1f49dc7f4eca16b2e6593bb671cf2ebd4ff32f30618255fddaa908c6384c32164e8d7c503f7da74155b12ab85a58bb2bc10362ca5be08a77c3db7cc","ssdeep":"","tlshash":"23217d05fb7c0b7e1227200536fd33cda62c55a24603342bcfe9197616941dc23c17aa","size":1215,"data":"","first_seen":"2023-03-07T12:04:25Z","last_seen":"2026-04-03T18:30:23.386893Z","times_seen":714,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/jquery-1.12.4.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","size":97163,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-03T23:25:47.96724Z","times_seen":67154,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/main.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"db57dc1095e0109b2897a1e3e917c020","sha1":"eb096656b27ff23dabd33e656541a4674c6bfe12","sha256":"339b0ac6d3fbc1341ab504d41e4abe03e979338783dc2ad9f7d18ccabbc0e101","sha512":"f6b4efdeb63ee74df4aa18a4de845c9811169b2a8a10a3661914b9bd1945d3910f154ca7ffd22e8a41d0f307cb7b12369b1d20ced3fbf9143e64caf868b4128c","ssdeep":"","tlshash":"c461ab05acf914112037e13d9fefa107d754e00b7a896e64798c0a947fad2ada1fcbd0","size":3399,"data":"","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.410401Z","times_seen":680,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/plugins.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"074c4c08f0730c4d4ca76f724355807c","sha1":"09d6a93af6b87a67c5773163d35f40b993fca3d3","sha256":"c6129bd3aeb079f5c310d2a9618478ba0d621992c1a5e5ef320917937dc2dbb7","sha512":"a45d1aa93f012a328c46ada04cd59c65f6bb821a242a499db3f8f5bc88db74fd7b4f83a478f58f93d967a9e12c96532407f8041ce6e81ded0bc478a213d59005","ssdeep":"","tlshash":"d101c0154cfb1062986fb25cda7b700c63a04953c48bfd71fd2d96044f95e25c1da0e6","size":760,"data":"","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-03T22:59:20.059356Z","times_seen":2882,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/bootstrap.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","size":51039,"data":"","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-03T23:28:47.688308Z","times_seen":120583,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/swiper.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b117060487d6ec17a9af7c5604a2c149","sha1":"40a26a977cf1c6b060668c9680cf71a6c8e91e0d","sha256":"34200a216f42b734a9723a5367645bb517c31e036b42e2bf6a480c62880fc12c","sha512":"ed7117d767aaa81dc7633866334e0610334fa921f6f6e1076ebd1818398c657239a8a7d924f429a5bbf932ac9976ac0203d648c745a210f8a5000cc72d0d4c2b","ssdeep":"1536:nI2qg0G1fiPJWmb0vCqIA9GK8FEliAfmrGMy55T1s53V7gZxj8rvHgZsUOUBDBWf:V4b0akdSyBohgZu7HgZsUOUFBWqjxUx","tlshash":"41c3094eb390619511e36256529e9241a3b72409780ad0ac35b6cce7adbde4c13bfffc","size":121304,"data":"","first_seen":"2023-03-08T00:01:27Z","last_seen":"2026-04-03T18:30:23.40147Z","times_seen":897,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/magnific-popup.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba6cf724c8bb1cf5b084e79ff230626e","sha1":"f455c5f153f872e52265f87a644ff89fe14a6fb6","sha256":"3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4","sha512":"22c361e44dde632dedaff2625f6631e2fb02ba3b6487097b48baa09f02cd81fd381ebb7d053f525e52e56655b1f8e2b89ddcc0a002e1b0c35c0a6920823641d7","ssdeep":"384:lPhVPXQ2G2XAQyqVxRQ5giCCMLtA15h5/F6l8aZwHwztLCpmst:lPBIt8I5h5t1qkOLCMst","tlshash":"bd921894f2b2b21383a735b8686f70093a729952ed06c855a55d94d87efcec89037f3c","size":20216,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T22:59:20.082807Z","times_seen":54445,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/owl.carousel.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b7b9c97cd68ec336d01a79d5be48c58d","sha1":"1a99890b57c9859a622337ed0b2f989d6e30cc0e","sha256":"b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43","sha512":"968e18822c24c6c54827999ec766fe54750a9489d22b6a45b641854731ec00beb8fd93b9bda8823e67463f7a99ab587d333673821ae90cfdf7e92716ba050c4e","ssdeep":"768:JBA7PMMFA0tdlXKNSR4vlGRep2lcwJeL+C2jQdc7/CORUQuFBt33:HAIMFFdYMxAcLQDV","tlshash":"cb137346b3202d2a869b61a0663f160bb23a291ce414507d7d7da6de6d7dc4c213fbfc","size":42766,"data":"","first_seen":"2023-03-07T01:03:18Z","last_seen":"2026-04-03T23:27:51.757632Z","times_seen":15893,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/tj.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5d3d830acdaadeaff7de7ce0822c3d11","sha1":"1a09f51cb91558fde445ed7ed306693b30e0856e","sha256":"0c8716986951d50457d9d3c517f90b78ee0c0cbc43cb5ca3ed011d46ee79ed80","sha512":"60463dcf797c663d452aebe90d84eee917719b1265949a79945e0f3a35c18bdefa73e9a11ccb13f38f64a9f42521b76ce4b2189bb065b14a1780479d153b1d77","ssdeep":"","tlshash":"39e0c0e0359274ca430ab8d0043bd00ae2fb56497caf51f4f908710e795578c529f659","size":362,"data":"","first_seen":"2024-09-04T08:43:24Z","last_seen":"2026-04-03T18:30:23.331777Z","times_seen":389,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"deab99731237b52d1b60dd7d144a15c0","sha1":"1cd0ca53fbd8c8943a02250ab2e4e47a66e420da","sha256":"e1bfbe54fd1f16ed88120eae9549e8cf7d708eb595d8c787930215b22b4497c2","sha512":"74c463682de765e7ed115ad8a626e05ea8789078398e3a568decf38561451b33980fac4ba37c18b4189969ff51680cbe536cbcc99b7a1b3daa3b67ed11d28548","ssdeep":"","tlshash":"48b012422e0891406a0418840431f5cc30748829bd84d9124049411004616d80842d00","size":87,"data":"","first_seen":"2024-04-04T05:50:24Z","last_seen":"2026-04-03T18:30:23.411977Z","times_seen":730,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"40f33486c7e82a3599949a8d82c3b3cd","sha1":"db1d5cd111c40cef169f44f9c9cd500549fe362c","sha256":"9c6798c006df11e477245aee0c73b729977f1e5048a07749b8551915cd563dd3","sha512":"dd252826130921e83ebc1257a15395cf2181c5f81e52424af0b22314430a5969e1048a3fc842889144daca85374ca9976c331ff03cee1a0dc938d61726232c0e","ssdeep":"","tlshash":"613112f17096902e8163566138556f9c793c6150ef168c7244ecb9b4e885ec67413f8c","size":1507,"data":"","first_seen":"2025-11-25T12:21:30.433689Z","last_seen":"2026-04-03T18:30:23.412766Z","times_seen":219,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/meanmenu.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0444feb93a5bb35397275148613d7c07","sha1":"ffddb012374e39779bd5415080ab9e7ac5afa194","sha256":"eaf2ccc92a9f802623e6eb69af21a03fc6ba48b509201e2ded5165b58f22957e","sha512":"5126cb584686083ae2f01223a012efd657fa64fe1ab2d87ee7091050b83dcfedcb71971f9732c175b87f9afc41e828d6be578630728028a83a7c6da2cdde5a90","ssdeep":"","tlshash":"5e810066757084fc24bf64e6f43ee33636f7a40af44ed400b07aa9b63425e941063ad9","size":4019,"data":"","first_seen":"2023-03-07T01:16:27Z","last_seen":"2026-04-03T18:30:23.365342Z","times_seen":4130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"0c62e4b2ef2dd122138f49484f5df37e","sha1":"ff69377d20545562b648b7607e40251bcb0a004f","sha256":"97e41672c8ac279bcf8d69500df45bf1b8650ecc272a99d9bcb34872c99edc56","sha512":"86c681a67693b3e00ff96b85ed22213d83750667670e248ae8e60a8e582e6c05bb650446a2feef2103d7c214ae2dcdaf5f6968fa0a100efa2996337571d24417","ssdeep":"","tlshash":"8ea00257ad09d5949a00acc84436f5cc6021994e7dd8dd6789b852155d626ed0852940","size":64,"data":"","first_seen":"2024-04-04T05:50:24Z","last_seen":"2026-04-03T18:30:23.413487Z","times_seen":729,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/waypoints.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.640Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/waypoints.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1f6c\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8044,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7808)","md5":"dfe0eedf8da578f4a4c43b05448c51d9","sha1":"812d7071b4e44b1aa5d5ea6c7ce0b79eb9d46520","sha256":"a0fded691aed767f851011cd3185b928619298a21a0fbdad4808a9e88b490833","sha512":"9084433d6201a0aa45efd1c9bf7c413d08192a3871cea3061b637af2cbef21de39c3dbe9fe14d7a11edc0c44588551212c94ee4866ff737f991e07907cb9b41e","ssdeep":"96:uLBvpnG3nnRh+1pRVKmHyjyYfAPiQc954LT4KN/WzdBUVKdBJEdfdpu531v8L7:uPG3nC19KWssPVpX4KN/eU8Ju4e/","tlshash":"3bf1f9c9b4c7b4221befa0b5d43f060bb33a9e4561098064f194e4da3db4a2da567f38","first_seen":"2023-03-07T01:07:26Z","last_seen":"2026-04-03T23:42:18.514182Z","times_seen":9207,"resource_available":true,"data":null}},"time_used":4474,"timings":{"blocked":3558,"dns":0,"connect":0,"send":0,"wait":915,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/images/hero-bg-1.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.191Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/images/hero-bg-1.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/style.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:11 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-e591\"\r\nExpires: Sun, 01 Feb 2026 04:47:11 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":58769,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x800, components 3","md5":"54df693087c681bca1e3a984c625aba9","sha1":"d1c489b5200f2b55945b848d7490234f296744df","sha256":"7b9d4cbbe3baae34090c8f128c4ebad670f69b0ad4103069517c167203a62225","sha512":"4737c4803798aa02a220e8592c6c7ca9900cffa5388da683d3d5db282db64e22445d1138a40ee187f3c45fa63575f8a07a5d024635296f5e6abcd02d5ee09dfa","ssdeep":"1536:OQ+bvPR6OSNawAWUOVoLzcm87HrQd4onCT:g3R6OSNawK8jEd/U","tlshash":"5a43e062ea42fb42e6ec1330dcf35b1e7f6305e69386d510aafc3874489a7683d4e585","first_seen":"2024-02-01T10:47:47Z","last_seen":"2026-04-03T18:30:23.388807Z","times_seen":645,"resource_available":false,"data":null}},"time_used":3020,"timings":{"blocked":1694,"dns":0,"connect":0,"send":0,"wait":1020,"receive":306,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/icon-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.570Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/icon-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:15 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-9a2\"\r\nExpires: Sun, 01 Feb 2026 04:47:15 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"b12ee7f26711f115e8a962d682841331","sha1":"a1c578afea5339a63ecbe2d1878e4ae201aa8a6c","sha256":"666713a3f66755c9146819c2099af596bc212ff1a7db0cf981eee0c649ab2b8a","sha512":"f3d4b2d65dca4d05e544effb4d9a4abd77602331b66e23de00280aad8511a410e0d5ee568383f670d2815be8714ad62bd8ea356402ba6156af1c901d75c179b0","ssdeep":"","tlshash":"69511a15f0428812a2d9e542a5fa042a5f62c960ced0e1aeedca50a404742fc556e1df","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.394225Z","times_seen":670,"resource_available":false,"data":null}},"time_used":13606,"timings":{"blocked":9855,"dns":0,"connect":0,"send":0,"wait":3750,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/shape-3.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.565Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/shape-3.