{"report_id":"3c47b05c-ca81-4493-909b-d1f39de32116","version":6,"status":"done","tags":[],"date":"2025-12-18T13:44:57Z","url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":0,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"oedy9.com/mob.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"title":"访问提示","dom":{"size":2323,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"1f32e9704da9eaa4d2c723b4f8528d32","sha1":"daf640d35b2f95cec442abbc62d8db92e9fb3b77","sha256":"4415f4f17390aa7bbbda8cd85e19704ed48338586d5ca1d2670f5c9862ae2bba","sha512":"3197343ead2b8bcbc9374ad396eaa4c8a6d37437a16f399a5d57ee532b9e60aa5dd7421fb7ba81176ae26693d8d959f65bcc94206fab8c1d68515304bb0399f1","ssdeep":"","tlshash":"af41a8d357664426bd92d85079522fc6329cd807e40ac66475b5a469cec0eb7523338c","dom_hash":"domhash9f56b4cf3fd7b1f4dab033f1c1ced99b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"166.88.132.178","port":0,"asn":149440,"as":"Evoxt Enterprise","country":"Germany","country_code":"DE"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-22T13:44:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"oedy9.com","ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"domain_registered":"2023-10-27","domain_rank":150266,"first_seen":"2023-10-27T10:41:23Z","last_seen":"2025-12-17T23:26:08.817115Z","alert_count":7,"request_count":7,"received_data":92150,"sent_data":3817,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.qrserver.com","ip":{"addr":"159.69.246.187","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2009-05-16","domain_rank":342339,"first_seen":"2012-06-20T10:01:45Z","last_seen":"2025-12-11T23:23:42.599779Z","alert_count":0,"request_count":1,"received_data":835,"sent_data":483,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/lazysizes.min.js?v=1766065476","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b82368b55ab941d0bb7db421e1084d6c","sha1":"27192bc19de2a9f69cb684d8bc627c78471ce049","sha256":"e76fb8d9f216898822b92b5be7fc0b3085b9a3685b14089d64a10935e83a08c5","sha512":"acd270d56dd39b1b2d2d1bf6ccc5b7c93f03888d741030d64b2977663284f610244c13f03ad395484149a386c97d617187101f3044591da4fa3b36d295ac3cc2","ssdeep":"192:zIJHXkovHIdcC9vaE6cyxqI1qwLcIRAKEFkNB+xb+25CqqBFPvAxOn:z2kNdcC9J6co91qwLcI6KgkixbdjqBFH","tlshash":"16f1b59f755570b3aadb74b5416f310f673279339d86e092e2bac080493c84aa323f2d","size":7891,"data":"","first_seen":"2023-03-08T00:57:24Z","last_seen":"2026-04-21T06:57:31.348392Z","times_seen":1419,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"3ae164feca7e5286086214c137ceeb2f","sha1":"cf6dd3a6b974b37304c3f0636ac8ed9ece9faea4","sha256":"62067a0c2a9fab38376023a6d86b89addb736cfc5165644c3ca971d36ee66b5c","sha512":"9fb7d66e0b873b97e049cc1c8c9442ba80f191a406fb5ba8c76f1a3b5897c50c5baa7c7183a98c1239502272a559489d22cfdcaca99a38731a26d5f799edba2b","ssdeep":"","tlshash":"56b01210471ed002495335c10749de6003ff355045ff4794050cb80cc18e180120a0d5","size":100,"data":"","first_seen":"2025-10-14T07:57:17.623191Z","last_seen":"2026-01-12T08:09:03.91715Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/home.js?v=1766065476","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"44dfc073c5c3247fe10076e31bebd0f8","sha1":"d3182755b5b6ed5766746a53c85749588aca1ada","sha256":"a7bc246afae2c42df0dc4abd2703271cbeea5cdbbdb1d314e34937579b4e17bb","sha512":"e4dff093c15fc6a16f9379f73d67ce9fddd776bebde48b9bac9f0c4310c