{"report_id":"83fad4a7-4a45-46ee-9d01-71640174a30f","version":6,"status":"done","tags":[],"date":"2026-02-09T01:36:50Z","url":{"schema":"http","addr":"datalc.com/","fqdn":"datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":0,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"www.j9bba.com:9300/index","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"title":"J9九游会-真人游戏第一品牌","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"datalc.com/","fqdn":"datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":0,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-16T01:36:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-09T01:36:34Z","timestamp":1770600994,"ip_dst":{"addr":"Client IP","port":60512,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017","source":"{\"timestamp\":\"2026-02-09T01:36:34.168273+0000\",\"flow_id\":442172152713538,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.204.158.66\",\"src_port\":80,\"dest_ip\":\"172.18.0.14\",\"dest_port\":60512,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024228,\"rev\":5,\"signature\":\"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"www.datalc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":827},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":935,\"bytes_toclient\":1439,\"start\":\"2026-02-09T01:36:23.364866+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"ips2.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"tus5r4front-cf.doefa88uid.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-05-22","domain_rank":0,"first_seen":"2025-08-15T05:13:31.986152Z","last_seen":"2026-02-04T02:40:10.784872Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":493,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.datalc.com","ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":3,"received_data":1949,"sent_data":1235,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}]},{"fqdn":"tus5r4front-ge.owproofing.com","ip":{"addr":"205.198.109.13","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"domain_registered":"2022-11-21","domain_rank":0,"first_seen":"2025-08-15T05:13:31.982345Z","last_seen":"2026-02-01T01:52:53.533814Z","alert_count":0,"request_count":1,"received_data":390,"sent_data":493,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.j9bba.com","ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2023-09-19","domain_rank":0,"first_seen":"2026-02-09T01:36:54.080938Z","last_seen":"2026-02-09T01:36:54.080938Z","alert_count":0,"request_count":25,"received_data":442732,"sent_data":22400,"comment":"","tags":null,"fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"datalc.com","ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":191,"sent_data":874,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}]},{"fqdn":"3s.hqvai.com","ip":{"addr":"38.182.202.2","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"United States","country_code":"US"},"domain_registered":"2023-07-06","domain_rank":0,"first_seen":"2025-04-11T05:52:01.877221Z","last_seen":"2026-02-05T14:33:15.354706Z","alert_count":0,"request_count":1,"received_data":286,"sent_data":547,"comment":"","tags":null,"fingerprints":null},{"fqdn":"tus5r4front-ge.qdyysh.com","ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"domain_registered":"2024-07-01","domain_rank":0,"first_seen":"2025-08-15T05:13:31.977304Z","last_seen":"2026-02-04T02:40:10.862716Z","alert_count":87,"request_count":87,"received_data":5812406,"sent_data":43455,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-02-08T22:20:44.026892Z","alert_count":0,"request_count":1,"received_data":416257,"sent_data":439,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tus5r4front-cf.cf-holiday32.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-05-22","domain_rank":0,"first_seen":"2025-08-15T05:13:31.993947Z","last_seen":"2026-02-04T02:40:11.840298Z","alert_count":0,"request_count":1,"received_data":0,"sent_data":495,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ips2.io","ip":{"addr":"154.38.220.33","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"United States","country_code":"US"},"domain_registered":"2020-12-09","domain_rank":1673908,"first_seen":"2020-12-15T05:28:49Z","last_seen":"2026-02-06T06:58:46.922036Z","alert_count":1,"request_count":1,"received_data":194,"sent_data":591,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.25.3.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.j9bba.com:9300/","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"d2dd3c6013744e107c67cfb748485aa5","sha1":"a254f76de4bded29f9a466c9d35167ea1bf25fb1","sha256":"91220fce1ade5c8515aab743daa06b3921a31e543fda94780d2f99990d7ae7cd","sha512":"6e159affe6dc77d8b39cbbbef67236406507d34e778c7fec000b6877137f78b9b831f8cad6f7b873de19cea513adbb2cd50145f31d64bbe983a5ac7b322363f6","ssdeep":"","tlshash":"1ec08c212ea1e062820b804b103ce25c30e220621808e11abdedcd0caf00fe3cc2ace0","size":167,"data":"","first_seen":"2025-09-04T07:00:41.308757Z","last_seen":"2026-04-03T20:50:12.445656Z","times_seen":527,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/saconfig/yunwei.js?0.7559631152137632","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ed506b0118dc47ff469a51973a83a169","sha1":"c22d1bf3e4481b7873ea1e849ed6258c82db8603","sha256":"70ae8c907bc5cb499a1b824725fe3e039c8819c8f0af84ee91f8006a84504315","sha512":"add8c741ac9bf7a4dec49315e4f86c0048412d5fda4f42d44eaac9fc178504b91c1d72237919f78dcc837b0da04bfbcbb06e5d59bcdba2ea4a74b751398a12d2","ssdeep":"","tlshash":"b03143ffe3620841934bdb85f5af3d1ec5d6256d89c8f0a5e4fa848886a905144873d8","size":1726,"data":"","first_seen":"2026-01-20T15:59:23.650557Z","last_seen":"2026-03-31T12:53:09.577391Z","times_seen":150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-6L9ZP3QXXM","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d61fb4b9fab8c80fa72411d906a7ae3e","sha1":"ebb400c7f49d1f15bcf1a6716b382464260380ca","sha256":"68fcd9c708786a0ffec4c9ff69bf6d8eabb752d83c98137b2f99ad48ff5bbd8b","sha512":"f858ff18a8a0d142bc521b3a4e82eb74841311fcab7293b4d5c9a0881fcdec8635ac402e95b8b2a54c677e7765e29b299aef07a6d0bddaffb24c6cedfdce6c64","ssdeep":"6144:yb3hDpzzfRm81qbOqR51/48BjM3cp81Qj3AEFyFv1cKhB:yb3hDpz5mnbD/48BzFypB","tlshash":"f49419dd73c674224396f478503f018ba57b68a2f48cc899f18ac8e42d74a9a4277f7d","size":415653,"data":"","first_seen":"2026-02-09T01:37:18.592257Z","last_seen":"2026-02-09T01:37:18.592257Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/remove.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"704cdfc987eccec9feff30e2913d2801","sha1":"ac07468ca10534128271b5d5c9a1ebc64c06ea17","sha256":"a0d27bab1fc3fd39017be7fc21a7aa0f7850f7805182988e190985c5e2eecdbb","sha512":"965520cab461040565f951e05697a577a1455cb686cbb97ba4c95465568db09d626fb35a602c50fd2ad7c726436a0863eead9d4aa2607085c756589d122340c5","ssdeep":"","tlshash":"fad0a77931a6855627c11d34b429950c3fd436034c4ad1b037090133c960fd430f34ef","size":229,"data":"","first_seen":"2023-12-07T23:22:38Z","last_seen":"2026-04-03T20:50:12.420392Z","times_seen":542,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/3s_web_detect.js?product=tus5r4\u0026module=frontend_web\u0026v=0425","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cc950966ae7e8d2e998fb2522ee26b0","sha1":"e2689bc69f251faa08fcaeec7abee7b1094005b2","sha256":"26c4604a8dfca1276fc0e5239c84e5788def42725ebe87c1862f9355f0d7920f","sha512":"ef2fe0ff8622cfa7503bf50de8d292f60808ee8be1709a39869ea9f01d5de0c8f79b07a47d67efecb61168d65ddc3497b64f15fdfcee56facc0934f9eac873a3","ssdeep":"768:N52s3s7wTspsksLhsN5AOzYGwDgWRb/AM07OTQpzfxe5qefp:NsojTQp2hIUgWp/AM07Tfxe5H","tlshash":"24232b9d718a7075437366e9273ff208b0756aa0240e8400bb7695853c74e9be27bfed","size":45801,"data":"","first_seen":"2025-08-17T08:14:45.281296Z","last_seen":"2026-04-03T20:50:12.31971Z","times_seen":543,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/3s_web_detect.js?product=tus5r4\u0026module=frontend_web\u0026v=0425","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cc950966ae7e8d2e998fb2522ee26b0","sha1":"e2689bc69f251faa08fcaeec7abee7b1094005b2","sha256":"26c4604a8dfca1276fc0e5239c84e5788def42725ebe87c1862f9355f0d7920f","sha512":"ef2fe0ff8622cfa7503bf50de8d292f60808ee8be1709a39869ea9f01d5de0c8f79b07a47d67efecb61168d65ddc3497b64f15fdfcee56facc0934f9eac873a3","ssdeep":"768:N52s3s7wTspsksLhsN5AOzYGwDgWRb/AM07OTQpzfxe5qefp:NsojTQp2hIUgWp/AM07Tfxe5H","tlshash":"24232b9d718a7075437366e9273ff208b0756aa0240e8400bb7695853c74e9be27bfed","size":45801,"data":"","first_seen":"2025-08-17T08:14:45.281296Z","last_seen":"2026-04-03T20:50:12.31971Z","times_seen":543,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/app.f98aaace.