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:11 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-603\"\r\nExpires: Sun, 01 Feb 2026 04:47:11 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1539,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced","md5":"7897206239870928ccadd33798a0c388","sha1":"c8ebf2f2078d74e3cd70765dd23610fd2e118295","sha256":"5933313031931d2179d11ecac187502a4e628c63c22f89cae78f1a009d5f2f51","sha512":"d2a406f8bffc58bdf76868fab236816274b99bcef08c9daf37abb73e37f89692336c76e1ff33312b3739489d9a5c38f191da45a7bb650161c2c3be6901b291ad","ssdeep":"","tlshash":"a53197999a026f437288f9c208e90673986645c0d9e5e0787dcea41225721fd56167c7","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.34603Z","times_seen":662,"resource_available":false,"data":null}},"time_used":9348,"timings":{"blocked":8760,"dns":0,"connect":0,"send":0,"wait":588,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/fontawesome-webfont.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.215Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/fontawesome-webfont.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/fontawesome-all.min.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 77160\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-12d68\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-04-03T23:30:00.221148Z","times_seen":409934,"resource_available":true,"data":null}},"time_used":1621,"timings":{"blocked":268,"dns":0,"connect":0,"send":0,"wait":1045,"receive":308,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/icon-2.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.571Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/icon-2.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:14 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-e70\"\r\nExpires: Sun, 01 Feb 2026 04:47:14 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3696,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 27 x 42, 8-bit/color RGBA, non-interlaced","md5":"db2a1bb07e49376ad9e93001a8a08223","sha1":"89dea4d507f5d61eacf70c755aef7bac003d92ae","sha256":"374b798d265fbf16b071275596dc6a5d6915f3ec3bd69d3e453073ad62c495ba","sha512":"a6a77e2285d64221f779709407e3ff537beb8e6f13f94af506f2ccfdfe50fa97c874352cec2aa8614089574f427eec83095ab696c411cc2f943cf16302386e7a","ssdeep":"","tlshash":"9d717c4df581691201eded810975403bdfb14a94deb8d8faacde405e64c08fe2166ecf","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.40602Z","times_seen":664,"resource_available":false,"data":null}},"time_used":15726,"timings":{"blocked":10026,"dns":0,"connect":0,"send":0,"wait":5700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/icon-3.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.571Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/icon-3.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:16 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-ba9\"\r\nExpires: Sun, 01 Feb 2026 04:47:16 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2985,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 45 x 42, 8-bit/color RGBA, non-interlaced","md5":"7b771bffd4eb3584002b6ecc876a2146","sha1":"30295bba792a8eeee1e01669211eca906039a8c3","sha256":"83228bc5e056a9ea12eef48e95455753d46a5867d5559b4afc52e6fcdda1fd19","sha512":"996dcde46077d104eaa50ae68e31af22ba5fa351e7fc9706a100006d113579f9357074d5c715d7c8f148fbaefde2729a7a8c4a336710b5c1a55a453650f9dda8","ssdeep":"","tlshash":"6f515c0dcf1e5c98748aae9508e48167fb759304c723eaf27acd481a09311f8e998dcf","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.354533Z","times_seen":672,"resource_available":false,"data":null}},"time_used":13798,"timings":{"blocked":13498,"dns":0,"connect":0,"send":0,"wait":299,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/gallery-6.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.631Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/gallery-6.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:09 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-218d\"\r\nExpires: Sun, 01 Feb 2026 04:47:09 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8589,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3","md5":"939fdd3fe4c3f64694a5c587dcaaff07","sha1":"dd6ad294a49435f1ec4f6c4c2cbccaf9ce7a62ac","sha256":"fcfe9fdc32d7f1e3485514b47236004b0dbd09c6d934b69b480d79a660e32675","sha512":"6fa6471b59b6caa44ee7618365e31e401b736faa2824592846e21f49e839be015c62ef6f76fac23198fd9a5f4aaf9633c70d72c4055be20561098b44785529ba","ssdeep":"96:n2oVKsJ6rTj+6PaaMHTSdsPNLf2eFMh1YMKpP8qQcFCTLuAZR9BfRzFio7IcBmEf:RHJgj+qoPFK1jKpPnibYo7cOaTwF","tlshash":"4802af7f1d735a7885b4a56025daa4236e29c7c8c7c3443fec28e607e57a212d8ca3d5","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.400789Z","times_seen":635,"resource_available":false,"data":null}},"time_used":7767,"timings":{"blocked":5792,"dns":0,"connect":0,"send":0,"wait":1975,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/modernizr-3.5.0.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.633Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/modernizr-3.5.0.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:03 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-21bc\"\r\nExpires: Fri, 02 Jan 2026 16:47:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8636,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8320)","md5":"d7c97fdd45a562ace6cffddc9437a779","sha1":"eb6a5e550ab67f95986363a87da875212ba2f139","sha256":"525ba420f42f72699e059e5c20dd3acd591da3d54d70a319b0e360369482dde8","sha512":"65ef6c5b824d66c2546b3cedceeefa967aad3787002be2e2721c14fbd846cdd75b63a8aa102005276356fff04cc5bd9a79d53f216385e001e79fa49247669633","ssdeep":"192:lDYT/2wPZgoOfzAL0kvzaPZNI1C/W0DVLzcuQWyn:lMT/2wPxOfzapbaPZNI8/tzGWC","tlshash":"2602c9a97697b672835a3070117f040ead3b2c096e05c444f02dd5ac7bbcaa46367e2e","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-03T22:59:20.070493Z","times_seen":2085,"resource_available":true,"data":null}},"time_used":2730,"timings":{"blocked":353,"dns":0,"connect":0,"send":0,"wait":2375,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/counterup.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.645Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/counterup.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-42b\"\r\nExpires: Fri, 02 Jan 2026 16:47:06 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1067,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (917)","md5":"ef36cca760bf1cd76cfcd0e4dc10cef1","sha1":"ef38469f60d58850fe55c4de2ec7e289a2415d71","sha256":"26d40f8ffdf1b9bf286a954c6888a33cda0cd031e802d821fe0c0562e379ae29","sha512":"77c175276932891a30041ffcfe9016b2a525d304843a41b92804e4555e2c95f6e5abd55143a3320d95715a5dad59dfa63e1b826e94c1e0ceee53fc7d165810f5","ssdeep":"","tlshash":"37118cb93a0a298daa80e459f1efb0989176bdbc0c80884b91c558401fa5abc3b5b730","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T23:43:45.344809Z","times_seen":9080,"resource_available":true,"data":null}},"time_used":5217,"timings":{"blocked":4183,"dns":0,"connect":0,"send":0,"wait":1033,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/tj.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.561Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /tj.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:03 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 362\r\nLast-Modified: Tue, 12 Aug 2025 04:25:16 GMT\r\nConnection: keep-alive\r\nETag: \"689ac22c-16a\"\r\nExpires: Fri, 02 Jan 2026 16:47:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":362,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (361)","md5":"5d3d830acdaadeaff7de7ce0822c3d11","sha1":"1a09f51cb91558fde445ed7ed306693b30e0856e","sha256":"0c8716986951d50457d9d3c517f90b78ee0c0cbc43cb5ca3ed011d46ee79ed80","sha512":"60463dcf797c663d452aebe90d84eee917719b1265949a79945e0f3a35c18bdefa73e9a11ccb13f38f64a9f42521b76ce4b2189bb065b14a1780479d153b1d77","ssdeep":"","tlshash":"39e0c0e0359274ca430ab8d0043bd00ae2fb56497caf51f4f908710e795578c529f659","first_seen":"2024-09-04T08:43:24Z","last_seen":"2026-04-03T18:30:23.331777Z","times_seen":389,"resource_available":true,"data":null}},"time_used":2803,"timings":{"blocked":425,"dns":0,"connect":0,"send":0,"wait":2378,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/logo-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.562Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/logo-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-600\"\r\nExpires: Sun, 01 Feb 2026 04:47:09 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1536,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 36, 8-bit/color RGBA, non-interlaced","md5":"bb0f185735c1e4587da82b7ef4403ace","sha1":"fc2f1ecd0019f1515e0012d29349b1811a00df5c","sha256":"7ed24510b42ed7ac5bf0090d5b7c84e10a16633c6113e31d3a41349ea2bed9d9","sha512":"b8201786a6443d2ca74a0c400ac932349c6ad8fba93490a24441f79fb07385c5274f1ce237a1aadbb22ec8b53d55106c697db7364926fbe18396d98955a1af3d","ssdeep":"","tlshash":"38310a2928ba83a4d3589b36079401a7fc3825887ffb1c0c72a4afd042008e360d92ca","first_seen":"2023-11-30T19:01:46Z","last_seen":"2026-03-22T12:15:34.526708Z","times_seen":231,"resource_available":false,"data":null}},"time_used":7836,"timings":{"blocked":5940,"dns":0,"connect":0,"send":0,"wait":1896,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/plugins.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.648Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/plugins.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 760\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-2f8\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":760,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"074c4c08f0730c4d4ca76f724355807c","sha1":"09d6a93af6b87a67c5773163d35f40b993fca3d3","sha256":"c6129bd3aeb079f5c310d2a9618478ba0d621992c1a5e5ef320917937dc2dbb7","sha512":"a45d1aa93f012a328c46ada04cd59c65f6bb821a242a499db3f8f5bc88db74fd7b4f83a478f58f93d967a9e12c96532407f8041ce6e81ded0bc478a213d59005","ssdeep":"","tlshash":"d101c0154cfb1062986fb25cda7b700c63a04953c48bfd71fd2d96044f95e25c1da0e6","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-04-03T22:59:20.059356Z","times_seen":2882,"resource_available":true,"data":null}},"time_used":5234,"timings":{"blocked":4428,"dns":0,"connect":0,"send":0,"wait":806,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/pxigyp8kv8jhgfvrjjluchta.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.334Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/pxigyp8kv8jhgfvrjjluchta.