9b24563a9d002bd91ed4e5d3d09037e10d03350b6196a2c134e7812902f6ad2b82d1a","ssdeep":"768:hR0cTTu8eIbZLbhpa6aEb7z9SsbhbeA5gr9GpSo5E7Iw4TQv5:hRZXdep6vRpG5","tlshash":"3c03a45d7af3142050b3317a4fbf69082276815f190ddd88fe2d11a48fc4a4eba66bbd","size":38346,"data":"","first_seen":"2025-06-30T06:03:39.440742Z","last_seen":"2026-03-27T05:50:39.456969Z","times_seen":76,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"f87b772c5b14338f5af2156f51880811","sha1":"34018a157a55064254df91cb189068b5bb558c16","sha256":"0c03e088853c6cbaf4bb6a8d89fd80dd4925b404f96686edaa1680b8868b0ca2","sha512":"3b553b24157125a85d4e088d812980f7982b04f4f39152506d2a380af9de640eed3cd17bde98e681dbc8bee1760bc06689b02db9c8926a0dd0ef9195820d4080","ssdeep":"192:qTJPZ+oN/BDFT0f/6NLnE4MZs/aaH0pyxv7qzUeBFFGr7rQy+O/2Qv2mIYAoGg:q1PrFAsLXZcFwfrQy+O/AmILG","tlshash":"6c9260cffa8e093560ff93cdcc591b7f82d2492262e3c07ad0f65b4937546a8d112a29","size":21090,"data":"","first_seen":"2025-12-18T13:44:59.864671Z","last_seen":"2025-12-18T13:44:59.864671Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/wntheme.js?v=1766065476","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"60bdf4117f35d4dd14feb178af7f4c71","sha1":"2003798e6f9a60edb5374c3b01cdbaff9c649cbb","sha256":"cad017f5b61569bdd35060b114147c285cf6d8d2d4237cd5a3ad15eb736ff2b8","sha512":"d565b2537616ff17cfd333d605802b6878a14da23cc01af885de63c6ded24e5b390a278893abb20e859264986c28a1ea6cd6b3b32d278e281ad703f4b40959cf","ssdeep":"","tlshash":"3841e153dabe4c42622f40865656f4e8732c947300739eadf28c70a95f8c86e035eb79","size":2236,"data":"","first_seen":"2025-12-16T20:01:54.266129Z","last_seen":"2026-01-31T13:21:21.702953Z","times_seen":57,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"ceb5f4f7add8c9d2e5df84d5c01893b2","sha1":"7cf2f0e3826e585a159d26ba828502fde7d4d621","sha256":"e180160993da14cf48e16ae9387167234854cb11e060a7a165090040b0ddb17c","sha512":"548a3a5c8c5c341f6e31a05434f493a48c25aaad8efd1bdd163d604d43335b22e6353fba3d88feedefef0316d1b29e1692c2c4537a06f2e669fe7000ee4c697a","ssdeep":"","tlshash":"138000e008bec030208ac000c80a0002288aaf02800220833c08032f8cc0ea0c8320ac","size":32,"data":"","first_seen":"2025-07-04T12:12:16.373177Z","last_seen":"2026-03-27T05:50:39.471525Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"d795ddd46a0d503308b30739135df97b","sha1":"523e61c65be1b110ec892abb8f61d8650161c725","sha256":"36d0f381933bc93dfe320820f03cf98c4b5d8bc24bdd4ec43ddcb45da72e6f19","sha512":"bccfc52761f6308a4dc6129b9640f2bf6de4d58b8dffde409961d1f6bd8f2244f9856791636df162d894793a3f1615f7bcbfb1f157451cbda089ed4ad9d71022","ssdeep":"","tlshash":"bfe0721e30c6103a02b348aa37f7810a25223b0fc49e8b127eafc4a61f24ca10506a0c","size":309,"data":"","first_seen":"2025-12-18T04:19:43.914564Z","last_seen":"2025-12-19T01:09:56.311668Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"1b9dcb146a0ebcd829523d456d8e3e9e","sha1":"ea67d5426148f43713e3c297c5cb672364612f3c","sha256":"2fc98560290a7613490a32a1422848630ae1a8b0f464980cc43f26d591fc19b3","sha512":"396699af2ed9f28dfe12616156ad72a1766b5953ec96abda580b994efdfd201bf03e8c47ef45ced96e104d4dce3d1b7b0424c36357d3f60ca48e2dae8cc0a46f","ssdeep":"","tlshash":"52f020b63c894034c3b712652bb395583079663f744fae21f54c28523f9086108ab91c","size":572,"data":"","first_seen":"2025-12-18T13:44:59.872299Z","last_seen":"2026-01-13T21:50:29.334207Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/mob.