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"95ed2053760e7f98416584a510904756","sha1":"0461d891911c0efeca5cf74dc99674ea07b65908","sha256":"92544c387be041c6d713ce97dbdfadf817009bb01541723fa28d4045ac61701f","sha512":"dbd8265d4ccec9e26e60109c83f37f0c385453fc8e1b8f661f172852100e2a0e9e5c66ab870b3e1fb92267c58c3e46977dafd1e56864820b18aa8ea24ed2cda4","ssdeep":"12288:3EXl24QvFZpKGOsp/mqiZVx19McPeiM2RYRFJq1DNV:UV24QvFZpKGOO/mqiZVreJ2RYRFJqHV","tlshash":"1c056ca9f1c5b1e45646a3f0a42b2111f12a3ded7945c8d8f7acddc06bb0c8d522af78","size":864582,"data":"","first_seen":"2026-02-07T09:57:53.853558Z","last_seen":"2026-02-09T17:50:41.166509Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.datalc.com/","fqdn":"www.datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"96760426e05e28d1fdfa5c4a4c5edde2","sha1":"51f34d06e050797d9cff78c137eaa654213d6c74","sha256":"6de521a5061f13ce520a4de47c266cdbc29c1263e1eeada0ee2d737359e8063f","sha512":"147a8702ae6c226f3d58dda77895a06956c79678277f6afced7027c2a141230c34b54f0536ca860760a608f045428e5003b622b375fa40f1a7de88939aa612c4","ssdeep":"","tlshash":"0a70008a00008a0222ea00038a22a200202200cb0800800000000022200030f022e88a","size":20,"data":"","first_seen":"2025-08-23T09:05:29.324079Z","last_seen":"2026-03-28T08:06:54.764647Z","times_seen":97,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-09T01:36:34Z","timestamp":1770600994,"ip_dst":{"addr":"172.18.0.14","port":60512,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017","source":"{\"timestamp\":\"2026-02-09T01:36:34.168273+0000\",\"flow_id\":442172152713538,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.204.158.66\",\"src_port\":80,\"dest_ip\":\"172.18.0.14\",\"dest_port\":60512,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024228,\"rev\":5,\"signature\":\"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"www.datalc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":827},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":935,\"bytes_toclient\":1439,\"start\":\"2026-02-09T01:36:23.364866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-vendors.e06e3300.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb4725bfbac94d4b1768a240fa074e04","sha1":"300a1e75a37604cc198f98a04d78de59d42758f2","sha256":"f343a3db78896b4e97369fe70d4ab8ac31c20d783acb90394a136b27abe75c53","sha512":"ed796c24a8a5e0e09ad17b460efcbefd232a1138ccdc2f3816f5aa1994a5837c76a69ddf6d3175c6406abbf625ed6374c7273c85dee74ec05ee14fcbe440578c","ssdeep":"49152:cUcPydHcsQt5+qbAuENnVGHRaHVztAy8Cow8YesuiTrLmQh:cUcP68b5+wAJGcHVpiWuiTlh","tlshash":"a9b53bf972c5b46607a730a5002f250bb73e1e5b680d8058f6b6e4e66c7890d927bf7c","size":2342091,"data":"","first_seen":"2026-02-04T02:40:26.049149Z","last_seen":"2026-04-03T20:50:12.431009Z","times_seen":124,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-d1ee4a6a.ea318cd0.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1cc5d37a6bf230d73d8a11be3b41f28b","sha1":"fb4b583639185cf1b00fed95d58a7c908faf5a5c","sha256":"bffe784381e7a12042cea20755df109755e3cf78504c7bb1bdcb8e52a06d139f","sha512":"80abcafc9535d3a3c494b7a87139917f0f7e492041e75d93e0d655e3bf77624f40b9dc05eff3313ebf66f2f11153fc4b148ad733d64e86de6818841bfcec69fb","ssdeep":"96:u/ShHjZWyVmtE94zZefXZCHZ6dbjt9WYvFP:uqDwE9A0EHZ6dbj7WYdP","tlshash":"4d918756f086f1bd9d759032104d26e5f3ad3fd4d010eadebab89cd98b9ac04230d66e","size":4399,"data":"","first_seen":"2025-08-17T08:14:45.200812Z","last_seen":"2026-04-03T20:50:12.327497Z","times_seen":528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-6bc21bda.d9391d29.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"263b0bc87f1c5e2dbc78813a18bcf54d","sha1":"f56b4fc9b7f2ed58c7841af0bf6eae118709ec54","sha256":"47661b4a857d1d762c9373e5c5b8e3973a3417ac6e6574a53ed2a1c6a168212a","sha512":"33cd3728961389f1d69436efa6e4e2e424dd573a953c52d1a988640f864590a8d07c099b94de39fb3598821bf7fc011f7e1c35dc94c28533d58a9ac87c9329d5","ssdeep":"3072:ZtNsgkvTGCs416xQ7H+J8kfFu60FDAJrDlOyD0uGaqRB:HSgkv3QAFQz0FD0guKRB","tlshash":"3af39f5bb682b4e5562752e0d00b2515bc622a44e248e8c9f73cfbe1edbdb1c1a1f53c","size":164736,"data":"","first_seen":"2026-02-04T02:40:25.990892Z","last_seen":"2026-04-03T20:50:12.250135Z","times_seen":126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/Index.aafc0cf1.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"754ff9f2a9969aca7803592c863d0f78","sha1":"1de1c339d4c85b2216c0e400f3dee7d0ede8185b","sha256":"e3eefb9f4e0d1d439787d2102c9c5b49c7a2fddbeeaa10c00c414eedb67fe372","sha512":"f37b7381ed2387154c01475e84ce7cabcf97ad7f59e8636ca126a82a8cdcc5199dc41dafd5e4c7d7bdbebe7119890e7884e755f1be9911d0aa9c85423768e569","ssdeep":"1536:xJOD9qra2Hk5VzHepUzO8Ls9NOjleIBEnr62qptpF:xJOor46UK8Ls9NOjleIBEnrfqpt3","tlshash":"eb43e64bf686a0b41927e1f1541b2612b1392e886258c88df739dec1dde8e6d131fb3c","size":55794,"data":"","first_seen":"2026-02-07T09:57:53.836056Z","last_seen":"2026-02-10T09:34:26.130345Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"www.datalc.com/","fqdn":"www.datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"15d5a69ab32516003ed6e75a9b4f0168","sha1":"1175e4d72dbb0d9fad3815d7e13f686c9eda3974","sha256":"d6135c935bb8fd2e4f8f2c4ca6ebf0cdcc60b49f7d8beec2a805802478ea4550","sha512":"8b70a2cb71161545a8af0234261dc4378a62e8b7c3f91759f9963b0c09a31920a43ee1c07f8bcf765481e47f0b46e6832aa78994961ef2cc0d14cdf50f7b31c3","ssdeep":"","tlshash":"91e0ab2321b1603821af9651d631ffb994f3db17a31aa21480726936c58389e1e4f68c","size":416,"data":"","first_seen":"2026-02-09T01:37:18.710479Z","last_seen":"2026-02-09T01:37:18.710479Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-09T01:36:34Z","timestamp":1770600994,"ip_dst":{"addr":"172.18.0.14","port":60512,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017","source":"{\"timestamp\":\"2026-02-09T01:36:34.168273+0000\",\"flow_id\":442172152713538,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.204.158.66\",\"src_port\":80,\"dest_ip\":\"172.18.0.14\",\"dest_port\":60512,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024228,\"rev\":5,\"signature\":\"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"www.datalc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":827},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":935,\"bytes_toclient\":1439,\"start\":\"2026-02-09T01:36:23.364866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/js/abc.js?t=1770600985855","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"aba27e83b4c8d339299303e891aea49f","sha1":"3f7bda1251285587aa7ea48f240d684051c81ca1","sha256":"e868a57efefb64102f825ba1662d406528c6179a3e9a4ba1eb37a66c3ff5495d","sha512":"8a17752f627ab01bf9e3c37f1fd32652c5fc0222e1cbc975f3aa502dd8a21a55821a6847b983825e9e06537fd803b9aba154014e7d5de8469784c53af0f1fbb0","ssdeep":"1536:qUSwQLRcv3FEEKmaOkQqLhU0RhUNqBAvtL9Rzyf+a:qdLqv3FEEKmaOHqNU0ReNqCVP23","tlshash":"c46330a3ecc79a540356396ff33fa5dda2924a170c48752abc2ca5a15fce51ed9b0c30","size":72778,"data":"","first_seen":"2026-02-07T09:57:53.867579Z","last_seen":"2026-02-09T17:50:41.143272Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"67ec9c6fe736969eec654603dc8f0ec6","sha1":"fd2fcb50794f345d1ab3645a33687b04a3fd04b5","sha256":"e7389a11c5f1515d5eeb23d2a5d5148f286f27f52ad731d2e5b1edde2431cf45","sha512":"e96ed98f2f1a75ee3e3ef002f45b30858f855462cccafc1246acf13c7ab06a2f1b4893b5bc5085dff3a1d6b38697cf752509e6e4101f572178a37809cd2760a2","ssdeep":"","tlshash":"3ac08c98310b0c7051ab2a024b2fa200b0263212a4e2a920294a63044f21e07eb88914","size":162,"data":"","first_seen":"2025-09-04T07:00:41.296125Z","last_seen":"2026-04-03T20:50:12.43727Z","times_seen":530,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-fd96398c.f4e7bf4c.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dc171802fd6dbc7c27e23bc7b233056e","sha1":"1ea3d8eab7c197b685f20cf0610326b378790b55","sha256":"02317840b65c90592c38837406c02fa8dc07a134f095e79d5e68391b35d5d4c3","sha512":"d401b088b4b81aa5c40bccd9da97258d11d08c830c271a78e6af76447a78bba05762cb4458621324170a8b93a3d30eed98a308a248239fd6023f943ffd474fb9","ssdeep":"","tlshash":"c74123ea2583f469c93ab28582691ef262163cd5750e04c0fff5f4cb16d9c54c21a999","size":1975,"data":"","first_seen":"2025-08-17T08:14:45.076524Z","last_seen":"2026-04-03T20:50:12.378373Z","times_seen":528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-6c84c516.49d6591a.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1b97ba2e1b97ead3029e38203000a553","sha1":"86b67bb87dbf8b7b66ff82ede315f0ab63e0da69","sha256":"479cce7819cac20b032093114e57f3b67de3db3a072c3baf55c982bc136fa6bb","sha512":"c06530414db98be657cf3957ea74dd1b7233ed28b2513e6501cf1cbcc150b6f29babd40b4489621ed27cbab0a039fd6ca415ad16a94a1edae1873414c831b5de","ssdeep":"","tlshash":"4941c85dfb839495aeb690b025173763b0601f9cb6068adcf8bcc9c72aa465c235d634","size":1929,"data":"","first_seen":"2025-11-18T09:12:39.080943Z","last_seen":"2026-04-03T20:50:12.328202Z","times_seen":285,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-05550dec.9174978e.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d6a8de5cc45b13b5f8badc0ab075f0ef","sha1":"d2745101238b3861ad9827f33f65ab2f897f1f96","sha256":"bccff7d4a33e5841f0d23bbdbbc757158518660669123d88b0b97ef332ddbabf","sha512":"f32aff47835be768f2f122f622ce5297c4a6dc88c2407da49af80ba3bf08d43f3beaa7664056a67242e432e038830551c64112f0c7c42d25e6d00c457c8754fa","ssdeep":"96:PTHLf+Z3+Ccg+QeuhIMWI2WUIk+IIianjsIiaoVDRUh:7HLf+Z/xPhIMWI2dIkFIiaIIiaojw","tlshash":"6ec1b71095c399be8d2652c740353ee0e27a3e88945560daf77dce9135ec46e361f43c","size":5835,"data":"","first_seen":"2025-11-28T04:45:37.591115Z","last_seen":"2026-02-25T22:42:00.084179Z","times_seen":175,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"09845b0502cb0a99f489b0d5764bbf69","sha1":"73dd3122cb83284e510a3d227131bcfe519f8ba9","sha256":"b1286cfb4cc10c4e14ca6822c1d4b368f7f661f4e5b64b7330ddcda58a4b9431","sha512":"77fe6979548cf4c73be283f2e8acb6b9e22b4b7ec0a814c9fd9c4de212734f7469d109749b000d460b1b3f6fb1e8c341807f56bc60e28b3f1ba05ec040530592","ssdeep":"","tlshash":"2dd0cd336575907c107d9512a131bb6a90a3db07731b661540a56475c5874491ad728d","size":289,"data":"","first_seen":"2026-02-09T01:37:18.712966Z","last_seen":"2026-02-09T01:37:18.712966Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-quitRegist.json?1770600991445","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-quitRegist.json?1770600991445 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: \"693a7f31-32c\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Thu, 11 Dec 2025 08:22:09 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: BYPASS\r\ncontent-length: 812\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":812,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (812), with no line terminators","md5":"35b12e7c6d1d4ad77c1a8f05e8587cee","sha1":"03a3a86229098f655eb1866643684e0a92a32634","sha256":"7fd433bee05cbf798036c7e79b3cc703d0f12c23d3fc7fdfb4c64a9ef2cf6be8","sha512":"4fd95f35356992ff9c9110849033dad18a2d66d3c3cfc8a36d6b4eef0cf241853f544416781cea05bfd77551cea2f3c1c3089ab79e82bc1fb675e86f8fee4015","ssdeep":"","tlshash":"440186030a4336330fae369b42a2c35c96bb06c2798c53a829c8163397fc7e6c281445","first_seen":"2025-12-11T13:54:02.929468Z","last_seen":"2026-03-25T03:25:51.600399Z","times_seen":220,"resource_available":false,"data":null}},"time_used":427,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":427,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/5G.1a1a241e.