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:11 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 8656\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-21d0\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8656,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8656, version 1.0","md5":"c8844b2518e608504a044c16951c094e","sha1":"b6a98202b81badaa49497d45a4568404e4fe05ec","sha256":"f41bc54bcb1241a706432b6ca646835b27140a2eca0f50595ac4fbdd9eeef0f5","sha512":"9c714cf28934a6cf15e9cebefb6e158b80ce52d2f4ae9fc6a17526ea5b30dde94dc6984d047667d9b49306d969303b189b62e818d0b8b69dc239ffb27cc7e344","ssdeep":"192:UCUcPSPRCNsa/UQXFRzmcDSBBBJK7SflOZbyRYTLqkAS:egsa/UQ1RqySBBBJQSfE9y4LqJS","tlshash":"5102ae8590491aa8f2b531f9d81d6d0a6f2e9bf0bf97028652276b5311f443ba3038f9","first_seen":"2023-05-04T20:26:06Z","last_seen":"2026-04-03T18:30:23.390809Z","times_seen":787,"resource_available":false,"data":null}},"time_used":1990,"timings":{"blocked":1501,"dns":0,"connect":0,"send":0,"wait":488,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:04.420Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/c9e1b5dc2b1b4169961debffbf206f94.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/style.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-267a\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9850,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"2ef088411949949624d5a9195246a010","sha1":"c867158dd181aecca4680880e61698a3e9653a97","sha256":"8b9d1ec006848bee7d0e0f0423fae8c7cc56a30b4113fedecf98646ebc96580c","sha512":"f1fb0b4b3e83ca4695bfbf0c6c2dd5953c42f2a90599766377c30b76755b7614c0d403928a041e36840e809a11a0f0344ed2becf201c38b0a885df18f0aa8692","ssdeep":"192:HO1O8eOjum2WpnVTX8sdTTzYD8OzZBCsBmDspn25z4ctlh8feVG:He8XqM0W","tlshash":"3712ab90086ba104eb876c8277df3e26de4e66453405d67a6ffe08d4acebc254361f1e","first_seen":"2025-04-07T10:47:40.795076Z","last_seen":"2026-04-03T18:30:23.335213Z","times_seen":450,"resource_available":false,"data":null}},"time_used":3484,"timings":{"blocked":3146,"dns":0,"connect":0,"send":0,"wait":338,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/4icv6kvjbnbylgocxcvjsgyn.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.228Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/4icv6kvjbnbylgocxcvjsgyn.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 28968\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-7128\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28968,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28968, version 1.0","md5":"b91fae466c698c775adb2ae92cecc8b2","sha1":"5c9b89fcd9dee91910506375b316c59aef97e47b","sha256":"045469f2d577c2ad73219bbd713640bcb4a4f9a46cecc6c0df0e66338646b27f","sha512":"292b6e990425741188f29727d5f2959b8b1e602716cf1e34dbf23223516ee45623b9f5512e083bf2c78a7b57705e9d68f56af250a60c461ae45e99f9d479a28b","ssdeep":"768:TdFItTkcz/TM8kQeXIfXC+Isv2KCFqVkxL:HItTkczLM8k9XEXn2Nme","tlshash":"20d2f15a5c8a0da7d23eb672469008e64ec935074368ddf3d7e40aab5afe4ec40142cf","first_seen":"2023-04-13T07:01:44Z","last_seen":"2026-04-03T18:30:23.338701Z","times_seen":960,"resource_available":false,"data":null}},"time_used":1658,"timings":{"blocked":1171,"dns":0,"connect":0,"send":0,"wait":334,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/favicon.ico","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:14.700Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:16 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 16958\r\nLast-Modified: Tue, 12 Aug 2025 04:25:16 GMT\r\nConnection: keep-alive\r\nETag: \"689ac22c-423e\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16958,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"4335a1236c49b652b743a45df7369f9a","sha1":"31fb93100c45f3a89b8c4ab57657e9765871cdf0","sha256":"49c07eda3d6369073f360397a29e52dd74020e6c0978e83c4eb1da69e37ae895","sha512":"7c75cbf31c2edf722c9791f86e815914f398897d6091141b15d107c9fd89ac15bb3cd280633060c214ea1a3ee419c810db31dd69bb766f38d42bf988bf86156e","ssdeep":"48:agCYWL1S8TMsIFoglZmva2dJLnQEqerobDn2zlCN8:glLIFoaex2EqKWDwT","tlshash":"d772f333602ec01ae4c45a70e0364b347a5a9d180b359bec1bd57dbd0fbb64ae79d2d8","first_seen":"2023-09-05T04:10:05Z","last_seen":"2026-04-03T18:30:23.403733Z","times_seen":685,"resource_available":false,"data":null}},"time_used":1766,"timings":{"blocked":1343,"dns":0,"connect":0,"send":0,"wait":270,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/meanmenu.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.544Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/meanmenu.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-ddf\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3551,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"0114b5bc44cfbf06fecb3419fd86558a","sha1":"535f3a6dfbec7470af300f7245a69baf034bf392","sha256":"916cc8ed433d7132f756b452e4ab9f9c429bf921b640c1a4a38ccc50465ed721","sha512":"d68e43013d60e47d926c573f9a7b5ab9a7797f9f80499ef8974256c09db6faeceb8e440f1657349493e8897582171a681b18f38c65719136dd2e91f7ceb959c0","ssdeep":"","tlshash":"9a71ce64da7b1049bbbf967ca3b1d7297fe0a056af0bc2ac78fce424c18439d50512c9","first_seen":"2025-02-06T16:53:29.615652Z","last_seen":"2026-04-03T18:30:23.378936Z","times_seen":491,"resource_available":false,"data":null}},"time_used":440,"timings":{"blocked":284,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/magnific-popup.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.547Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/magnific-popup.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1b2a\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6954,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"30b593b71d7672658f89bfea0ab360c9","sha1":"d6963db6faa9294387bb3175813a61bc3f859437","sha256":"45d1f5f6cf913746c45dd697b1a8f3b719c02d8b3f678dc7fc2766d54e1aaf6e","sha512":"58440dbfd777facab21e3aea519a1b0e11404590e4a36c2959d7dca6fe3896cca9b12b8c3b490719ddcc43caebb019ff41adfd5688e985d53a08c92925498357","ssdeep":"192:hRQ4fS5bzRyIy++mcS3n2s96/LEpeXHFykgxe:Alx3pSFh","tlshash":"a5e11bd39fb22305e525e9a8a657a76973120013e70fcc6bbfd12448df8d7c942a3b85","first_seen":"2023-04-05T05:38:02Z","last_seen":"2026-04-03T23:43:45.347052Z","times_seen":21259,"resource_available":true,"data":null}},"time_used":435,"timings":{"blocked":128,"dns":1,"connect":152,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/fontawesome-all.min.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.549Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/fontawesome-all.min.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-78d1\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30929,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30763)","md5":"861b93b125da96c853cb9680e0c844d2","sha1":"078ef3b7983ccef60eeaa80c2591201c8d47d264","sha256":"8d4a4872dc0faa2ff83bb6664338e63c6f9b52a603e29b1aa764f2866763b7fc","sha512":"2b833ac5b9ddada3722aa9f105116781b1be88dc45506fe60ed2ff2935422946540b888c5c58a56d5f59501bba48ddae6cbc5213b0124ccf0ca9026b8f589010","ssdeep":"384:vu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:4lr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"7cd241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d22a512c5fb9","first_seen":"2023-04-07T03:29:37Z","last_seen":"2026-04-03T22:21:01.617488Z","times_seen":1418,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":126,"dns":1,"connect":152,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/gallery-1.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.623Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/gallery-1.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:08 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-20b5\"\r\nExpires: Sun, 01 Feb 2026 04:47:08 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8373,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3","md5":"a503b5ea39cc615e9f621d3e3b557c88","sha1":"1f35790c70b0ba47649e51b0029e5ecfd6ce9567","sha256":"86e28b1dde1151defcd2156ad46fb88bf142931c26245a3255a68601f49314ae","sha512":"72411ae898c4f6bfa7721972d04c2e6541e82c9d323c3a85f3865e74bad32f608cbb9b00c6889c4bcb3808e2ce0c2901456bc3a51382e2da227dba32aba390ef","ssdeep":"192:3jzeZ+EPXSzViyOln3db3L2LecabODvXNJ0zloWA:3jzeZF/SzViymLWecabgvdJCA","tlshash":"98029e0a5a376884c5ddaab401f118437a528b05dad3a9c7cccc9d27ce786f7216f178","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.356884Z","times_seen":623,"resource_available":false,"data":null}},"time_used":5880,"timings":{"blocked":5281,"dns":0,"connect":0,"send":0,"wait":598,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/magnific-popup.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.638Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/magnific-popup.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-4ef8\"\r\nExpires: Fri, 02 Jan 2026 16:47:06 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20216,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20087)","md5":"ba6cf724c8bb1cf5b084e79ff230626e","sha1":"f455c5f153f872e52265f87a644ff89fe14a6fb6","sha256":"3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4","sha512":"22c361e44dde632dedaff2625f6631e2fb02ba3b6487097b48baa09f02cd81fd381ebb7d053f525e52e56655b1f8e2b89ddcc0a002e1b0c35c0a6920823641d7","ssdeep":"384:lPhVPXQ2G2XAQyqVxRQ5giCCMLtA15h5/F6l8aZwHwztLCpmst:lPBIt8I5h5t1qkOLCMst","tlshash":"bd921894f2b2b21383a735b8686f70093a729952ed06c855a55d94d87efcec89037f3c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-03T22:59:20.082807Z","times_seen":54445,"resource_available":true,"data":null}},"time_used":4288,"timings":{"blocked":2726,"dns":0,"connect":0,"send":0,"wait":1562,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/pxieyp8kv8jhgfvrjjfecg.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.222Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/pxieyp8kv8jhgfvrjjfecg.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 7900\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-1edc\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7900,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7900, version 1.0","md5":"9ed361bba8488aeb2797b82befda20f1","sha1":"6f80d965a066aff81c0a344d4b7297bd009cc099","sha256":"41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c","sha512":"a445d1850d9a03b32944586b426c1eb0e3cd42ad24d4c029e993f37c11cd24680fe9c354425a9d6a84fef27a9e06704108d845f74c204c5bec5a95f50cf50bd6","ssdeep":"192:p7uo9HQkQLb61fpJohI/gCvwsd2pbbhKn:p7v9wkYbkfpJPIqdyhK","tlshash":"33f1c0d24f50e68ffb9ba63a5c1ec3724dcea0a521c5e87c39c81c0bd269d13597c144","first_seen":"2023-04-08T01:54:40Z","last_seen":"2026-04-03T18:30:23.342227Z","times_seen":4575,"resource_available":false,"data":null}},"time_used":1406,"timings":{"blocked":349,"dns":0,"connect":0,"send":0,"wait":1056,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/4icv6kvjbnbylgocjc3jsgyn.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.230Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/4icv6kvjbnbylgocjc3jsgyn.