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"fb592fbec479fcf86b148138d910bb35","sha1":"45ce0041ee6d4eee4ad3631c79803cfbe0dc48dc","sha256":"544e26b4c403cd52e0df7ab03a923a311ccef4a1d94b936dd6b566488ff9abd1","sha512":"2695d92d187d48260309cc4567d303bc8891bb5c63a475327a52efdd0b2011d2103deb942f81be5efc25f0acb9698035821c0fdde85d4d37bbf42ce219606a0c","ssdeep":"","tlshash":"2df09eef1b121525af8fc68b173f3a15a59da10f5881df09742dd1021fe0f6c222b9d4","size":493,"data":"","first_seen":"2025-12-17T23:26:10.099061Z","last_seen":"2026-01-31T13:21:21.717068Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/jquery-3.3.1.min.js","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-04-21T16:14:17.688564Z","times_seen":122378,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"eeccbbea7c900822d394cb47b074f417","sha1":"e488f43fffe6c86c5992fb01acfacd85a505678d","sha256":"a0d1345f975b1fdb581ac0d3bf87b7f75a918fbf0d56eae1599ee69fa8ab782d","sha512":"ef54d613f0ea55f603dade0590fef4251198890ad3f1c290012bd6e96eaf5b25ac6ef7f75eda204be709c8daba9c43377e3d9d688f8cb14f06441c92b511184a","ssdeep":"","tlshash":"c21145cd55ee90994a2220287f5f2424307684ab02268241fd0e46052fc932e437fbee","size":946,"data":"","first_seen":"2025-12-18T13:44:59.878474Z","last_seen":"2026-01-31T13:21:21.742455Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"oedy9.com/favicon.ico","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/mob.html","date":"2025-12-18T13:44:38.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/mob.html\r\nCookie: think_var=zh-cn; server_name_session=c29c1bf587a2eaf4defcda57986b9127\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: image/x-icon\r\ndate: Thu, 18 Dec 2025 13:44:38 GMT\r\netag: \"6933481e-fc4\"\r\nlast-modified: Fri, 05 Dec 2025 21:01:18 GMT\r\nserver: nginx\r\ncontent-length: 4036\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4036,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"8e59ad0a9aefea690d92ffc6266516c6","sha1":"f82e7a5e38ad362b54a94522fd99963bc1515d27","sha256":"fa3958fb852fab1c92b41cbb3a1ad0c4487ee1cd1ef4712e6817fab8b8fde0eb","sha512":"3b4c28339115ca408dd153651ca8a2447b50788ff8499e51986f4062a8124e3145ef0d0ee9dbc36515be338d7cd0a21e1d6eb9725e9905454911af9c6d8827e0","ssdeep":"","tlshash":"a8817e69280b2a67e7f9a51b07360117ddf1a0ad62d7a88dc909c037bdee2b73086414","first_seen":"2025-12-05T22:31:48.407286Z","last_seen":"2026-02-14T16:06:52.824936Z","times_seen":254,"resource_available":false,"data":null}},"time_used":343,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":339,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/css/logo.css","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://oedy9.com/play/90903-1-1.html","date":"2025-12-18T13:44:37.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /template/oedy9.com/asset/css/logo.css HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/play/90903-1-1.html\r\nCookie: think_var=zh-cn; server_name_session=c29c1bf587a2eaf4defcda57986b9127\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Thu, 18 Dec 2025 13:44:37 GMT\r\netag: W/\"69328cc4-70d\"\r\nexpires: Fri, 19 Dec 2025 01:44:37 GMT\r\nlast-modified: Fri, 05 Dec 2025 07:41:56 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 