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/5G.1a1a241e.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:15 GMT\r\netag: \"69842f33-4775\"\r\nexpires: Tue, 09 Feb 2027 01:31:15 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:15 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 18293\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":18293,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1a1a241e95a04f59607eac60c8a3f624","sha1":"4aa4c5f0d727dad6f75c4f0265c26e37d100fff4","sha256":"6415cc2150bcd655b8a1cd6b8f6e7f3ca69c9d2e949edb56c5f200f7fac0edd7","sha512":"dcffe9a7751b9238d323e95de2ea21a5eb0ef5e1c9701ba40d3a2cd55f7715f726d84451e661f8be46d983164b3c75984fb32377da6cb09984fa126059f4704e","ssdeep":"192:kaiPSdvcN3qecB1gsBKKdusC07Q33r3M6Sl63txs37I1fcaxG2eKK1X7TTMPPETM:kaKAecBqs5sb3a8Hs3og1LnTsv7","tlshash":"5082338c736a50b9f845a3f487eba4361ea21ce97a10c5c4cea86d13dd5150e1eb8cdf","first_seen":"2025-08-17T08:14:45.078782Z","last_seen":"2026-04-03T20:50:12.291481Z","times_seen":441,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/public/proxy","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/public/proxy HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: d5b724219dd882e29a42573443c5df1c\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 66b7051023e49b0a54ee54752e9f6dcb\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 146\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":146,"data":"{\"uri\":\"/jackpot/queryJpDrawPoolDetais\",\"paramObj\":{\"activityCode\":\"FaEU9HeAXn\",\"productId\":\"H86\"},\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17393,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4a156acbc22122d56987e7bffc7c5821","sha1":"99001993327462522fc86924852e0ebe140ed0a2","sha256":"0ff986bba5d25d59286acf5099d80bfec3535518f81735e8fb97c12a5cb650e1","sha512":"dcc5a4e235788d47538ac961a60d5ca6e2ca40943da12e246f6645e6c897e71c52734cd7aad0bf96935b4a5b8d09bcdfbef4be9110907917f34cad4ec6a56a35","ssdeep":"384:ipZhJ8NYVlSsZHrsUwK4+I1UfSt/C9dSeHMDeT05+AZ8WOc/v3cul2OvB/y5JNK:M9lTKKMBg9dSPiQwAuWOMv3cw2uB/mJQ","tlshash":"6272e187a4f7adb66f616a8e60d53063ef84334818e8a4c8ccd8acc4876f94576f61d0","first_seen":"2026-02-09T01:37:18.579075Z","last_seen":"2026-02-09T01:37:18.579075Z","times_seen":1,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-fd96398c.f4e7bf4c.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/chunk-fd96398c.f4e7bf4c.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:35:47 GMT\r\netag: W/\"69842f34-7b7\"\r\nexpires: Tue, 09 Feb 2027 01:35:47 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:35:47 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 949\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1975,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1967), with no line terminators","md5":"dc171802fd6dbc7c27e23bc7b233056e","sha1":"1ea3d8eab7c197b685f20cf0610326b378790b55","sha256":"02317840b65c90592c38837406c02fa8dc07a134f095e79d5e68391b35d5d4c3","sha512":"d401b088b4b81aa5c40bccd9da97258d11d08c830c271a78e6af76447a78bba05762cb4458621324170a8b93a3d30eed98a308a248239fd6023f943ffd474fb9","ssdeep":"","tlshash":"c74123ea2583f469c93ab28582691ef262163cd5750e04c0fff5f4cb16d9c54c21a999","first_seen":"2025-08-17T08:14:45.076524Z","last_seen":"2026-04-03T20:50:12.378373Z","times_seen":528,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-d1ee4a6a.ea318cd0.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/chunk-d1ee4a6a.ea318cd0.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: W/\"69842f34-112f\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1902\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":4399,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (4291), with no line terminators","md5":"1cc5d37a6bf230d73d8a11be3b41f28b","sha1":"fb4b583639185cf1b00fed95d58a7c908faf5a5c","sha256":"bffe784381e7a12042cea20755df109755e3cf78504c7bb1bdcb8e52a06d139f","sha512":"80abcafc9535d3a3c494b7a87139917f0f7e492041e75d93e0d655e3bf77624f40b9dc05eff3313ebf66f2f11153fc4b148ad733d64e86de6818841bfcec69fb","ssdeep":"96:u/ShHjZWyVmtE94zZefXZCHZ6dbjt9WYvFP:uqDwE9A0EHZ6dbj7WYdP","tlshash":"4d918756f086f1bd9d759032104d26e5f3ad3fd4d010eadebab89cd98b9ac04230d66e","first_seen":"2025-08-17T08:14:45.200812Z","last_seen":"2026-04-03T20:50:12.327497Z","times_seen":528,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/iconTime.7de263bc.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:38.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/iconTime.7de263bc.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:36:37 GMT\r\netag: \"69842f33-35b\"\r\nexpires: Tue, 09 Feb 2027 01:36:37 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:36:37 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 859\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":859,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7de263bcf8434b135b367d199c99d43b","sha1":"974b4f6fe2d18a5cd5eabf45775dc187c8aee3cc","sha256":"aa1f5ba19a34782923a283192247e15da3238a32195b1f47b9068ae0481b41ea","sha512":"de9ca35688b79767025a970352fc717281b768a345fb64ca60e863f34c62d027c63d8c9e915e6463120984d965035ca9ec8cdac330316d9f837eb64b35280558","ssdeep":"","tlshash":"bb114cfb959c6588d906abe0ce1be7be25122cb53a460b5a12f0d71222064fecc3c541","first_seen":"2025-08-17T08:14:45.293432Z","last_seen":"2026-04-03T20:50:12.316847Z","times_seen":224,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-vendors.e06e3300.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:28.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/chunk-vendors.e06e3300.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:34:49 GMT\r\netag: W/\"69842f34-23bccb\"\r\nexpires: Tue, 09 Feb 2027 01:34:49 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:34:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2342091,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16838)","md5":"a35ac4b12858a99182707351e6d7b4a8","sha1":"198f71d1c76bbb674ef51ae2f9071be2d3f7712b","sha256":"457dfc6e4e6c3cb16c15c953a480d561731495b8c54d56ac093beac2553da5aa","sha512":"64d98b5b8003a9b8a8cc585af0a93b32e5466f9591411fb34b00c4e7d55600722626d0b2c950c3689c4ac9197cc40f2774c2f5c632e6cf42aebb241256e46626","ssdeep":"24576:cUcPydHcsQt7qrA+ALvbAuEwynVGHRaHVzV:cUcPydHcsQt5+qbAuENnVGHRaHVzV","tlshash":"ae3519cd72c6b46247a360b1403f250bb33b2a69680d8458f675e4e9bc7991d923bf7c","first_seen":"2026-02-04T02:40:25.953026Z","last_seen":"2026-04-03T20:50:12.26833Z","times_seen":121,"resource_available":false,"data":null}},"time_used":1467,"timings":{"blocked":426,"dns":1,"connect":209,"send":0,"wait":610,"receive":0,"ssl":217},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-6L9ZP3QXXM","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.251.142.232","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:36:37 GMT","end":"Mon, 06 Apr 2026 08:36:36 GMT"},"fingerprint":{"sha1":"D1:4E:DB:C9:1C:90:74:26:D2:F3:40:74:02:DB:66:36:23:CB:45:12","sha256":"08:51:D4:42:81:8D:57:AC:83:18:86:85:25:AD:F1:2F:82:17:60:A4:FA:C6:D4:09:86:34:D3:30:65:78:09:B2"}}},"request":{"raw":"GET /gtag/js?id=G-6L9ZP3QXXM HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 09 Feb 2026 01:36:26 GMT\r\nexpires: Mon, 09 Feb 2026 01:36:26 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 140902\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":415653,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5882)","md5":"d61fb4b9fab8c80fa72411d906a7ae3e","sha1":"ebb400c7f49d1f15bcf1a6716b382464260380ca","sha256":"68fcd9c708786a0ffec4c9ff69bf6d8eabb752d83c98137b2f99ad48ff5bbd8b","sha512":"f858ff18a8a0d142bc521b3a4e82eb74841311fcab7293b4d5c9a0881fcdec8635ac402e95b8b2a54c677e7765e29b299aef07a6d0bddaffb24c6cedfdce6c64","ssdeep":"6144:yb3hDpzzfRm81qbOqR51/48BjM3cp81Qj3AEFyFv1cKhB:yb3hDpz5mnbD/48BzFypB","tlshash":"f49419dd73c674224396f478503f018ba57b68a2f48cc899f18ac8e42d74a9a4277f7d","first_seen":"2026-02-09T01:37:18.592257Z","last_seen":"2026-02-09T01:37:18.592257Z","times_seen":1,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":62,"dns":0,"connect":8,"send":0,"wait":35,"receive":42,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-cf.cf-holiday32.com/cdn/tus5r4v1F/cdn_test.txt?1770600986648","fqdn":"tus5r4front-cf.cf-holiday32.com","domain":"cf-holiday32.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cf-holiday32.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 04 Jan 2026 09:46:28 GMT","end":"Sat, 04 Apr 2026 10:44:59 GMT"},"fingerprint":{"sha1":"1A:02:F8:04:F8:FA:3D:1C:16:45:3E:90:0D:5B:33:3C:2D:36:CE:1E","sha256":"EF:0B:A7:62:3F:93:4B:B4:0E:2C:B3:79:AE:03:A6:4B:CD:1C:87:63:96:CD:A2:AF:1A:31:A8:C1:9A:0A:F8:C5"}}},"request":{"raw":"GET /cdn/tus5r4v1F/cdn_test.txt?1770600986648 HTTP/1.1\r\nHost: tus5r4front-cf.cf-holiday32.