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 29864\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-74a8\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29864,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29864, version 1.0","md5":"b4e565dcfc8f6cb332be0fc03302ad99","sha1":"86bec9deab5b1b78b2c3b40df903c7d25e511763","sha256":"97d812da07c2319e0e64c4137b33a5d3ccfb4c06fa5ab4444f522959e27a9ed0","sha512":"8ea28485a5fef31d28b0d7024ea7fbef09a21132ec57d2be64f040e140c4a611dac953a242f7413c4b02aaa20befe88fc218d0d130b27680cb4e68bd4da03dff","ssdeep":"768:Y9AVTkQu2MCn7VhS0mcgeUcPswspFmcUX3EQ:nVTusVhrgRwsb5Ul","tlshash":"7ad2f1244783e2e11223bff28267bc16613d94864da35b887d21fcbcdfa687225a5c4c","first_seen":"2023-05-07T22:45:56Z","last_seen":"2026-04-03T18:30:23.37799Z","times_seen":938,"resource_available":false,"data":null}},"time_used":1683,"timings":{"blocked":1185,"dns":0,"connect":0,"send":0,"wait":332,"receive":166,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/bootstrap.min.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.543Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/bootstrap.min.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-2268c\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":140940,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65324)","md5":"ce17cbaab7fd4cfda8912d9c4312c218","sha1":"6df922c89a4ec37c9d8a9eb93ff1fa41e5226cbe","sha256":"1bc928b3d60f607be806d73ca90a6a833c063f5d812895e24cd412e064beec4c","sha512":"a1f4c14e3b0e95a4b5cbcf34b09844bfa2d45dbcc299dfe06bc68e8ba1c7dc593b7f971f856cf3d286b3f14eaa134ef73510bb6d834bc28239bd1f491a284d0e","ssdeep":"1536:uK1QWSUPBT+QYYDnDEBi82NcuSEz/NvT/gIENM6HN26e:p1L7PDxYIENM6HN26e","tlshash":"04d373a7f5a0312da467c61864d0bafe156f8285d7221ffaf42737644b895cb0a73e0c","first_seen":"2024-08-20T06:57:33.931528Z","last_seen":"2026-04-03T18:30:23.405253Z","times_seen":447,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":285,"dns":0,"connect":0,"send":0,"wait":155,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/video-bg.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.572Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/video-bg.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:16 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-79e9\"\r\nExpires: Sun, 01 Feb 2026 04:47:16 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31209,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1140x620, components 3","md5":"a8550a80611b7d71d05bb74974d69896","sha1":"a3f06e35b67991287adf1d76bb35bdf373116fa5","sha256":"4208b4763543d1e81cf875a3f2c5d9ab5c1f9c8bdbf7e806716bb958d589ea5c","sha512":"d773469ca33587ac287d9359a1abf09f7d71c45d464f1e3aa06b4b1907f41e9ae030d1a4894911a82a71f5a314ed92c627145014e795b46f58fbd47f5f7823f7","ssdeep":"768:JAr3DcXYqBOE+//TcsS4FntOXxKQvqzu8D:JagYd1/JFnoX0QvH8D","tlshash":"e5e2e0b96fd42633df9476389aa3f31609579c8492acc1c1d78904fe20f97a32e1d584","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.344604Z","times_seen":644,"resource_available":false,"data":null}},"time_used":13949,"timings":{"blocked":13604,"dns":0,"connect":0,"send":0,"wait":193,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/images/643x0w.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.576Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/images/643x0w.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:16 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-392aa\"\r\nExpires: Sun, 01 Feb 2026 04:47:16 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234154,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 643 x 858, 8-bit/color RGBA, non-interlaced","md5":"829f1a6ca8ac75edf0235c4412a7e2df","sha1":"f31b3970364480fca947f81bba24d253e447eab6","sha256":"0d4223b8fbb93974189d9ae877f9bd4840a2a046fc2a47b07094faf9ff48145c","sha512":"a25e19e6a0adaecd3f37442ee736b128d8371401eac5a8497318911a3fe6fd5ba1ffe039617c33361811174a3d71d07c6951d0a5948b8f01d638a01e6794e4ee","ssdeep":"6144:qInWC2xsKXQvEMpiJUNbOvc1G24d9wJxVvDAIUG0j:nWlnDUJOQg9G3e","tlshash":"4a3423d4a1c194b488b5638b0549ee76cfb27ab712775c7c0f506bc58a4ebfb0242a4f","first_seen":"2024-03-15T17:14:35Z","last_seen":"2026-04-03T18:30:23.40671Z","times_seen":664,"resource_available":false,"data":null}},"time_used":14398,"timings":{"blocked":13755,"dns":0,"connect":0,"send":0,"wait":334,"receive":309,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/faqs-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.610Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/faqs-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:16 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-2272f\"\r\nExpires: Sun, 01 Feb 2026 04:47:16 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":141103,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 523 x 555, 8-bit/color RGBA, non-interlaced","md5":"b8c8872cbde5a67df9eb242028842b05","sha1":"d7ecd383d3bdd4f66ca1a12b7b5d8ec6d1b1219f","sha256":"fc49a0fda10de6144340da2a8a01c3f4ab4e046e4c668faa24aac44b3f7ce735","sha512":"1f0b11ac80fd876ccb06565a8c64f37c11320abb1423f13dc13c0504fc79490a2180f6e7dd35664c737a534e5ceb18e4428fa4b3068ac8aa20e8d2e76a80791a","ssdeep":"3072:chL1BTX2wYGJ3hpFGejtt7DlVvkzEMFTZU9tPHnX6Gpx:chxBTzYCRfjH/kz7YPHnX5","tlshash":"23d312b2ebc97d945dd0bad37393c0ef2bdd7911e9156f10e08388204831be60597399","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.359957Z","times_seen":638,"resource_available":false,"data":null}},"time_used":14783,"timings":{"blocked":13857,"dns":0,"connect":0,"send":0,"wait":446,"receive":480,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/swiper.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.636Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/swiper.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1d9d8\"\r\nExpires: Fri, 02 Jan 2026 16:47:06 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121304,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65276)","md5":"b117060487d6ec17a9af7c5604a2c149","sha1":"40a26a977cf1c6b060668c9680cf71a6c8e91e0d","sha256":"34200a216f42b734a9723a5367645bb517c31e036b42e2bf6a480c62880fc12c","sha512":"ed7117d767aaa81dc7633866334e0610334fa921f6f6e1076ebd1818398c657239a8a7d924f429a5bbf932ac9976ac0203d648c745a210f8a5000cc72d0d4c2b","ssdeep":"1536:nI2qg0G1fiPJWmb0vCqIA9GK8FEliAfmrGMy55T1s53V7gZxj8rvHgZsUOUBDBWf:V4b0akdSyBohgZu7HgZsUOUFBWqjxUx","tlshash":"41c3094eb390619511e36256529e9241a3b72409780ad0ac35b6cce7adbde4c13bfffc","first_seen":"2023-03-08T00:01:27Z","last_seen":"2026-04-03T18:30:23.40147Z","times_seen":897,"resource_available":true,"data":null}},"time_used":4439,"timings":{"blocked":2726,"dns":0,"connect":0,"send":0,"wait":1561,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/404.html","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.145Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /404.html HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:11 GMT\r\nContent-Type: text/html\r\nLast-Modified: Tue, 12 Aug 2025 04:25:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac22c-94\"\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":148,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"630e1f9fef1a483fe84154e2d0d046df","sha1":"f10e0cf39fb920a438116caaea80a71e0dcdc162","sha256":"9cad3cff676946810a81047247f12e4e51faccc01df4134edfd871aee8ba0956","sha512":"33f8257b60c25704f0856806337c13e8afe964c5b075d80f15abd87ffa59ff0329f12de0c4b5978d4640d5b70c0a997c0c239f422d4da5bbdcb3727c281cfcda","ssdeep":"","tlshash":"1ac02b0d346366448a03001023c33240d086833f78da8010380ec083f3cf39ac4c73ae","first_seen":"2024-07-21T17:05:04Z","last_seen":"2026-04-03T18:30:23.337117Z","times_seen":14520,"resource_available":true,"data":null}},"time_used":2764,"timings":{"blocked":1941,"dns":0,"connect":0,"send":0,"wait":823,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-02T04:47:12Z","timestamp":1767329232,"ip_dst":{"addr":"172.18.0.4","port":45786,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"severity":"medium","alert":"ETPRO HUNTING HTTP 200 Stat Code with 404 in Body","source":"{\"timestamp\":\"2026-01-02T04:47:12.061254+0000\",\"flow_id\":1465519308209157,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.90.30.70\",\"src_port\":80,\"dest_ip\":\"172.18.0.4\",\"dest_port\":45786,\"proto\":\"TCP\",\"tx_id\":9,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2847953,\"rev\":1,\"signature\":\"ETPRO HUNTING HTTP 200 Stat Code with 404 in Body\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2021_04_01\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2021_04_01\"]}},\"http\":{\"hostname\":\"m.baijichuanmei.com\",\"url\":\"/404.html\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://m.baijichuanmei.com/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":118},\"files\":[{\"filename\":\"/404.html\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":148,\"tx_id\":9}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":27,\"pkts_toclient\":68,\"bytes_toserver\":7263,\"bytes_toclient\":82283,\"start\":\"2026-01-02T04:47:02.523269+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/pxibyp8kv8jhgfvrlgt9z1xlfq.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.224Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/pxibyp8kv8jhgfvrlgt9z1xlfq.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:09 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 7776\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-1e60\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7776,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7776, version 1.0","md5":"84780596e268aa0cb2be48af2ed5c375","sha1":"d67ccd32f8c790a746d64d06145882a2f7b06560","sha256":"d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491","sha512":"0e7b489a067bf54b58625421384d93ae793394d4993ed61e7509fbcaf31d4bddf0d8451e69c9af935b22ddb34b31278bda75ea2c0a76e5e3c249615723026b77","ssdeep":"96:SDFV9xLb1fYNguLOM4cdOGezH/KK3L33+kQM7h25wHdVG2P1j2amxokdj1bEe4k5:SRLbaNj/1IL3u6h25wHuK1aadkJbgD2X","tlshash":"a5f19eb5a69fe9c2f40588b086ef1143d6187369b005817d978d5e298508eea3a4ecfc","first_seen":"2023-04-10T22:25:41Z","last_seen":"2026-04-03T18:30:23.383884Z","times_seen":3899,"resource_available":false,"data":null}},"time_used":3372,"timings":{"blocked":357,"dns":0,"connect":0,"send":0,"wait":3014,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/animate.min.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.545Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/animate.min.