788\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1805,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"ad07c9745bddb250123b78d08c947ef5","sha1":"ec442a0155808646f183daf7be85eece7d338fe9","sha256":"5d9c08142bb9cde189bf0a3d18719e82c1630cfaa6327aaee16dbff4ff253560","sha512":"7dbe450623f84b92c1c9aa3dbcef3976e38f50ac391fda919e252a21dd2788c3e34210e0d17057be22706c36a60efdda8c0d75772e4d7b59fffe6003436f12ea","ssdeep":"","tlshash":"c831a08b423325057e1668956f6b2e823348940bc34ffdf6798c568d4fcd184da917ec","first_seen":"2025-12-16T20:01:54.277001Z","last_seen":"2026-01-31T13:21:21.700484Z","times_seen":25,"resource_available":false,"data":null}},"time_used":341,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":341,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/play/90903-1-1.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T13:44:35.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /play/90903-1-1.html HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\ndate: Thu, 18 Dec 2025 13:44:36 GMT\r\nserver: nginx\r\nset-cookie: think_var=zh-cn; path=/\nthink_var=zh-cn; path=/\nserver_name_session=c29c1bf587a2eaf4defcda57986b9127; Max-Age=86400; httponly; path=/\r\nvary: Accept-Encoding\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74449,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (21047), with CRLF, LF line terminators","md5":"8031b8a5db302e9d6cfbbb72f123347c","sha1":"4a24d446bc681fdf22e0ffd8316b9268217776f7","sha256":"3e02a5c915cbb141baa9ab2b03c77948c52874a8999b18433e07973e1ea8824b","sha512":"a6ea34f302371cf19f85bcc8a958c98ada563ee4947632ee2ab1626218657184440f63755689b5f223f96e41d2d682048b43b78a06fb9355f51356fd15d851a5","ssdeep":"1536:0g8ssjZfrQy+OXXQvBnVsGFQM5D6lHjWar5D6lHjWaY8FgPg3:4ssjZfrQyDXCGe0ll0l68n","tlshash":"b773e79d6ed6542313ffc2c7ad602b6de2e241039592b927b6bc3b4e3f94706c02b549","first_seen":"2025-12-18T13:44:59.853129Z","last_seen":"2025-12-18T13:44:59.853129Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1862,"timings":{"blocked":698,"dns":339,"connect":178,"send":0,"wait":460,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/mob.html","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-18T13:44:37.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /mob.html HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/play/90903-1-1.html\r\nCookie: think_var=zh-cn; server_name_session=c29c1bf587a2eaf4defcda57986b9127\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Thu, 18 Dec 2025 13:44:37 GMT\r\netag: W/\"6942bf65-8b8\"\r\nlast-modified: Wed, 17 Dec 2025 14:34:13 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 1346\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2232,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"e6bda14384482790d0afa917fc71b5ea","sha1":"fbcf910270a85d233ad1358fc61f79383d3e0634","sha256":"1b3de5a79b15389d97aa3c3edc1779193cf5b97ed25ed9d9c9a83facc773daa7","sha512":"b641f8c7a42ca0d1c41974da9ec6685887ee46b4dc2c0658d5ee0c99806bc0f1598b79d7e712303ca8ed9c46c974bd1300cdd5fd54f3916ee2710f5c229c2419","ssdeep":"","tlshash":"c84196d347a685267d92d8503a522fd6319cd807e00bc76466f5a478cec0ea642333cc","first_seen":"2025-12-17T23:26:10.09739Z","last_seen":"2025-12-21T01:19:01.556638Z","times_seen":8,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":335,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.qrserver.com/v1/create-qr-code/?size=300x300\u0026data=https%3A%2F%2Foedy9.com%2F","fqdn":"api.qrserver.com","domain":"qrserver.com","tld":"com"},"ip":{"addr":"159.69.246.187","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/mob.html","date":"2025-12-18T13:44:38.