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":115,"timings":{"blocked":53,"dns":41,"connect":1,"send":0,"wait":0,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/cdn/tus5r4v1F/img/j9-loading2.51168c46.png","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/j9-loading2.51168c46.png HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g0$t1770600986$j60$l0$h0; _ga=GA1.1.1066366896.1770600987\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\ncontent-type: image/png\r\ncontent-length: 5535\r\nlast-modified: Fri, 21 Feb 2025 07:58:22 GMT\r\netag: \"67b8321e-159f\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\ncdn-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5535,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 90 x 60, 8-bit/color RGBA, non-interlaced","md5":"51168c4644114358bd73855bf45ae284","sha1":"2f0d660a68eff13c51e1f15e7b0eca38767da006","sha256":"2a1dd01c5590c2351699d474c604a7055b1d104920d2a4a00d4e477ee3818d78","sha512":"665728f020de0586440995c513c30cde88fb077a70f1fe3d1bb8fc3e6e5003e881932069d49caaae987df48512482c6f8a0cda24d4ce1d77a8ec581eb9ecb8a4","ssdeep":"96:ExTUq3gFHiSX4+LF6V2eGRb1mfeH7wnIZDsN4rldCTIJY+NKTRnzRxqi2D:CTUqm6V2eGN137wIZDDlQksTRzRoic","tlshash":"84b17c3802e58ad8512cd88a90de83fd219b1f3f7f5988d9bc11d6e1094b16977c3685","first_seen":"2023-08-24T00:29:20Z","last_seen":"2026-04-03T20:50:12.365845Z","times_seen":396,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":216,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-6c84c516.9e31ffd1.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/chunk-6c84c516.9e31ffd1.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: W/\"69842f33-1c11\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1850\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7185,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7185), with no line terminators","md5":"e33b1382b54a66b322512495588147df","sha1":"576ecb3f5a40f03fb5a505d294890ea731cc0e18","sha256":"d8392e0182f1a509bb13332a1f374bd21edef5a44725253f235c159f30297063","sha512":"d704cbd3e64a209220820ca8c34cb5abd01e52fd6baaf4161a00bd46fa1d861da1c4a2bd0515e7586995b45cf4b9b118b7ac3a89c6cc9fbda5f2da2d896fa5ab","ssdeep":"96:whvB36mk5JENlMS+E2Bps/adPHbddCNP0UfrrHB6:whv+g2BW/RBHA","tlshash":"f4e1631579183015f1ffeaa0b0e06add5018e207c5c37a9db6d035398dab88f2e6b784","first_seen":"2025-11-18T09:12:39.187396Z","last_seen":"2026-04-03T20:50:12.28251Z","times_seen":285,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/hotlineicon.d2303ab1.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/hotlineicon.d2303ab1.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-2eb\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 747\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":747,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d2303ab1e96126ff69fb39fe66024796","sha1":"134a8679d2e9826d68ee277c0b9568e88147ce33","sha256":"2074e3a92287a67a301f6f524c72707eb852cc537958f1862b2a80dd2db0c740","sha512":"3039d0f03c80136bcec866277b02e3fe61227f5be869ba9ed99a2109d94582daf0d456ccbfc85ae8fdef166524839fa9421eb828a7ea2e67b6dbdf0cc216d855","ssdeep":"","tlshash":"e4019cf9c7d8c6e25583d334e117249ed6ae71e0d70b1684a174eadcf001dd9498dd85","first_seen":"2025-08-17T08:15:27.560147Z","last_seen":"2026-04-03T20:50:12.269445Z","times_seen":434,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PS-a.02eeed35.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PS-a.02eeed35.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-38b\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 907\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":907,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"02eeed35221ebfad8acc917a459b678f","sha1":"d591a01d22550b45038cb8b1c85fa85758bf7669","sha256":"63e526de45b056b6321676db740c65807fac96f102b61c80e770e09832f02e7a","sha512":"309fc23defc9979cebeed41f2a5dc77d54b26e88de6a8ee84adc2199ace7d2207b06f58c4d06a374c767add23e57bb6f374b8419f217ce5f618f89a42228e5cd","ssdeep":"","tlshash":"86114474e50864848a005334d827e50536f726ee67430ec4d5c527c2f4369abceacdc7","first_seen":"2025-08-17T08:14:45.136646Z","last_seen":"2026-04-03T20:50:12.293795Z","times_seen":445,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-fd96398c.4cf1dc69.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/chunk-fd96398c.4cf1dc69.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:28:49 GMT\r\netag: W/\"69842f34-2174\"\r\nexpires: Tue, 09 Feb 2027 01:28:49 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2243\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8564,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8564), with no line terminators","md5":"8bc286aa488bc52f3e3b8adde41cbf6e","sha1":"253dfbdd3795cc533613917dbaa0d4361b8ba9f0","sha256":"add6ef231ee39b82b36718f46d0a0ac181860c4a27d523079be93fef57057d1c","sha512":"dee79e476cb50a9736a28ca4d02287f60108c18a345552fbe6b7cf973fa9037889efc89bb45cf15e5ed00ce95752677df39ef08bd2d4b6fcfdeec3cc288fa820","ssdeep":"96:DuIUB4v6JP52LEru6JMSzx2MpxYamPhFUdACs0X3CqeDuk02LukITm5u4tUSJf:DuIUsiPswXP2M3YpGeDuk02LuXTw","tlshash":"6502229139c8302df377c390baa459d8111cf24bc3a399ac66d3fd194b8f086a55be8c","first_seen":"2025-08-17T08:14:45.187942Z","last_seen":"2026-04-03T20:50:12.395624Z","times_seen":529,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-history.json?1770600991829","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-history.json?1770600991829 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"695c676d-540\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Tue, 06 Jan 2026 01:37:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 1083\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1344,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (1344), with no line terminators","md5":"29190d2bef0f321b8952bf5d3604ddb3","sha1":"ce2c9267ffc41b98eec09d2b77c2aa2a63495089","sha256":"ba5139a7b36fd54e9e20d1656a886f14f1cef1475181d696451b67ce02bd480f","sha512":"a0e06d66955c6ba73379f714bb984bfba76f7fcba441ce0124f648abe7459eb676a88690bc405eb12d7cc85c064d3569f9683f6ffd3a1db8e4e04917950cd39d","ssdeep":"","tlshash":"3621fb066198ad0bf11c207ea5902cd762646087dc656fc89734cf0196552341dea36b","first_seen":"2026-01-06T07:36:26.166644Z","last_seen":"2026-02-22T10:45:24.968875Z","times_seen":88,"resource_available":false,"data":null}},"time_used":399,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":399,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/EVO_NLC-a.3c2ab786.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.479Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/EVO_NLC-a.3c2ab786.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-4249\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:58 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 16969\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":16969,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3c2ab7863139e99ccc2f35d7af929dab","sha1":"69dcbe3600f84f07bdd50dc65909ecb08aa3cb24","sha256":"49d4f44c01ee1afff357fdb504fc8280ac522e0649739ad2243c617f59b914d0","sha512":"f2c0639b56a470c73b3d57de5da9e3c3b5dbbfc63a7fc56eabdd9bc62f90da34f0a43879ff0603367375704d0f1824e030ab362e7e4fe7a9c01a0e9056f5e50c","ssdeep":"384:l/qaIlEZS5icDFtsIkkF+Fq/VBBXlDNxr+LsJMo1aLXL7oLn:+lYo8Iky+Fq/tXV+Ls2o1aLXHo7","tlshash":"3b7256e1e3ef63f4f107e390c5278035765328fa3d16ee5483aa9eaae44049d58dd887","first_seen":"2025-08-17T08:14:45.19343Z","last_seen":"2026-04-03T20:50:12.312849Z","times_seen":442,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/JDB.b6c69729.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/JDB.b6c69729.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-2913\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 10515\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10515,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b6c69729a56ff51c01a32d9d1e480e3e","sha1":"6996e888a5ea7e655ce1975845964cd58eeffcba","sha256":"bd0c7b051abb45623f119efeeace01bc4ecc15ab5befda1ed655dfa34e8f786c","sha512":"3b39b44a6ddf92301203a9438d6a798e8196abc2c1694ab3084a852c34f48c05a29434a5048f321c8f5bc8b20cf0911bcd2de5773aa85808fcf752ff8ac6b480","ssdeep":"192:IDhQmqOneXHZu8BYsyy51QNsLPau18t3s6lqzYZ9Fw3cqANjcIUYXTMjVs5i:IlQwMu8BYsyy51QqLPw/VNrUKMRr","tlshash":"e62283deb3baa1f8a40df7bdc36798743a931df92926c62856956c51c02401d0ebcc8b","first_seen":"2025-08-17T08:14:45.27534Z","last_seen":"2026-04-03T20:50:12.388157Z","times_seen":439,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PS.3eaec10b.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PS.3eaec10b.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:33:59 GMT\r\netag: \"69842f33-38d\"\r\nexpires: Tue, 09 Feb 2027 01:33:59 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:59 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 909\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":909,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3eaec10b6f0dee6173527c35987d76c8","sha1":"53136651e2722919dfdd32a92d8d5e43d8a625e6","sha256":"7209d953de902fb10d6a381d63bb360b9e2c30a236a2e8e8b7a01cc621da1ee7","sha512":"dab706a5d1ebec26b2e978f16325cc2759561ca93c67318aaf55e569de763cf1feb32359014ff32cbd87a1844f176131e1e5a5aec8ec2a08a285b57f1a284df9","ssdeep":"","tlshash":"b8111c78a5082484ca0093249827e40526f72afe63024e84e5c52bd2f4369eacaacdc7","first_seen":"2025-08-17T08:14:45.313259Z","last_seen":"2026-04-03T20:50:12.317745Z","times_seen":444,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/fengCai.297ff1ec.