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-112b7\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70327,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"a03fca051fa426956b5c8a446a85e868","sha1":"53878b1011d5543f1bed65027a38d35fde314138","sha256":"810ec1b4b20c3fe475307bf9366e18be2603edbf88919bcc2dd0b32ce80c48ec","sha512":"5ffa46379d69d32f3de717e823846ba3fed5e75d8a0209da868ca299e6fae398a25023b13c3a85cdc5cc2096b5aecced8ce0858d91ff3b75d8d8a093d92b1dab","ssdeep":"192:BnSfe5dESfrjdhwCCKit/pRmG73PwjfHM9ZEklMz1GSzkdjEyg1U3dxH2HEi6Sqd:BP+/ZdZ/gpgdZbZv","tlshash":"e3631b6929a2104456334629c7df9f78663ce1732826ecfa73da588bcf41f9c23c9617","first_seen":"2025-04-07T10:47:40.787203Z","last_seen":"2026-04-03T18:30:23.330055Z","times_seen":472,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":128,"dns":1,"connect":152,"send":0,"wait":153,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/about-icon-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.568Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/about-icon-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:12 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-9f4\"\r\nExpires: Sun, 01 Feb 2026 04:47:12 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2548,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 57 x 57, 8-bit/color RGBA, non-interlaced","md5":"5787184d0495e46a5557b7aa8957af95","sha1":"f48a8870e05b6c3cb8278159dfe96bfcd9b9203b","sha256":"fe2389b7a1ee96ca436b5ed684c94c61d561b1c9af8a463a79b6c19cf84e7413","sha512":"55b12d394cd0d4d3fc1346b308acee78ef0612118b0f0834f6850f6229a705eaa6e0afafd446e8c19885185a1575cbb0819a33f0b45a5c0281fe83ac5294a714","ssdeep":"","tlshash":"4d511aafdc566e517008eb9540e54a23c87a84e0d6e6d39717fcd44a0d271a9742b1cb","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.359216Z","times_seen":650,"resource_available":false,"data":null}},"time_used":13475,"timings":{"blocked":9345,"dns":0,"connect":0,"send":0,"wait":4129,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/jquery-1.12.4.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.634Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/jquery-1.12.4.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:03 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-17b8b\"\r\nExpires: Fri, 02 Jan 2026 16:47:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":97163,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32077)","md5":"4f252523d4af0b478c810c2547a63e19","sha1":"5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb","sha256":"668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404","sha512":"8c6b0c1fcde829ef5ab02a643959019d4ac30d3a7cc25f9a7640760fefff26d9713b84ab2e825d85b3b2b08150265a10143f82e05975accb10645efa26357479","ssdeep":"1536:GYE1JVoiB9JqZdXXe2pD3PgoIiulrUdTJSFk/zkZ4HjL5o8srOaS9TwD6b7/Jp9i:t4J+R3jL5TCOauTwD6FdnCVQNea98HrV","tlshash":"8893d7d9b6d6706287b734a851bf410bb17aa8eab40c4c60f058c8e47e74e9d507bf2d","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-03T23:25:47.96724Z","times_seen":67154,"resource_available":true,"data":null}},"time_used":3564,"timings":{"blocked":501,"dns":0,"connect":0,"send":0,"wait":2910,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/wow.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.648Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/wow.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-20df\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8415,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8385)","md5":"36050285bfeeb7395752f0f9bbc08273","sha1":"5924f7bbbf1dfa3f0926851d01f782f23a59e805","sha256":"0ec632e6ab02d4fdd514da7f5edc74aa28c9d4c71af76f1c8b93a1fba85bcc69","sha512":"bf887e087c52583114b77bfb417d7dffa0ee8634d39155af14591a24b2add9ef4c8a0c0555364122800d07a55f5f1fb0c723b39541b069a437ff558ddbf380a3","ssdeep":"96:UrZgL1xvPV6GqKgR6TYLWHFMLJA6pOROVEE1fosvGeaMozHImBaoqbl:Ury9PVfIFrlAJROVEEdos+eatzHILoA","tlshash":"750267c97a967031d75796f6833f0106b6361aeeb028047cb5b88dd57c78868523bf38","first_seen":"2023-03-07T01:02:45Z","last_seen":"2026-04-03T22:59:20.081874Z","times_seen":9664,"resource_available":true,"data":null}},"time_used":5016,"timings":{"blocked":4289,"dns":0,"connect":0,"send":0,"wait":727,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-02T04:46:57.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"baijichuanmei.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 27 Nov 2025 10:38:23 GMT","end":"Wed, 25 Feb 2026 10:38:22 GMT"},"fingerprint":{"sha1":"B7:03:8A:A1:B3:10:33:1C:A5:70:76:ED:84:65:B0:F2:4C:98:52:50","sha256":"D6:10:CB:B9:38:B2:C1:81:5E:BB:90:DD:83:50:A4:FF:67:03:D4:24:CF:1F:B3:34:22:CD:CB:6B:5B:BF:64:D4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T23:31:02.874036Z","times_seen":13307549,"resource_available":true,"data":null}},"time_used":5978,"timings":{"blocked":2989,"dns":1,"connect":152,"send":0,"wait":0,"receive":0,"ssl":2833},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-02T04:47:01.976Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nSet-Cookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; path=/\nserver_name_session=4461c6ec2653e8e29435a9c21ae4e5ba; Max-Age=86400; httponly; path=/\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:1.12.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"WOW","description":"Reveal CSS animation as you scroll down a page.","website":"https://www.delac.io/WOW","common_platform_enumeration":"","icon":"","categories":["JavaScript frameworks","Web frameworks","JavaScript graphics"]},{"name":"Modernizr","description":"Modernizr is a JavaScript library that detects the features available in a user's browser.","website":"https://modernizr.com","common_platform_enumeration":"","icon":"Modernizr.svg","categories":["JavaScript libraries"]},{"name":"Popper","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Magnific Popup","description":"Magnific Popup is a responsive lightbox \u0026 dialog script with focus on performance and providing best experience for user with any device.","website":"https://dimsemenov.com/plugins/magnific-popup/","common_platform_enumeration":"","icon":"Magnific Popup.png","categories":["JavaScript libraries"]}],"data":{"size":80962,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2316), with CRLF, LF line terminators","md5":"9dbd638cd875a851a14a53b4a9dfd944","sha1":"be42277462e3df2564829203ad56da82ba6678a7","sha256":"36d9a7266ff1c22fb64827488fbb98abf0c9803164e67f9386578b3fb7113267","sha512":"634fefb708144f1b99980f2366af8686334310cfaef49ba1fdc4d81473de2ca2a0009f040537db3b7e3b0ce996e608954162b7b9855150ad8ef0d835acaa5ac1","ssdeep":"768:7AYqixYBXLiDRONxiO7r2WN0vn05gyQHmIZNVsUNPW6hjD75ZPjhPt0cQdj5n0fG:xqwY5LCMfr260f05dIi6h/FG/dtv","tlshash":"2d73869574b0297f0936c294f8725e5fae96e01fda1914683dac5aca0ff6e32cc06f44","first_seen":"2026-01-02T04:47:29.463928Z","last_seen":"2026-01-02T04:47:29.463928Z","times_seen":1,"resource_available":false,"data":null}},"time_used":715,"timings":{"blocked":164,"dns":0,"connect":166,"send":0,"wait":219,"receive":166,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/pxibyp8kv8jhgfvrlcz7z1xlfq.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.234Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/pxibyp8kv8jhgfvrlcz7z1xlfq.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 7832\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-1e98\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7832,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7832, version 1.0","md5":"f4f17fd53c7d040e56f91a3ecb692b22","sha1":"1b51342175762634835645ba2f99cd3ab0ac615c","sha256":"b0b43e548e691662dac85b1dc159d148a273d5cb9139f3fcf457cdeebe7bdf3f","sha512":"4c8e566cf7ffccdb5592d4dc6f6a991a8e975473c43172f2d55e03d3196df67fae02728a7e5170b6182a2e9ae3fe3004cc93008c9664cb37b6db64340a023af4","ssdeep":"192:6ULCWK5hmsOUo9TcOk0WS0+2ydfNbaBGW4:6ULvKTOxkJkBwMl","tlshash":"fcf1af3d8f7317f7d338acba65908a0129cd4911f9573cbe824950a67dc0deaa54b061","first_seen":"2023-04-08T01:54:40Z","last_seen":"2026-04-03T18:30:23.402963Z","times_seen":3379,"resource_available":false,"data":null}},"time_used":2010,"timings":{"blocked":1498,"dns":0,"connect":0,"send":0,"wait":512,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/swiper.min.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.554Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/swiper.min.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-4d3f\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19775,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19512)","md5":"5c0f2c77026394b48961a2072e95068b","sha1":"9e1fba8b077619cf85a7f82bbaf1d192590c8103","sha256":"fcc52c6f1315aa55dbc6d62c55437b49cadbabc1dde54a7e067b599764ee30b4","sha512":"216a4e8790f0d5e9dc822a578e32ffa3d0c6d7ac8119a8acb9a73c27d2c1f86292d07c0b551a9a12b91a3a55ede8f9c8b07fe845abed978f7e20fdc50d7a2ead","ssdeep":"192:JXaNv/lSSyJWCh8zfi5o/mXDN3eBxwdJ5c:JXa1/lS0Cifi5o/mXOGJ5c","tlshash":"ee92622c17003057e6334f1a87d99778c724c9939e4358ef6250ee48c7bb96a32af766","first_seen":"2023-04-21T02:35:04Z","last_seen":"2026-04-03T18:30:23.392149Z","times_seen":672,"resource_available":false,"data":null}},"time_used":430,"timings":{"blocked":274,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/default.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.557Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/default.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-3812\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14354,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"8006b19ef8f43f52d92b786676faacdc","sha1":"5128ccf1b525e757cc68afbd0504a23128b8d209","sha256":"14b3bea27abf08457cc3f1c0424a932bce90f49e71e98aaf3707140561bf4ef4","sha512":"2db2dddd307ef4f6d213408a66a1be2aaa9ed09cbb30f768374abc5b77eeaca53c74edc9e9e3bd9cfe3c141dd7df6aa33376a779f1c1441c8d422b92849470c7","ssdeep":"384:qSGwiTXVJGbui+G2y/1AF/ta62IAQfdDy1:fGw0VJGbui+G2y/1AF/ta6eQfdDy1","tlshash":"6752a1a3fb531c88e01fa8f2df6ba560a74d14934a8fb6d6bd80769dcec41d8825350d","first_seen":"2024-08-20T01:18:21.439868Z","last_seen":"2026-04-03T18:30:23.393117Z","times_seen":451,"resource_available":false,"data":null}},"time_used":428,"timings":{"blocked":272,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/scrolltop.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.646Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/scrolltop.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-8bf\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"36e8c3c87020b0ac057fa96463619793","sha1":"3bab73ad0a2528b80270b2413ab7955f956acee8","sha256":"8a29dd36263e340e17993bc8a3f8a17c7802b07b36c8592a493c4d0f31bc3fe5","sha512":"a331ee92c98981f94db0000507b636e8d033f4a61e5f0574330f859a1a532dc557b4d1ccabd693cb5939696d91a8ccdf376d9c91d539a853b8a4b6ea951263ff","ssdeep":"","tlshash":"8f41d04b79a3134a09eff8bdca9f138d7734e157b9059854788c16b98f1053856e2f8c","first_seen":"2023-03-07T12:04:25Z","last_seen":"2026-04-03T18:30:23.402223Z","times_seen":724,"resource_available":true,"data":null}},"time_used":4919,"timings":{"blocked":4281,"dns":0,"connect":0,"send":0,"wait":638,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/bg-shape-2.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.569Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/bg-shape-2.