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P384","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.qrserver.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 30 Nov 2025 22:44:12 GMT","end":"Sat, 28 Feb 2026 22:44:11 GMT"},"fingerprint":{"sha1":"FB:98:84:F2:6B:C0:3C:0D:9A:D7:8D:F1:D2:A1:53:57:78:23:7B:96","sha256":"2D:19:E3:19:2F:8A:F0:F8:B3:9E:9F:DB:F1:FF:A3:7D:12:3B:77:63:AB:D3:C4:48:C5:E4:9B:C4:AB:6E:70:94"}}},"request":{"raw":"GET /v1/create-qr-code/?size=300x300\u0026data=https%3A%2F%2Foedy9.com%2F HTTP/1.1\r\nHost: api.qrserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 18 Dec 2025 13:44:38 GMT\r\ncontent-type: image/png\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT\r\naccess-control-max-age: 7200\r\naccess-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, Origin, Authorization, X-Requested-With, Client-Security-Token\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":445,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 1-bit colormap, non-interlaced","md5":"de44117dfc1c6396b2139c7855385a6b","sha1":"eee7f4fcdd85ea01c753de719c7c2edf04480c4d","sha256":"4033e9ef0c4d5b03043140a8c80dbf4ed472d4659ae2014bfbc56af364abb3f3","sha512":"c19ac481610294b96cc27feff32dd6fc6c3fac975f8de1f46bb06ea099cfe8f5f3337f1832192197c4ebb87daca79e9b3ba559e38a41dcc69c79d208059a0531","ssdeep":"","tlshash":"f7f0b3d33b108c2b0a19b0a2bb2e0020ce72681b214d34ab378bce3646b21048c4001f","first_seen":"2025-12-17T23:26:10.098235Z","last_seen":"2026-01-13T21:50:29.324086Z","times_seen":37,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":118,"dns":4,"connect":27,"send":0,"wait":33,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/css/common.css?v=1766065476","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://oedy9.com/play/90903-1-1.html","date":"2025-12-18T13:44:37.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /template/oedy9.com/asset/css/common.css?v=1766065476 HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/play/90903-1-1.html\r\nCookie: think_var=zh-cn; server_name_session=c29c1bf587a2eaf4defcda57986b9127\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Thu, 18 Dec 2025 13:44:37 GMT\r\netag: W/\"690382cc-cf7\"\r\nexpires: Fri, 19 Dec 2025 01:44:37 GMT\r\nlast-modified: Thu, 30 Oct 2025 15:22:52 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 1174\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3319,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"fd1883f3175814b2ab831a61de46270f","sha1":"6bdb5ea6e5742b603065968175146f37490efc34","sha256":"aef52165eda8d9be75951262896f8831842b93e8db7f1a99a5f281294d2f208b","sha512":"6de5d8af1052bb8baeee9239d563732dbf4df9e66aa86a846cfd1888ba675a3350f29a0d401b0f54b32576e73af40abe16edc2edd871ae5f8cda71a584737590","ssdeep":"","tlshash":"5761ef4219022c85d52bf2a798f786eded4f6403a78360eab9e17805cfcf69700225d8","first_seen":"2025-07-04T12:12:16.310038Z","last_seen":"2026-03-27T05:50:39.447895Z","times_seen":74,"resource_available":false,"data":null}},"time_used":337,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":337,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/js/wntheme.js?v=1766065476","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://oedy9.com/play/90903-1-1.html","date":"2025-12-18T13:44:37.