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/fengCai.297ff1ec.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:33:54 GMT\r\netag: \"69842f33-d06\"\r\nexpires: Tue, 09 Feb 2027 01:33:54 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:54 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3334\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3334,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"297ff1eca8542db246e57f1e4eb0b8ca","sha1":"569d2fd30c9401c35c5951097d73fd0174e17ec8","sha256":"4ae2b061336d55b9de4deb1cc15511e3a5371cd51015516c2c6c9b44b8a0d7bb","sha512":"457100c1f7d6a42a5720b40eb79df8f6a960efc236fcf732518bc49de0b8845b2c5bef02f8588b39b8cb7bc0e93b3fbf925f51ec5dc885ccc21f459503d40568","ssdeep":"","tlshash":"a36114f849c692e0b708cfb0a039adac7e5f3c3d3745865e614074e1d3b244daad585e","first_seen":"2025-08-17T08:14:45.143825Z","last_seen":"2026-04-03T20:50:12.340344Z","times_seen":495,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/webToken","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/webToken HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nSign: 830ec2c24629a80a6d025d0853349675\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: a07a2f502d0b51b06e34b68e1eb8e645\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\nneedEncrypt: 1\r\nContent-Length: 48\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g0$t1770600986$j60$l0$h0; _ga=GA1.1.1066366896.1770600987\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\ncontent-type: application/json\r\nset-cookie: JSESSIONID=6F5F04AFBD4548C849B365180C3CE695; Path=/; HTTPOnly; Secure; HttpOnly\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":515,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"abc41f1a22206dcaafa64a34cc7f967d","sha1":"7dc013c6dd54524bd58f9eae4a7652ac6ba9e4cd","sha256":"dec70509979e6f025a1df93511de2256fa4769468819ecb524cf00f7a9f9efe8","sha512":"8cf85905015798893d454a94991fae7638c09c7d14d581578c8bdf5a03535341387d18de378b2c8d790746b035c53cee74761ba3b393140a346d42dc8b73cefb","ssdeep":"","tlshash":"07f0c0078655c5cbede28ab3e904b35f95107c74b4558c94499b1925b0f945bf002480","first_seen":"2026-02-09T01:37:18.609453Z","last_seen":"2026-02-09T01:37:18.609453Z","times_seen":1,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":359,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PA.a9909b8b.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PA.a9909b8b.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:32:00 GMT\r\netag: \"69842f33-4f9\"\r\nexpires: Tue, 09 Feb 2027 01:32:00 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:32:00 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1273\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1273,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a9909b8bf042155c1eff69b71c64db4c","sha1":"ce0c164c7ba7404a5d5f0415661c04a0d9f3e391","sha256":"d3abc1feb5b1737a0e6fa06057c1753cc874681d9b9e692c8214e6ba63d05cab","sha512":"a70ce98842636ecd02d33487c326911f7e7a80c4c780f978739550e933300384d6fcf63afb40ff404684a304df67eaf73fe6fc7e5476525247ed35e8f9baa3e3","ssdeep":"","tlshash":"f4218468e3c912e1e410d725aa05b4f0305239fcb623cb5cc7d51a04eb5e4ad8a5c992","first_seen":"2025-08-17T08:14:45.044749Z","last_seen":"2026-04-03T20:50:12.409595Z","times_seen":438,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/3s_web_detect.js?product=tus5r4\u0026module=frontend_web\u0026v=0425","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET /3s_web_detect.js?product=tus5r4\u0026module=frontend_web\u0026v=0425 HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 05 May 2025 02:19:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6818201f-b2e9\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45801,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (45734)","md5":"5cc950966ae7e8d2e998fb2522ee26b0","sha1":"e2689bc69f251faa08fcaeec7abee7b1094005b2","sha256":"26c4604a8dfca1276fc0e5239c84e5788def42725ebe87c1862f9355f0d7920f","sha512":"ef2fe0ff8622cfa7503bf50de8d292f60808ee8be1709a39869ea9f01d5de0c8f79b07a47d67efecb61168d65ddc3497b64f15fdfcee56facc0934f9eac873a3","ssdeep":"768:N52s3s7wTspsksLhsN5AOzYGwDgWRb/AM07OTQpzfxe5qefp:NsojTQp2hIUgWp/AM07Tfxe5H","tlshash":"24232b9d718a7075437366e9273ff208b0756aa0240e8400bb7695853c74e9be27bfed","first_seen":"2025-08-17T08:14:45.281296Z","last_seen":"2026-04-03T20:50:12.31971Z","times_seen":543,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PT-a.7a16ba95.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PT-a.7a16ba95.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-1389\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5001\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5001,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7a16ba9540f552dc3c075f4e2e2f3528","sha1":"2a6803b13a7ae1b77c327188d535d22dce6913af","sha256":"4478d723334e772f0457ea4add1292e1845ef0f4da20fb409ab800feb1ab5c9d","sha512":"b82106cc876035f4deead6fe3a16ed6233b7e51445283c248e0e3d0e1e6729601e8e3c1baea02095e3e8c2862d6f29f172a8ff764ef097c7d21a2e2e60bcc6cc","ssdeep":"96:SW4SqtYNB42CLUruW/RxyyCBvT48Y2GwtUNpoQrCZ:S5242jJyyCxNDGwaDxrCZ","tlshash":"cfa164f5a7d4b3f4e005e3e0966988753b9b25fb7b32cf6847996ed4e71105d0488c90","first_seen":"2025-08-17T08:14:45.037501Z","last_seen":"2026-04-03T20:50:12.288015Z","times_seen":438,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/download.aed4b503.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/download.aed4b503.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/app.c9631895.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: \"69842f33-230\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 560\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":560,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aed4b503e40b518fa99ad0e06f83c384","sha1":"9cce8abf67d9bf632ad65e2266b092d7d9434739","sha256":"825a1af9c7f82942edfe795181f39ea1f58beb67b15a08478ad917827c639a34","sha512":"7b9a92824d250421ed58df968cab166ff10731d779da745b7dbb7870be1c57a1ab7badd5138f6a246c43bc347c7974b54064f2b3e4cae7567910393fbc5c989e","ssdeep":"","tlshash":"81f0813fdc5e9925da24c134889efda3205555a374cdc481f380db2774694d32e0465c","first_seen":"2023-05-06T09:42:13Z","last_seen":"2026-04-03T20:50:12.398963Z","times_seen":441,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-vipConfig.json?1770600991449","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-vipConfig.json?1770600991449 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"692d398c-dec\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Mon, 01 Dec 2025 06:45:32 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2756\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3564,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (3564), with no line terminators","md5":"168d9a1a28dddb6f21fcc7b246d0a4bc","sha1":"6823a1f9f501a0086a9bad0cf41ca8c94a9c3f45","sha256":"cc7d61f6534826da86741ef67b0fae8b494ab6526b9ba2ba3c0b7016254f0396","sha512":"a5a368a0c22b6226e4a880843b9fc4e04c158d9109b28b8616bc395578ade46f5d98a008faac3410f024a7acbeb4d7b2301f80b749daf1ad4ee0473f4cfbffae","ssdeep":"","tlshash":"e6716d0a0ae675e748f2b67b038cbc20931d1189cf9aaf0317c40121572ce6f4bcad31","first_seen":"2025-12-01T07:58:09.070678Z","last_seen":"2026-04-03T20:50:12.300343Z","times_seen":259,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-tryGamePopup.json?1770600991445","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-tryGamePopup.json?1770600991445 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: \"68ca6636-118\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Wed, 17 Sep 2025 07:41:42 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: BYPASS\r\ncontent-length: 280\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":280,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"82be577663065b1c82d17ce256c86dab","sha1":"fadd4ca67c473d03b77b8b7be0a2042d45c6ea29","sha256":"504c9b4d6c9606eaa9aa5767257c6e3947e5c78ae18296e1f13b80b1bbfe5b19","sha512":"444c656f7ec5ca89137438b25d0125cf466d95d435997bc7701a7d7831d4f62b5c8ee1975122658d880a7a69dd92f8054c811d176cab0cd97447554327249da8","ssdeep":"","tlshash":"f6d0e7031a2c7440cee13b2f00626d414c51d176507fea05585c63f4fc1870804ed160","first_seen":"2025-09-19T06:22:33.150328Z","last_seen":"2026-04-03T20:50:12.303808Z","times_seen":510,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":425,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/home/pc","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/home/pc HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: cba5687ec5cb90aa2ddf69c683780f7d\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: ceefcd9fe6fda525dad8c56e8bdfec4e\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 48\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:37 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":367,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"69948bfe23fcb2c28d7f34a33e67dd56","sha1":"49d202c12a120c3d19d553aee3753fba5733e37a","sha256":"9ddbacdf0dce81eb55155bde314567ab769801dc03284793f15f33704b041ab1","sha512":"ae273a3c161249ca39f61313d0109f215597ec02ef12f67b4cbd229040ea14b9a54c0a5cfb79db61c99d6c4215c9b3278e546284d13caf8314890ac8b2401cd6","ssdeep":"","tlshash":"b8e0c0db0c7de8c32dd1d3d5829b7687307179a555bcbca0d5eb382101ec46b22b8568","first_seen":"2026-02-09T01:37:18.616054Z","last_seen":"2026-02-09T01:37:18.616054Z","times_seen":1,"resource_available":false,"data":null}},"time_used":405,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":405,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/public/proxy","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/public/proxy HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 4fd199c7cc54f60b711a7de4c2b6cb54\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 52955e57cfa18ae03e49941a6873ae94\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 143\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":143,"data":"{\"uri\":\"/jackpot/queryJackpotAmount\",\"paramObj\":{\"activityCode\":\"FaEU9HeAXn\",\"productId\":\"H86\"},\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":196,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"28ad9b4a3094a7fee67c714521556ffa","sha1":"55c6fe6d56b6c3ebd0ea939e8c09ee0ec73a2918","sha256":"5853ca048ddb120625be2d6cfd223de61f324cf05e8d66ea8841b0dd84c32fd8","sha512":"9bf924b2f149f402f7c8fac9439aee251a142154c4c2caeb82fb3090e337e228dfe0a81e61696c94e191af8175859f3e12c2dc102861c3248edccfac2541a4a0","ssdeep":"","tlshash":"fcd022c55cfece4ab4e402b8c90623260070fc6150e9aa4c805be80c80f825e1012ea5","first_seen":"2026-02-09T01:37:18.617922Z","last_seen":"2026-02-09T01:37:18.617922Z","times_seen":1,"resource_available":false,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/public/proxy","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/public/proxy HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 3f9ad3325a29b350f1da098960a54dcc\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 60b3ee6dcac776f5091298abfd5c63d2\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 151\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":151,"data":"{\"uri\":\"/activity/queryActivityDetailByCode\",\"paramObj\":{\"activityCode\":\"FaEU9HeAXn\",\"productId\":\"H86\"},\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":496,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fa1aad7df1dc15d295b2c83351486298","sha1":"2b9273a15038b3cc6979c6029ef649cc1564a996","sha256":"412d5ba25c4b64b238bba463daa5806b880fa28ecfe59a8b357db839c6f64ac3","sha512":"6e0d9178c206d907f5e5b7749c32478ddd96cf1913fadc9ad031b1408caf6a72cf22b5c54e85146362feb68df74309a1bf72d48ebdcc507099b10f6e53040ba9","ssdeep":"","tlshash":"72f005538dd401512df34458ffb97b184b153c610a7cf1295c9d9335088d3392242657","first_seen":"2026-02-04T02:40:26.002562Z","last_seen":"2026-04-02T10:40:07.391416Z","times_seen":5,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-footerIcon.json?1770600991833","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-footerIcon.json?1770600991833 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:32 GMT\r\netag: W/\"692e5ecf-458\"\r\nexpires: Tue, 09 Feb 2027 01:36:32 GMT\r\nlast-modified: Tue, 02 Dec 2025 03:36:47 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 902\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1112,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (1112), with no line terminators","md5":"6c9f057bd3696de6be0fb4db7e2046f0","sha1":"f011873e05c9c41621769457a37de7d7ad28be27","sha256":"308f5c3e06bb8e4412555cd968fd192ead606083f26a07bea8624511677536fa","sha512":"29cb3c655321acd91d73b4fb4fe11a85bcb14b9aed070fbf30261306153f235d115e5904987c83cf9284899496eadf337447b3a29ff1700b57442764c54e15b0","ssdeep":"","tlshash":"d721ca406f89166c798166031be5f9a6753bf437331d07bf0cc307001f386a914de086","first_seen":"2025-12-02T05:56:55.05457Z","last_seen":"2026-04-03T20:50:12.422381Z","times_seen":230,"resource_available":false,"data":null}},"time_used":812,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":694,"receive":118,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/v2/queryRegularActivity","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/v2/queryRegularActivity HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 39a9bb49812da3b299f492500d4612ff\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 6d963c0cc74bce59a50df035498dfc50\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 122\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":122,"data":"{\"activityCodes\":\"daP6XVuuHX\",\"activeOnly\":true,\"displayEndpointType\":\"PC\",\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2520,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b3facefa11c06cdf5885da3b611cdc2c","sha1":"2de242c78c6045ee9aac046aa3bc3ed888b618c3","sha256":"ff8af8a26669e9f125679839e255871e2701cf79c296c17ff94b5260ecb3a7e3","sha512":"fec0e205213ce2cf525e02d780ad5c4547c1650ea3bd9831a56922a680cc7fbfb836045205e9ab5b91da5f43180e8e2a9a9f77afd2e6bb00aa4fcc0cd0f940b2","ssdeep":"","tlshash":"05514ae16838ae8dc28695bcc935f9069053b37f182d6620bf36fc51c8b421d641a17e","first_seen":"2026-02-09T01:37:18.623973Z","last_seen":"2026-02-09T01:37:18.623973Z","times_seen":1,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":454,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/public/proxy?jpRankDetail","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/public/proxy?jpRankDetail HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: c8c0edb8f9dc28c6ac26ee1137494da6\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 5ef01121cfa6e55b51623073c2aaa138\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 176\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":176,"data":"{\"uri\":\"/jackpot/jpRank/detail\",\"paramObj\":{\"activityCode\":\"FaEU9HeAXn\",\"productId\":\"H86\",\"gameKind\":\"5\",\"stateMonth\":\"2026-02\"},\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10053,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"aba3b4ebf226672a557f50a1e76efe89","sha1":"5084260626eadaf03366ea67960f82484e95b74c","sha256":"3af7aedbe6d5151afa284fa3bf56b03dc20249776fc9764c34e938182400d4b8","sha512":"605e29831a1696fbb51c7c832d512c6fc657261a832bee1156432bffbe6807cf736fbba9569872ea81a634152966c58eb86c566a2c5e5db706bd4d15852abf48","ssdeep":"192:YzwL1f0T2BOx+ar4PJfIsHVlX9Lbp1xtFfu0WRWyPCh+UudoHHeZdXZw846:YchuuOx+arxsHVlX9LF1xtVkowogqudj","tlshash":"2122aeefb78278081e4801e17ebbe66728cd64c4441f83d54a369e958daeef85513492","first_seen":"2026-02-09T01:37:18.626219Z","last_seen":"2026-02-09T01:37:18.626219Z","times_seen":1,"resource_available":false,"data":null}},"time_used":488,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/saconfig/yunwei.js?0.7559631152137632","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET /saconfig/yunwei.js?0.7559631152137632 HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:26 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 19 Jan 2026 21:06:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"696e9ce2-6be\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncdn-cache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1726,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"ed506b0118dc47ff469a51973a83a169","sha1":"c22d1bf3e4481b7873ea1e849ed6258c82db8603","sha256":"70ae8c907bc5cb499a1b824725fe3e039c8819c8f0af84ee91f8006a84504315","sha512":"add8c741ac9bf7a4dec49315e4f86c0048412d5fda4f42d44eaac9fc178504b91c1d72237919f78dcc837b0da04bfbcbb06e5d59bcdba2ea4a74b751398a12d2","ssdeep":"","tlshash":"b03143ffe3620841934bdb85f5af3d1ec5d6256d89c8f0a5e4fa848886a905144873d8","first_seen":"2026-01-20T15:59:23.650557Z","last_seen":"2026-03-31T12:53:09.577391Z","times_seen":150,"resource_available":true,"data":null}},"time_used":220,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":220,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/club/toChampion","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/club/toChampion HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: c3acfd4797a207803d185cf4ab0cc244\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 00fa0e488be4d690012605ebbda38bc7\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 48\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:36 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":112,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"eeb9f7df55871a8c76a8e73c2c024e58","sha1":"8cc738ccc05bed958a40b9ac4ede75191e020eab","sha256":"142772434d4948bf63fa1a36a9adaea26252dc3d744630267b2810f0577efa08","sha512":"02ba0cb8410cd70d08ac3dc2e7818b16897f64493acab9e0a761ac25087dc2c960481b1b5a2d05d4926352552b2326e76439994657813f578d319d016a48c416","ssdeep":"","tlshash":"c9b012d91cadcaa3fcd202f48a4fbb621030f56971f8e54c400f752e00f51291090ae5","first_seen":"2026-02-09T01:37:18.629611Z","last_seen":"2026-02-09T01:37:18.629611Z","times_seen":1,"resource_available":false,"data":null}},"time_used":437,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":437,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/init","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/init HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 51a6c374acc7a000282735c7be001104\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 4af321800fe296065223a5b5cb5695ff\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 48\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:37 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3160,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"33378b59ce61ccef4bf044d6c5fc9d8a","sha1":"e9bcaf02c89ffb8b7b37123c9b7149b1cd005946","sha256":"fa8a0b8fc4eb6100698477194bc19413dd6ff62f610964f0c2910d95287428ac","sha512":"c72ef8049fa75a045ed4b9cbac5fb73ed904799ade4c11fb6db39d9b18ca7488eb6372eaeeff58468afe351ab38e8be03453e58c157ce7750cbf42a8d20491ff","ssdeep":"","tlshash":"0e517d457cee654178a78ce96ca656e78243472509f1770db42de279109d10cefc1dcf","first_seen":"2026-02-09T01:37:18.631887Z","last_seen":"2026-02-09T01:37:18.631887Z","times_seen":1,"resource_available":false,"data":null}},"time_used":580,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":580,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/CS-title.892ce014.