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:15 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-846c\"\r\nExpires: Sun, 01 Feb 2026 04:47:15 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33900,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 534 x 404, 8-bit/color RGBA, non-interlaced","md5":"e6cf106a4d80d1bad808ce3d74342585","sha1":"234e439c9c7b08e9e2ade04bb3080d0c98037094","sha256":"93b3a18aacf64278c57ca5ac26d64a06a96ca4d3fb55fc3e482b2ad24c7dfc5f","sha512":"a4ea5e6c87ba9728b03d5c6e1145b42c9c70dc9a0f47b5d364c5f05ddbbb9bdc2b08fe03e3f46e7f1576907050cf9f5e013568515f57d4bda66cdc6ba1a5c3b8","ssdeep":"768:pg1ZqzBv+DHuz+EoZDTgAgeKaDdEHJ/NZSuM:eq1+Kz+EoZD7gbaDqHJlM","tlshash":"e9e2f1959403a1f4f1fe5a51b64833a53e4621ef28f1a8d32f82109c1f8e3b7d59d4da","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.381597Z","times_seen":666,"resource_available":false,"data":null}},"time_used":13738,"timings":{"blocked":9643,"dns":0,"connect":0,"send":0,"wait":3942,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/gallery-2.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.626Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/gallery-2.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:08 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-2608\"\r\nExpires: Sun, 01 Feb 2026 04:47:08 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9736,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3","md5":"80270079ec7950a0b8d5e834e488dd72","sha1":"38a26bfd822f52b44c7e907fb15b6feef87f9e83","sha256":"58d810fbaa2f91e3aa5437fb5bf193b65db9c8c67b837755617089a50c72b8d3","sha512":"8f0e8cf4a96ff355b1f6309e6219a7880c13c2288d29718523266b087a969501c7e21ae6da885382313cc9ee5e22a4d655bad0d0002015dcf80b2821685d4e1d","ssdeep":"192:tLNP4Y1KHGuK2b1kmKBrTpdmZedCRoRpTr+/GuO5LJ2nkU/EN/:tLNP4YZuBvATjM8CRosGXMnkv9","tlshash":"ec12b00a5f6b99d6cdd8ca7648ab841f44146ee10083e5ace2ea4ce2dc340f54e15beb","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.384705Z","times_seen":625,"resource_available":false,"data":null}},"time_used":6109,"timings":{"blocked":5278,"dns":0,"connect":0,"send":0,"wait":830,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/ajax-form.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.647Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/ajax-form.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-4bf\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1215,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"9fdd4d0f0ab7d63fd10bbc56f73b8874","sha1":"2895c175d93e8d0a6d205a9d47fc11386db126b1","sha256":"6f9e9742293db7a493b19c68bc2885796c5f90e6e9449b3e633ea56780e5213d","sha512":"8ccd207ee1f49dc7f4eca16b2e6593bb671cf2ebd4ff32f30618255fddaa908c6384c32164e8d7c503f7da74155b12ab85a58bb2bc10362ca5be08a77c3db7cc","ssdeep":"","tlshash":"23217d05fb7c0b7e1227200536fd33cda62c55a24603342bcfe9197616941dc23c17aa","first_seen":"2023-03-07T12:04:25Z","last_seen":"2026-04-03T18:30:23.386893Z","times_seen":714,"resource_available":true,"data":null}},"time_used":4918,"timings":{"blocked":4281,"dns":0,"connect":0,"send":0,"wait":637,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/main.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.649Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/main.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:07 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-d47\"\r\nExpires: Fri, 02 Jan 2026 16:47:07 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3399,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"db57dc1095e0109b2897a1e3e917c020","sha1":"eb096656b27ff23dabd33e656541a4674c6bfe12","sha256":"339b0ac6d3fbc1341ab504d41e4abe03e979338783dc2ad9f7d18ccabbc0e101","sha512":"f6b4efdeb63ee74df4aa18a4de845c9811169b2a8a10a3661914b9bd1945d3910f154ca7ffd22e8a41d0f307cb7b12369b1d20ced3fbf9143e64caf868b4128c","ssdeep":"","tlshash":"c461ab05acf914112037e13d9fefa107d754e00b7a896e64798c0a947fad2ada1fcbd0","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.410401Z","times_seen":680,"resource_available":true,"data":null}},"time_used":5252,"timings":{"blocked":4465,"dns":0,"connect":0,"send":0,"wait":787,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/scrolltop.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.553Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/scrolltop.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:03 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-880\"\r\nExpires: Fri, 02 Jan 2026 16:47:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2176,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"007f9ba191cadb2873ad980e6ae280c3","sha1":"195ab4d75f90efad6ca1f6c0cc777308e408f1f5","sha256":"f4615c9673e1f7b5131b83f0d1c0ab78be0a562a3aba4390d74a0ea2e80b703d","sha512":"1498897d329417b400b823378b470adbc1d2fae51a00a2f8aebdc20350ff6490550ec37bfe8a2452c5b60606e81a1412b8f108371ce28cbb465fe85028478431","ssdeep":"","tlshash":"f141feaa971b15cb222fc24c93c347482b3c8243f422d46d33461a7dafa2368c1b7b4d","first_seen":"2025-04-07T10:47:40.763855Z","last_seen":"2026-04-03T18:30:23.372415Z","times_seen":465,"resource_available":false,"data":null}},"time_used":1983,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1983,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/shape-2.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.564Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/shape-2.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:11 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1cb5\"\r\nExpires: Sun, 01 Feb 2026 04:47:11 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7349,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 521 x 267, 8-bit/color RGBA, non-interlaced","md5":"23fafbe2054753eb8fbc0378efbd7358","sha1":"7577b91c4cd1aa99cb58a8f659fc59b2a8a4031e","sha256":"a05b62d2692f59650a63e51eebe3935050dda23c9bea9420b0864337d9a836bf","sha512":"907f9779abaff9534e5df85dc31ed4782059df3ded7f8d7d15255f6ce7986f1a00542370529e8b1845e16d5101392842affec68f6503b14222c08deae28e8994","ssdeep":"96:6JJ6DrFyKry4EDw+OR5uIB1V0TNHdq/RZkIgAjrLzulo/bZ5ZCeQhdrUxyo20GtR:xRyK5fR5ucUTfq/RZkYXPZhwpUH2/mG","tlshash":"5de1bfb972158e55970cb7e050e502d7fd8fc56884cca11f3d36ac1785f3571210a5cb","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.328338Z","times_seen":662,"resource_available":false,"data":null}},"time_used":9347,"timings":{"blocked":8681,"dns":0,"connect":0,"send":0,"wait":666,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/hero-mobile-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.566Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/hero-mobile-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:12 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-ba23\"\r\nExpires: Sun, 01 Feb 2026 04:47:12 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47651,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 401 x 801, 8-bit/color RGBA, non-interlaced","md5":"689fab29ff518f640b9eb842d7838ff7","sha1":"436226b82cdcf8071dd5a3dd9a6a92a3c7aaaf68","sha256":"2f190ed00391ce2b621e9f9fbf3610c80e103776f30328cf9cab9b35da8fe192","sha512":"bc35f7bfcc58a766dae3d965f41dea9b07ff2e0037c2da8ccb8cd49cfbab1bb36ad8a55e8df87c2c1c0152ebf713b1f8af5d982af384c69faa1d7d245a48f158","ssdeep":"768:OfnUt4asE7mPjUOHrPbF+0a+J6FhUio2Hfw1xxFQs9w1nNzHA5Jj8XjUMN+CcEQJ:OpzUI/HrD962W/CwZYF8QMN+ewqW","tlshash":"6e23e1508f84f47e4d6cc6f7192b428da9f352e753c52068887b5ead7996e78bc30c82","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.347415Z","times_seen":640,"resource_available":false,"data":null}},"time_used":9859,"timings":{"blocked":9344,"dns":0,"connect":0,"send":0,"wait":211,"receive":304,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/logo-2.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.621Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/logo-2.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:08 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-c19\"\r\nExpires: Sun, 01 Feb 2026 04:47:08 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3097,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 125 x 57, 8-bit/color RGBA, non-interlaced","md5":"f7a90ba93e1c08513c6534e6fabb742c","sha1":"2a1943030890f91f13a8888e2ded5ca6e762f74c","sha256":"2d86c01f9af1456d681d7852b7c6aac9d4957dc44ec7a53357aa6961c79bef25","sha512":"61dfc72e858d7cbe57ad54eac32c7afa82efa33e1348aa76408c3e4ea236366a0c84eac408affbd1b7ce7d3a66c897f34679845d01d3d53bf1535d20f5c4a77b","ssdeep":"","tlshash":"1f514c9dc188bf48c00ef8b304e12953ee51c5ded7c9c42a2a99a819cef60f9045f8cb","first_seen":"2024-03-15T17:14:35Z","last_seen":"2026-04-03T18:30:23.395214Z","times_seen":619,"resource_available":false,"data":null}},"time_used":5801,"timings":{"blocked":5282,"dns":0,"connect":0,"send":0,"wait":519,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/gallery-5.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.630Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/gallery-5.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:08 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-2ac5\"\r\nExpires: Sun, 01 Feb 2026 04:47:08 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10949,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3","md5":"7b13e0f6e593a8164ddafade586beadb","sha1":"384a3e63dca672854beab1659a5b28acc26c1b9c","sha256":"cb1a1bde6f843c89afdd617c7dc5ac3170e1f837749daea38e893be78beeae9b","sha512":"5c365f3ce208fb4ea2caccbea74e4af5f1526d5eba1914982960b6bb3bce9ba5060a495e93e6eb58427aeb3a5794283083e89d2a14df049a4762451ecdfaa4e0","ssdeep":"192:rsdUEwkY1AVN7vNpzH+F0ZV1lPi9LPxQh0Xq/ZAHAtJsBwlU4ia3K63olzl:rsdUl1AVJNddV1BiBPxQh0Xq/ZAucwlC","tlshash":"01329e4ad7030c56c5d8fe2a1cb5373ab8629785dadf3664c4afcd3bfc64048851e648","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.348846Z","times_seen":634,"resource_available":false,"data":null}},"time_used":6941,"timings":{"blocked":5274,"dns":0,"connect":0,"send":0,"wait":1666,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/4ics6kvjbnbylgokfw72.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.231Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/4ics6kvjbnbylgokfw72.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 34260\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-85d4\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34260,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 34260, version 1.0","md5":"5b23eeb3a32b30e91682d601535d2a89","sha1":"48469f0155a13f3499db31d53cba5d47e8b528b5","sha256":"4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da","sha512":"6e735098f3986239766821c9b37db97acda9e1a0a0a6cf0c630af49c4b9c9b09cba6349d91e15669f8853a48a3f44b72ce53440d7f42f0a8a2d4f398da8e7496","ssdeep":"768:dNzPGSJNFDOYy5h3b2vL6xATEdrQP+8lI+v2C9PxRL6zJLC:37GSxKtZlxAAdQP+8h2C9PxRL69O","tlshash":"15f2f28c4dfec7aad4ac1ab00ba216147638da54fedc084d57e9f5bd98098432c9df98","first_seen":"2023-04-13T07:01:44Z","last_seen":"2026-04-03T18:30:23.343391Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":1855,"timings":{"blocked":1396,"dns":0,"connect":0,"send":0,"wait":307,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/owl.carousel.min.