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /template/oedy9.com/asset/js/wntheme.js?v=1766065476 HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/play/90903-1-1.html\r\nCookie: think_var=zh-cn; server_name_session=c29c1bf587a2eaf4defcda57986b9127\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Thu, 18 Dec 2025 13:44:37 GMT\r\netag: W/\"69327608-8bc\"\r\nexpires: Fri, 19 Dec 2025 01:44:37 GMT\r\nlast-modified: Fri, 05 Dec 2025 06:04:56 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 804\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2236,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"60bdf4117f35d4dd14feb178af7f4c71","sha1":"2003798e6f9a60edb5374c3b01cdbaff9c649cbb","sha256":"cad017f5b61569bdd35060b114147c285cf6d8d2d4237cd5a3ad15eb736ff2b8","sha512":"d565b2537616ff17cfd333d605802b6878a14da23cc01af885de63c6ded24e5b390a278893abb20e859264986c28a1ea6cd6b3b32d278e281ad703f4b40959cf","ssdeep":"","tlshash":"3841e153dabe4c42622f40865656f4e8732c947300739eadf28c70a95f8c86e035eb79","first_seen":"2025-12-16T20:01:54.266129Z","last_seen":"2026-01-31T13:21:21.702953Z","times_seen":57,"resource_available":true,"data":null}},"time_used":343,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":343,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oedy9.com/template/oedy9.com/asset/images/video.png","fqdn":"oedy9.com","domain":"oedy9.com","tld":"com"},"ip":{"addr":"109.176.19.122","port":443,"asn":199707,"as":"ByteVirt LLC","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://oedy9.com/play/90903-1-1.html","date":"2025-12-18T13:44:37.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oedy9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 28 Nov 2025 12:19:19 GMT","end":"Thu, 26 Feb 2026 12:19:18 GMT"},"fingerprint":{"sha1":"69:7B:3D:0C:13:0E:79:59:85:79:6C:9F:CC:02:E7:C6:0C:DB:09:6B","sha256":"CD:1C:CE:88:E8:D4:C6:2F:12:8F:68:0A:04:29:1A:D5:09:16:39:90:F4:A1:9B:08:35:6D:A8:0F:8C:54:E1:96"}}},"request":{"raw":"GET /template/oedy9.com/asset/images/video.png HTTP/1.1\r\nHost: oedy9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://oedy9.com/play/90903-1-1.html\r\nCookie: think_var=zh-cn; server_name_session=c29c1bf587a2eaf4defcda57986b9127\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Thu, 18 Dec 2025 13:44:37 GMT\r\netag: W/\"690382cc-7ad\"\r\nexpires: Sat, 17 Jan 2026 13:44:37 GMT\r\nlast-modified: Thu, 30 Oct 2025 15:22:52 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\ncontent-length: 1712\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1965,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"7e3c0651d41293376aefd9c5fd3992ca","sha1":"034b668192c896f01291974839881f79cd68a8a0","sha256":"cfecf8ddacbf3e38bdd886434e4c2c6d471641ea7648be892e580ca11f4fb552","sha512":"39b8e96e488451c629cd2a8c29c1422f17c5b2bf0076d7b980d280f993bda4887b80cdf0ab2a277d5977278cb6f9f0fcae6c440ffaf3d33c9a7098d26738bf0d","ssdeep":"","tlshash":"7041ca05eea2ac89a291fa0268db14639b59498c9fc0d26fadc8cca31c319d95c5dcd7","first_seen":"2025-03-02T01:36:31.985825Z","last_seen":"2026-04-19T16:07:48.613264Z","times_seen":45,"resource_available":false,"data":null}},"time_used":341,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":340,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-18","alert":"Sinkholed","trigger":"oedy9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}