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/CS-title.892ce014.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:29:04 GMT\r\netag: \"69842f33-1cbd\"\r\nexpires: Tue, 09 Feb 2027 01:29:04 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:29:04 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 7357\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7357,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"892ce014fe7779c6c77093ddfcd3011f","sha1":"5ad345d481300344a5d9fa776286bba3cb720cde","sha256":"2f2cffa6c5cdb1d82597faa0f3977c75ee5ece407184d4eb2308d86ad7995973","sha512":"b5b64a7c338cba0eaa662dc42f1eceb3a5807eb9758e898524f9051f8563c8a28d81d32ebb4f341012115b0ca0f2e8097c32f73fcd5c29899b2c061c83007ab8","ssdeep":"192:05+PhO9Yr2f/Or1hJImkirpKZvn3okAl4US+STS4StS6Sl:ThO99/+6mktn3PAl4T","tlshash":"bce1b5b7b6aa66e5f404e7f0ca628435311e1cf7ba45c278c364bd2bb9a50cc9d19cc1","first_seen":"2025-08-17T08:15:27.538161Z","last_seen":"2026-04-03T20:50:12.261812Z","times_seen":443,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/MG.06736349.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/MG.06736349.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-661\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1633\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1633,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"06736349d09ae1db2594a2e7798abbc5","sha1":"f9d9f2e7593cbb670d4f94a716d104d1a416c5e2","sha256":"531be3d2da1fe9fd897437645fcc4845974b68e97350664b3e37e1a6c04ee12c","sha512":"ae6eb5b8503c8149ff1280b1515da1ab51f1f084d56418d12380cb79d1e43a879f3af5ad4f2b3c9e131005cb71b5e111cbb3a240e722401362e3e1a5e7c14376","ssdeep":"","tlshash":"a73114b053e9f2e4d109e3d1d22b5d3677532ce97b35ce2c07d55d11952605f8458ca1","first_seen":"2025-08-17T08:14:45.203172Z","last_seen":"2026-04-03T20:50:12.325418Z","times_seen":441,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/left-arrow.deb6cbfa.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/left-arrow.deb6cbfa.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-05550dec.c297abfb.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:53 GMT\r\netag: \"69842f33-305\"\r\nexpires: Tue, 09 Feb 2027 01:31:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:53 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 773\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":773,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"deb6cbfa7109d4175ab3361de9f943c2","sha1":"98f51798e1bc5752cbb883c53234895a5ae53924","sha256":"023d6ef739d58c46ef364414f367a351f82b24af1821976a829db2daa7d3fa80","sha512":"1a4c2a3b26c2d8bd255278f9e77bd5339b5b3f1e4d41e762559d5d455e065d0c1fdbac6b36174a3d1864ed6ceea501bf1a3da27293e63a0a3f042f555d5ad6ac","ssdeep":"","tlshash":"d701d0fa7208b1d89407c7f1d91eac62949f78f61d8c06f045c44b9ae515ce1cdced84","first_seen":"2025-08-17T08:14:45.036424Z","last_seen":"2026-04-03T20:50:12.324755Z","times_seen":498,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-6bc21bda.d4da6e7f.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/chunk-6bc21bda.d4da6e7f.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:28:49 GMT\r\netag: W/\"69842f33-2026d\"\r\nexpires: Tue, 09 Feb 2027 01:28:49 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131693,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"729701f9fc885349ceae835b456573d4","sha1":"2f3b67fae486248b8caa1d28a2ed0de716437044","sha256":"00e52ee90ee206339be808a7f73eae2e36bb6ddf6adab5aae19e7f1e0a3d11d5","sha512":"39deba3a6e6921aa6853d0d8d02f75ffaaa4da7276cbc8aad41cfd48675673715add4670f8cf7d1ade2f7a85a5cbf94f28384d7873ba0b12e92aa33aff5a3926","ssdeep":"768:sRf6XiibZuD1IByvMqNraVsLp7NYFkwFb+u/iSSTA3aaC/ZHeBRUxq2GvBkvUKgV:2MKrmRUx/ZgCQyetY0","tlshash":"a2d3e825711d3829f577c2b1f0e0ae5d2529f307d5039e6da266372a8e9b0db3a723c4","first_seen":"2026-02-04T02:40:25.960756Z","last_seen":"2026-04-03T20:50:12.353314Z","times_seen":126,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/remove.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:28.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/remove.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:26:42 GMT\r\netag: \"69842f34-e5\"\r\nexpires: Tue, 09 Feb 2027 01:26:42 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:26:42 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 229\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":229,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"704cdfc987eccec9feff30e2913d2801","sha1":"ac07468ca10534128271b5d5c9a1ebc64c06ea17","sha256":"a0d27bab1fc3fd39017be7fc21a7aa0f7850f7805182988e190985c5e2eecdbb","sha512":"965520cab461040565f951e05697a577a1455cb686cbb97ba4c95465568db09d626fb35a602c50fd2ad7c726436a0863eead9d4aa2607085c756589d122340c5","ssdeep":"","tlshash":"fad0a77931a6855627c11d34b429950c3fd436034c4ad1b037090133c960fd430f34ef","first_seen":"2023-12-07T23:22:38Z","last_seen":"2026-04-03T20:50:12.420392Z","times_seen":542,"resource_available":true,"data":null}},"time_used":1767,"timings":{"blocked":517,"dns":1,"connect":257,"send":0,"wait":722,"receive":1,"ssl":265},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-egame-2.json?1770600991828","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-egame-2.json?1770600991828 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"692e5f2b-1358\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Tue, 02 Dec 2025 03:38:19 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 3808\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4952,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (4952), with no line terminators","md5":"5c8ace94ec2b977e29c12d5f3316dc88","sha1":"d85a3c1107bc3b5fe1b1c051196784d62e169a50","sha256":"638e6283c928c5444761a27308c7dcc7bd8a01aaeeabbac31f8ab4c5121191ed","sha512":"cca3f98e331b9509808ecc92282dbc3a07052be32c12b20ea7e0e3f66b7ba9bfdc858b15f5772aacf80282597c49885fb33ff30b3b9da05507fa650a616fc5f9","ssdeep":"96:Sj+v+TFIjqQCtDIczkEq32wTxqG8/J9/M0ot23hMkgDYKOOtI+bxTatLsK+XgEqe:SSvGFIjOl3zkz2kIG8R9Lot23S0KlS+j","tlshash":"66a18d4e6bc21f386378c755801370eff8a11e5f46ba997bef188128c18795c06f7a51","first_seen":"2025-12-02T05:56:55.07188Z","last_seen":"2026-04-03T20:50:12.416124Z","times_seen":231,"resource_available":false,"data":null}},"time_used":404,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":404,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/loading/J9EN.svg","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:25.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET /loading/J9EN.svg HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:25 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 21 Feb 2025 07:58:23 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67b8321f-1eef1\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":126705,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3adfa095cd28f500b524bcc2bd649335","sha1":"030f87f77273739807e8946f0e8dde2bd0148558","sha256":"ee1ec5587b0b479adc6a4d63c2b682e188a40843e8288410e806cda7e0c2ed20","sha512":"60c44ca406a651401468544ec85a2184a7fd5ec654dafb5c9fb97ae22590141b48e085582698c26f85e1f5e3583e40cf423a298e8d3717d18d696f53b99182bf","ssdeep":"1536:eV82EDNWhXfzaz3ju3GDqVpYGnhoS2mQAvs8pPnoIfn4IDWF:A5o","tlshash":"20c3b6eeabd569f0f046e3f5ea024468720b68bf7fe2cb25c3995e89751149c880dcc5","first_seen":"2025-08-17T08:14:45.318418Z","last_seen":"2026-04-03T20:50:12.359551Z","times_seen":536,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/game/queryGames","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:38.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/game/queryGames HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 63c3e0eb79c7989772b558c79f4df0f5\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 2473334e886f255fe923d8c364a4ac0f\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 48\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":58288,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f06dd3aeca3209ded4719a8db95a9933","sha1":"ff2bed17f3bc63063eb1656388a37351b0001bd8","sha256":"a3ce62d941151dfbc00d41bce9e6dec2b69b30f4943da553100606b1b3673af8","sha512":"b64b0df51a7b5a80d0d2ea9878831b235eaf88dfe5006350ce0553bb10c018db8d8a4c08015757135a3ff55b8dd37fd18aec822055f83754d9f2ef1b0818036f","ssdeep":"1536:LFSUkEiwyTvEWsRwvxuM0JrDpSv1VdvtYT4PoP:7kEiwQvTvwsv1VjgHP","tlshash":"03430226fa79967cc1f374a15532c060e6ea7ffac60230108b54f5ee4d1866111bfab3","first_seen":"2026-02-07T16:09:28.63484Z","last_seen":"2026-02-09T01:37:18.642153Z","times_seen":2,"resource_available":false,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-05550dec.c297abfb.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/chunk-05550dec.c297abfb.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: W/\"69842f33-25de\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2290\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9694,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (9694), with no line terminators","md5":"18afa03cdfb131615edc8f82dea9a264","sha1":"63331928e303f124f06d086e829a01bd839a3410","sha256":"ac2dc7a894e592f124986170431124fc282530777e452b32723858ec0bf71f95","sha512":"dcc64142894e336ed1048c07181925871114e74675f75ef6ab21ae6a57c26969ea0c49f54dc5624aaf8471fbb88d72cc1fd3222b336b424b620427aedf54ee17","ssdeep":"96:8ljBv655tEB5MSuU2Ckpon7aJfX7Dd1Ct0OADFDWOFNVjw8sdADOk/B0y:8ljaw2Ck+n7IYWhSOL9JUS","tlshash":"ab12ed12b1cd9275f873c2f8e4e05519641ca633cd022968a173271bcbabfd6277634b","first_seen":"2025-11-28T04:45:37.470448Z","last_seen":"2026-02-25T22:42:00.05977Z","times_seen":175,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/Headline_new.5b360167.