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.550Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/owl.carousel.min.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-d24\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3364,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3194)","md5":"6fd338d01b002e369f3981f1a74a40fc","sha1":"fcb2985d8ecb9ade9189ea9dfb7040ca313898b1","sha256":"75e09f682f70b2216d6fe51f5793fd6b69be396caed264612706aa3b7ac5d8ae","sha512":"effe99dbd7d4afc2b66634ac7649a36404c08c1006ef76a0c96c86cfa3887b225326e363607b3acff68646b7e5229f1616bc50a0d290ff0f0d148e55213c16a3","ssdeep":"","tlshash":"7461bbe5314a225f480f83221dd81e86393dcc52d8660a5a92bbd71447dae6d213ffcf","first_seen":"2023-04-11T21:31:49Z","last_seen":"2026-04-03T18:30:23.353487Z","times_seen":634,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":127,"dns":2,"connect":151,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/responsive.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.560Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/responsive.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:03 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1dc8\"\r\nExpires: Fri, 02 Jan 2026 16:47:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7624,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"7af3de2868986e3a1b8d4cf9383b563f","sha1":"9109d400988041f9402c284fa570a119aa49a83d","sha256":"44f6a3412e11579c69463f86b9fc9330785bc8cfe0e6d50a8c6f64ab19909a8d","sha512":"69321f4f501e187ec1130dafcb96e9aa0880072c6cd907e0fb490e847f03906c037bcad6493a2b4d4858a04f19c9f711961f7da63854c7cda968e019baa2ad71","ssdeep":"192:T1lJPw6KRAGKKJ63WbiuDD9Ky563WJium:TJQxKKb9K9","tlshash":"53f1a0cdb9c4104493b57f304bf17a25f98d14f3ae4b60f279906249cfbb5aa4266e8c","first_seen":"2025-02-06T16:53:29.614212Z","last_seen":"2026-04-03T18:30:23.373142Z","times_seen":449,"resource_available":false,"data":null}},"time_used":2804,"timings":{"blocked":425,"dns":0,"connect":0,"send":0,"wait":2378,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/popper.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.635Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/popper.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-4f70\"\r\nExpires: Fri, 02 Jan 2026 16:47:06 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20336,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (20164)","md5":"a22f3f7e61af6a069aa6b422537c3f49","sha1":"682fdc625ae80a890d10af2cb16e62540e2186a8","sha256":"d2b9f29ea1f42a60a8beb1c04f76868287f2a48d6ec50fb39d6b888584a03c49","sha512":"71b8d409a48fbdcaaa28f8a412248163857b2cb9ed6a5c4fe2bd0c4898ba3ef7f34d0d538097d94568246bc88a317cdaa509f05095c59caf5c567d73a973e2f6","ssdeep":"384:fYn0vf4wzTC9nNbR1PTM4CrBEQxkxpOxvYLmD75zfC5vIfg3rzGp/TidOgHhXjEN:w0vAwzTC/nM4BxpOxv/D7pC5vfzy/Ti6","tlshash":"2992a3dc3294b06647ab91a7a07f960eb1335875610e9410f19df2e97c30ef9613bc79","first_seen":"2023-03-07T01:02:57Z","last_seen":"2026-04-03T20:18:31.249551Z","times_seen":2115,"resource_available":true,"data":null}},"time_used":4302,"timings":{"blocked":1771,"dns":0,"connect":0,"send":0,"wait":2531,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/bootstrap.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.636Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/bootstrap.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:04 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-c75f\"\r\nExpires: Fri, 02 Jan 2026 16:47:04 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51039,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (50758)","md5":"67176c242e1bdc20603c878dee836df3","sha1":"27a71b00383d61ef3c489326b3564d698fc1227c","sha256":"56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4","sha512":"9fa75814e1b9f7db38fe61a503a13e60b82d83db8f4ce30351bd08a6b48c0d854baf472d891af23c443c8293380c2325c7b3361b708af9971aa0ea09a25cdd0a","ssdeep":"768:E9Yw7GuJM+HV0cen/7Kh5rM7V4RxCKg8FW/xsXQUd+FiID65r48Hgp5HRl+:E9X7PMIM7V4R5LFAxTWyuHHgp5HRl+","tlshash":"3533b649725078b201df9176913f460bb736788ea907816cb95d98ed2e7cd89322bf3c","first_seen":"2023-03-07T01:02:44Z","last_seen":"2026-04-03T23:28:47.688308Z","times_seen":120583,"resource_available":true,"data":null}},"time_used":3030,"timings":{"blocked":1874,"dns":0,"connect":0,"send":0,"wait":990,"receive":166,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oudngmslhifnsf.gdmgcyy.com/tj.js","fqdn":"oudngmslhifnsf.gdmgcyy.com","domain":"gdmgcyy.com","tld":"com"},"ip":{"addr":"206.119.188.34","port":443,"asn":133199,"as":"SonderCloud Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:07.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oudngmslhifnsf.gdmgcyy.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 11 Dec 2025 06:39:18 GMT","end":"Wed, 11 Mar 2026 06:39:17 GMT"},"fingerprint":{"sha1":"84:4B:0B:7A:0A:D0:42:4C:42:71:F9:E1:85:CC:DD:07:F9:BA:C0:D7","sha256":"11:41:A5:14:00:68:D7:F8:23:DF:F1:C7:18:0C:48:6B:48:89:72:3F:4A:54:4B:2E:B2:5B:F9:3A:4E:E5:22:D4"}}},"request":{"raw":"GET /tj.js HTTP/1.1\r\nHost: oudngmslhifnsf.gdmgcyy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: openresty/1.21.4.3\r\nDate: Fri, 02 Jan 2026 04:47:08 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 25 Nov 2025 02:47:15 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"692518b3-60a\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.21.4.3","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1546), with no line terminators","md5":"75744fb2ef623aad85ddbffa4cf8d621","sha1":"f4b47226e8c7acbb1aed3b53e1e41ab5edd01973","sha256":"3aa8a8bf8c2853aa2eb294e9303ae7aff22aa1d076dd91e1ddbc13b888fa91a8","sha512":"c51b00c3235de1998281f2bc4e9df5883254da82233265b6ed7dd497e1ac776feb5c0172656e4447a8fe67ec675e226ade7b159422af333fdfc12e8cc1825b54","ssdeep":"","tlshash":"77316578374b14a23337f612144b541c62b5d3854b6f08e0e3a576997de6948d04bf7e","first_seen":"2025-11-25T12:21:30.366924Z","last_seen":"2026-04-03T18:30:23.366728Z","times_seen":219,"resource_available":true,"data":null}},"time_used":2033,"timings":{"blocked":873,"dns":19,"connect":283,"send":0,"wait":287,"receive":0,"ssl":567},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/owl.theme.default.min.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.551Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/owl.theme.default.min.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:02 GMT\r\nContent-Type: text/css\r\nContent-Length: 1016\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-3f8\"\r\nExpires: Fri, 02 Jan 2026 16:47:02 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1016,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (846)","md5":"594b81805a98b267e47c70a8fad30d9f","sha1":"684d84ec40b305ca14efc88c91f12972cb6342b4","sha256":"924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac","sha512":"b0c5ed30d2f5cd1ce894760a12e8ccd80a822d447d1760b8ff4e5c75bc638cb491bcc40872210f090668fbe9e4ee0a3706d4ae2bd91f6bfb3e6b87f88b9a4b93","ssdeep":"","tlshash":"4d11abc5f189221d301781904aa842cb6b1e687e529d0ef5f8ee8160c22dd053a6fbf9","first_seen":"2023-04-05T06:03:14Z","last_seen":"2026-04-03T22:21:38.193584Z","times_seen":18400,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":137,"dns":1,"connect":166,"send":0,"wait":166,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/shape-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.563Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/shape-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:09 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-91f\"\r\nExpires: Sun, 01 Feb 2026 04:47:09 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2335,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced","md5":"ec3948b8d36dea60b210b2ab21a92290","sha1":"4bb53e0c80977f8d95852c6c25a7459568405b4d","sha256":"3c1ae3164c38144ae661f6b4bffd359f55b36a903aa4714b35a70d3a605a47c1","sha512":"b39637ffde3d9f5dd72df77bb325ee7caa8d2f9d2ee863393b426b6b15c077132eb296ede44dab6197bbb8578223f975ad681c377df0a3202ba8477fd8aba6f4","ssdeep":"","tlshash":"b3414d04ed412f0131a67c2b98e44033ed9b4a90e7a0f81f788ad0233d3a6f65615ae5","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.373887Z","times_seen":667,"resource_available":false,"data":null}},"time_used":7852,"timings":{"blocked":6172,"dns":0,"connect":0,"send":0,"wait":1680,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/images/defaultpic.gif","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.616Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /images/defaultpic.gif HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:17 GMT\r\nContent-Type: image/gif\r\nLast-Modified: Tue, 12 Aug 2025 04:24:49 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac211-1908\"\r\nExpires: Sun, 01 Feb 2026 04:47:17 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6408,"size_decoded":0,"mime_type":"image/gif","magic":"PNG image data, 512 x 330, 8-bit/color RGBA, non-interlaced","md5":"a22087b8272e7e8c1ef5702ba943ad93","sha1":"02865bfb0c215e061f515a77882657a9aceee9e1","sha256":"f4e3729058237486921233ba5eb99c641a4bff858279fb7d36b48ab42ab9989a","sha512":"52957b77ab19638310ae7c17ca7a183e00c6128dc14cc908faea542bf4da0067d751a16f386fbb7cf24c5a6515b5f387ae8e1a7cf2201e0051a3a22559b25315","ssdeep":"192:kvDGuYUHXKP1EfVyS2U/XOyAaC9EOahAHjlZB:QDrno+VyS2UvO/lEDhyF","tlshash":"b4d13acab68d8e800f4d8e3d435749b4f1b32f5812a91ffb399c2aae404cb085b4db51","first_seen":"2024-04-04T05:50:24Z","last_seen":"2026-04-03T18:30:23.407412Z","times_seen":502,"resource_available":false,"data":null}},"time_used":15756,"timings":{"blocked":13906,"dns":0,"connect":0,"send":0,"wait":1850,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/owl.carousel.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.639Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/owl.carousel.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-a70e\"\r\nExpires: Fri, 02 Jan 2026 16:47:06 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":42766,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32000)","md5":"b7b9c97cd68ec336d01a79d5be48c58d","sha1":"1a99890b57c9859a622337ed0b2f989d6e30cc0e","sha256":"b394d33b2a7ec654a6b037ebfda6618341b3f897a362be624c923c2711b54a43","sha512":"968e18822c24c6c54827999ec766fe54750a9489d22b6a45b641854731ec00beb8fd93b9bda8823e67463f7a99ab587d333673821ae90cfdf7e92716ba050c4e","ssdeep":"768:JBA7PMMFA0tdlXKNSR4vlGRep2lcwJeL+C2jQdc7/CORUQuFBt33:HAIMFFdYMxAcLQDV","tlshash":"cb137346b3202d2a869b61a0663f160bb23a291ce414507d7d7da6de6d7dc4c213fbfc","first_seen":"2023-03-07T01:03:18Z","last_seen":"2026-04-03T23:27:51.757632Z","times_seen":15893,"resource_available":true,"data":null}},"time_used":4188,"timings":{"blocked":3026,"dns":0,"connect":0,"send":0,"wait":1161,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/top-arrow.svg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.211Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/top-arrow.svg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/scrolltop.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:11 GMT\r\nContent-Type: text/html\r\nContent-Length: 148\r\nConnection: keep-alive\r\nETag: \"689ac22c-94\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":148,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"630e1f9fef1a483fe84154e2d0d046df","sha1":"f10e0cf39fb920a438116caaea80a71e0dcdc162","sha256":"9cad3cff676946810a81047247f12e4e51faccc01df4134edfd871aee8ba0956","sha512":"33f8257b60c25704f0856806337c13e8afe964c5b075d80f15abd87ffa59ff0329f12de0c4b5978d4640d5b70c0a997c0c239f422d4da5bbdcb3727c281cfcda","ssdeep":"","tlshash":"1ac02b0d346366448a03001023c33240d086833f78da8010380ec083f3cf39ac4c73ae","first_seen":"2024-07-21T17:05:04Z","last_seen":"2026-04-03T18:30:23.337117Z","times_seen":14520,"resource_available":true,"data":null}},"time_used":2711,"timings":{"blocked":1702,"dns":0,"connect":0,"send":0,"wait":1009,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/fonts/pxibyp8kv8jhgfvrlej6z1xlfq.woff2","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:09.226Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/fonts/pxibyp8kv8jhgfvrlej6z1xlfq.woff2 HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/static/css/c9e1b5dc2b1b4169961debffbf206f94.css\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:10 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 7988\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nConnection: keep-alive\r\nETag: \"689ac215-1f34\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7988,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7988, version 1.0","md5":"087457026965f98466618a478c4b1b07","sha1":"00b024ccb35e3694de662d180d6ea7f56de6d654","sha256":"b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b","sha512":"00240312fe8855da22d687b615d3e32db64a5bce39acdb5b2afbece1fccf85334de8ca603ebf093105eb6e2b3abadb32231c43f19249d48c934bd434060379e6","ssdeep":"192:WBx8OcsqAOrgPBeIvTqZ1QBzk6ZXCJqUICr1kBGiq7nLjZj:+Y0OrgP9EEpZyzv0kx","tlshash":"0bf1af73e50c88ce7459623d0d10cbda4c944f6b97510d755d3abcb026a77e2b80c45f","first_seen":"2023-04-08T01:54:40Z","last_seen":"2026-04-03T18:30:23.379723Z","times_seen":3869,"resource_available":false,"data":null}},"time_used":1506,"timings":{"blocked":1172,"dns":0,"connect":0,"send":0,"wait":333,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/css/style.css","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.558Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/css/style.css HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:03 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-9559\"\r\nExpires: Fri, 02 Jan 2026 16:47:03 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38233,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ca8d85edce6b2261224e393c6cdef7ab","sha1":"9689001b07c8b2692f32c054c89fabc8d060f5f2","sha256":"e3260baa98665decde692e06c658a00a9d839820248cecbb3a865d5b77005c40","sha512":"ffcbc4ed9e07248b16add3c0e4ac11de54babe2d6cca232a18c9b4926a5d3ad2a7e044cd24d15c37e3da6df90a9d11d18e5141ab8cc45cc65e42995289c28660","ssdeep":"768:RqQodt3EK5Cd3ocw0uKuFQF8BFQF8PzMn18NkaUefue+:RNodt3EK5Cd3oTlOKO/9","tlshash":"7b037396ea771981b81bc8787babef95236c5043910ec97c7f8173588f851e891b2f4c","first_seen":"2025-04-07T10:47:40.777733Z","last_seen":"2026-04-03T18:30:23.370758Z","times_seen":429,"resource_available":false,"data":null}},"time_used":1847,"timings":{"blocked":296,"dns":0,"connect":0,"send":0,"wait":1550,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/gallery-4.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.629Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/gallery-4.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:09 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1271\"\r\nExpires: Sun, 01 Feb 2026 04:47:09 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4721,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3","md5":"3507c2613a89a75b60b04718aaaafec6","sha1":"8e27a8bd05d333bfbbf4e6b52a7b526164ab5f1b","sha256":"ba1d60db77681ffa279dfa8dcf6ad57fc25ffaff5fe21854edcf480c73e18fad","sha512":"313d235aece3f39b2f827458df4193daaf0fc6dd3137e72c2a095916f4cfd842786a4dda6ff46b904c2d5a5c805723f282a9733e9778f003f0a15a4911d04b9a","ssdeep":"96:n2YnJV7I6M9/oxFM+c6AwlcB4bDkZ+FTKk465PVV:tnD7I6M9/VjHwlcB420Tjf","tlshash":"aea15c9793532805d2cf5e70adf60adf0a76570ad58fe124b25dd9abf4730b72006c98","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.374708Z","times_seen":617,"resource_available":false,"data":null}},"time_used":6952,"timings":{"blocked":5275,"dns":0,"connect":0,"send":0,"wait":1677,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/js/meanmenu.min.js","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.637Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/js/meanmenu.min.js HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:06 GMT\r\nContent-Type: application/javascript\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-fb3\"\r\nExpires: Fri, 02 Jan 2026 16:47:06 GMT\r\nCache-Control: max-age=43200\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4019,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4019), with no line terminators","md5":"0444feb93a5bb35397275148613d7c07","sha1":"ffddb012374e39779bd5415080ab9e7ac5afa194","sha256":"eaf2ccc92a9f802623e6eb69af21a03fc6ba48b509201e2ded5165b58f22957e","sha512":"5126cb584686083ae2f01223a012efd657fa64fe1ab2d87ee7091050b83dcfedcb71971f9732c175b87f9afc41e828d6be578630728028a83a7c6da2cdde5a90","ssdeep":"","tlshash":"5e810066757084fc24bf64e6f43ee33636f7a40af44ed400b07aa9b63425e941063ad9","first_seen":"2023-03-07T01:16:27Z","last_seen":"2026-04-03T18:30:23.365342Z","times_seen":4130,"resource_available":true,"data":null}},"time_used":4290,"timings":{"blocked":2727,"dns":0,"connect":0,"send":0,"wait":1563,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/about-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.567Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/about-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:12 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-37b1e\"\r\nExpires: Sun, 01 Feb 2026 04:47:12 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":228126,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 527 x 555, 8-bit/color RGBA, non-interlaced","md5":"4171b2c2229183a9006f545f0ead11a2","sha1":"b385422f48ef79448c6de4c104e241e40e9366b9","sha256":"7f69b0556f6ef74eb6afc1368fc7ad01939a6e4cbfb4613a1b7fc5b9246b9f5a","sha512":"a7734ef2d32bea8fd8af56c64d33ed568912af301e51f91196684aca6e2badf179eb995cec916a1691de64ea22f2304ad4d3223b4c5f6bf3c68c2c8cb9f1e204","ssdeep":"6144:ijL4qDTALmYSaX+i8oN1agn/8Ey7Q21GrkvPOY:eL6hSGTbykdGPf","tlshash":"f22422c3035696e049451d72dfacf138a52bc8cc85ad4a68e626f98f9c939bdc44e9cc","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.380675Z","times_seen":589,"resource_available":false,"data":null}},"time_used":13763,"timings":{"blocked":9344,"dns":0,"connect":0,"send":0,"wait":606,"receive":3813,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/bg-shape-1.png","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.569Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/bg-shape-1.png HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:12 GMT\r\nContent-Type: image/png\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-1a74\"\r\nExpires: Sun, 01 Feb 2026 04:47:12 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6772,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 229 x 229, 8-bit/color RGBA, non-interlaced","md5":"d766bbc7dc567b95f8132c8c835ad430","sha1":"ce7021882547660a54cfc66246acb2050f75ab5f","sha256":"0797750b854c6127f25fb6a9855ac9fbd0c2a26ad2111cb67b80b26fc5514a1e","sha512":"ed09b9c87e08548ff1db79b9cb72fef49d7c36e39c2eb77ce27c424398f61303add442b50630a2a0433367488ee19be473222a911143f2ad311e4a2d23ddf657","ssdeep":"192:aR26UomMjnwJatzUncFQ9cMMzzfRzaHqxAX:aEkhrwJCzTFUctzSR","tlshash":"85d19fb9b80b3c0580d264810dd294572f5dd08af27a723b5dffc01c02663ba9e207e9","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.409061Z","times_seen":649,"resource_available":false,"data":null}},"time_used":13500,"timings":{"blocked":9354,"dns":0,"connect":0,"send":0,"wait":4146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"m.baijichuanmei.com/static/picture/gallery-3.jpg","fqdn":"m.baijichuanmei.com","domain":"baijichuanmei.com","tld":"com"},"ip":{"addr":"154.90.30.70","port":80,"asn":35916,"as":"MULTA-ASN1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://m.baijichuanmei.com/","date":"2026-01-02T04:47:02.627Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /static/picture/gallery-3.jpg HTTP/1.1\r\nHost: m.baijichuanmei.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://m.baijichuanmei.com/\r\nCookie: PHPSESSID=helk6g2oopk3d4pn60cn91uqpu; server_name_session=4461c6ec2653e8e29435a9c21ae4e5ba\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 02 Jan 2026 04:47:08 GMT\r\nContent-Type: image/jpeg\r\nLast-Modified: Tue, 12 Aug 2025 04:24:53 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nETag: W/\"689ac215-20cd\"\r\nExpires: Sun, 01 Feb 2026 04:47:08 GMT\r\nCache-Control: max-age=2592000\r\nStrict-Transport-Security: max-age=31536000\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8397,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 100x100, components 3","md5":"4c1ec4a5c4206f22e37243d99eec884b","sha1":"aec1d2d2952f0936062d0acc4c2e34641771c872","sha256":"2d83693d57d7a37fae6fdc5da84cda1b126373f85aafa624ad17ccc35a536a5e","sha512":"e79d8a6f31033d4b9b28e9e3b527e62a78dd272a804dc4a6e4090167fd52dbd884802945867a577ad54a3698bf29863fba363fe6e7d960d3fb2c78eb4cb1a01c","ssdeep":"192:VsD4rBSvt6DAix6imzuHIadaFoGbzTTYwX/nIhhbFMb:VsD4tKBLzkIadaTnY0/2xFG","tlshash":"09028de8b5974b65e98cbc3500a22e3a4a570f157127ebb224ec2f30de0e0bbd075185","first_seen":"2024-02-01T10:47:46Z","last_seen":"2026-04-03T18:30:23.360977Z","times_seen":635,"resource_available":false,"data":null}},"time_used":6855,"timings":{"blocked":5277,"dns":0,"connect":0,"send":0,"wait":1578,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-02","alert":"Sinkholed","trigger":"m.baijichuanmei.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}