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/Headline_new.5b360167.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:52 GMT\r\netag: \"69842f33-e6d\"\r\nexpires: Tue, 09 Feb 2027 01:28:52 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:52 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3693\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":3693,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5b3601679eb3b29cbcf7e3fbace700a1","sha1":"7042cbec86620c3c63adfd00858da25de6d7a0f7","sha256":"9a96ed1f52ae681e3b451d5a6fa60b148c2978bcd46f6c93dcdbbb00202757ab","sha512":"3815c6988a078185818554472ffa02bbceb25006c916f6e5240500894cac8efde0e80f18fd550a5f08e8e6ae872139da31c797f0f66721969595bd17de74f95a","ssdeep":"","tlshash":"f37196c9f3e092e0a506abe4e2361474b63730fbb672caa542d72ea0e61705c849dc51","first_seen":"2025-08-17T08:14:45.191042Z","last_seen":"2026-04-03T20:50:12.361306Z","times_seen":497,"resource_available":false,"data":null}},"time_used":389,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":389,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/constant/query","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/constant/query HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 11b2c876b292b27e2814536576437896\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 6ad20acf333822f6c41f317aac76ee88\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 79\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":79,"data":"{\"keys\":[\"CHECK_GAME_FLM_FLAG\"],\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:37 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":132,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"492f7b7eea5f1f5f34102c33874cd160","sha1":"aa2c7c465d7d1ab853699117ad950274a1a19e00","sha256":"47a755d6e97cc86c458b9f88707e128340e41586e1e1eb403cedcf1083cee17b","sha512":"199263b0691995ae13ed9d4d5546080078e9cba2701f5785d5044e76aa2a0c4983b02efbbe3252a84f713767940d796bd3acf2c83564bf40a67d9aa4e70ff3b6","ssdeep":"","tlshash":"d1c022c08cba8282e8c3caf88e0eb2222030b2b2003cba08080ea03a00e822c2200000","first_seen":"2026-01-21T19:59:48.852087Z","last_seen":"2026-03-25T21:48:01.403657Z","times_seen":7,"resource_available":false,"data":null}},"time_used":432,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":432,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"ips2.io/ws?\u0026appId=bd7581fc17544a0490def97bf62d9707","fqdn":"ips2.io","domain":"ips2.io","tld":"io"},"ip":{"addr":"154.38.220.33","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ips2.io","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Fri, 11 Jul 2025 00:00:00 GMT","end":"Sat, 11 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B5:63:DD:3C:A3:84:AB:B1:43:27:6E:D9:B7:64:07:7B:E9:31:70:2C","sha256":"D5:DF:A9:56:F9:E1:89:B9:8F:F8:DA:ED:38:78:6A:D9:10:2E:CF:24:EC:0E:3F:B6:D9:C2:A0:85:6A:8D:C3:33"}}},"request":{"raw":"GET /ws?\u0026appId=bd7581fc17544a0490def97bf62d9707 HTTP/1.1\r\nHost: ips2.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://www.j9bba.com:9300\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: fVBmRs1KIRVR50qmqZxn1A==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nConnection: upgrade\r\nDate: Mon, 09 Feb 2026 01:36:39 GMT\r\nSec-Websocket-Accept: gWzd+Q4GUYWWEVBhm5ecX1ORs0k=\r\nServer: openresty/1.25.3.2\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"OpenResty:1.25.3.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":2520,"timings":{"blocked":0,"dns":857,"connect":1116,"send":0,"wait":270,"receive":8,"ssl":1126},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"ips2.io","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/Arrow-expand-D.625933fe.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/Arrow-expand-D.625933fe.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: \"69842f33-e2\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 226\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":226,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"625933fed79d0dc8004ecb346702820b","sha1":"dbd5e7b068e2f415070383081aeb261372949439","sha256":"11bbe8556fbe69c387a35ad99543d6dc000c31d1462f1b017740d5d265014779","sha512":"7dfad04f45f07106b8d7a51f1ca0be33dd8f41285f38461ed4abcee967ad7466982b38e935f0b6bad0236636c0029b051e318d8fe62e760d646f61e800bfbfea","ssdeep":"","tlshash":"add0a773726cc415ce028102e53ce4d550d675f2c68d0081d540396cb0459d71e1dafa","first_seen":"2025-08-17T08:14:45.214271Z","last_seen":"2026-04-03T20:50:12.272293Z","times_seen":501,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/constant/query","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/constant/query HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 79751120be5c5a90ada1c8e4a77a84a2\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 5d3e4c8aeafff9bad86fd71744fd03e1\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 79\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":79,"data":"{\"keys\":[\"CHECK_GAME_FLM_FLAG\"],\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:36 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":132,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"66914e52e5a1fda2351c8d8ffa1055bc","sha1":"12a2f712cb131b2436a99c621a3fb4859f94eeee","sha256":"2cc98068c030ec295fe8106f390e643069a0d8cf43d316575fe2271235279688","sha512":"e3599e7d21b10ec5503192c6ce720f224d6fa2d9be14054e6c835b83efbd3889f8d61a9050dcbd7e1ee95f87514d77d065198c207eb370464efc2f169e9eb1c3","ssdeep":"","tlshash":"c3c022c028ba8282e8c38af88b0eb2230030b2b2003cba08080ea83a00e822c2202000","first_seen":"2026-01-20T15:59:23.56048Z","last_seen":"2026-02-15T19:13:56.322158Z","times_seen":5,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":425,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/Index.aafc0cf1.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/Index.aafc0cf1.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:35:47 GMT\r\netag: W/\"69842f33-d9f2\"\r\nexpires: Tue, 09 Feb 2027 01:35:47 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:35:47 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55794,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (55451), with no line terminators","md5":"754ff9f2a9969aca7803592c863d0f78","sha1":"1de1c339d4c85b2216c0e400f3dee7d0ede8185b","sha256":"e3eefb9f4e0d1d439787d2102c9c5b49c7a2fddbeeaa10c00c414eedb67fe372","sha512":"f37b7381ed2387154c01475e84ce7cabcf97ad7f59e8636ca126a82a8cdcc5199dc41dafd5e4c7d7bdbebe7119890e7884e755f1be9911d0aa9c85423768e569","ssdeep":"1536:xJOD9qra2Hk5VzHepUzO8Ls9NOjleIBEnr62qptpF:xJOor46UK8Ls9NOjleIBEnrfqpt3","tlshash":"eb43e64bf686a0b41927e1f1541b2612b1392e886258c88df739dec1dde8e6d131fb3c","first_seen":"2026-02-07T09:57:53.836056Z","last_seen":"2026-02-10T09:34:26.130345Z","times_seen":6,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"datalc.com/","fqdn":"datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T01:36:22.132Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: datalc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nTransfer-Encoding: chunked\r\nLocation: http://www.datalc.com/\r\nServer: Nginx Microsoft-HTTPAPI/2.0\r\nX-Powered-By: Nginx\r\nDate: Mon, 09 Feb 2026 01:36:17 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":766,"timings":{"blocked":255,"dns":0,"connect":255,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/DL-Android.08212dcd.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/DL-Android.08212dcd.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:18 GMT\r\netag: \"69842f33-5aa\"\r\nexpires: Tue, 09 Feb 2027 01:28:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1450\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1450,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"08212dcd5860234916003bd227781cb1","sha1":"ed76b1762c7ae357909ed131540158817b01d2cc","sha256":"5ca2a582d1db15407d4889e0e473f1c97f174c5fe9518d75cfba87e18c7bf588","sha512":"cf03e867704716022828b6bb838bf7fafe0110fc6056e17fc9710b803e4445e179f75fb9039ea821fc85853d982b67bba0201a1fa3c7c0f1ce6cb88d5098e67c","ssdeep":"","tlshash":"623169f95ac153c85453ab1cb839bc25989e24f8bfd84de9814ad9f27db0ae158cc8c1","first_seen":"2025-08-17T08:15:27.517938Z","last_seen":"2026-04-03T20:50:12.372163Z","times_seen":427,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":227,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/version/versionControl.json?1770600991371","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/version/versionControl.json?1770600991371 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"698840b5-4240\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Sun, 08 Feb 2026 07:52:21 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16960,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (16960), with no line terminators","md5":"681b9f91d5cb0edaa59c32afc1782027","sha1":"61d414c77adb254e259ce7c8e4f54da1db0cce7a","sha256":"b8de4073f20945f35f609fdbde31f48bfdf2216fac231556a1e770ccb2f14133","sha512":"e949d4349dbe8f9635e44478d45cacf4c3928a5847864987955930329e59c386d4da4e0a7007bb2f2a38fe4ddb830c5f6aa6aa3d314d37f8fc3b221619dbdead","ssdeep":"384:ljX+fdNXM3wRXhiVHG/S3VBVYNxChDbtWgvZAGDopORUO:laDXMyGGaFBVY7yDRBLUO","tlshash":"0372dff66fe51b2a0648a6f1dfbe1369570aa325b484e4ac2f5cf006877b47240cb375","first_seen":"2026-02-09T01:37:18.651796Z","last_seen":"2026-02-09T05:17:44.961455Z","times_seen":2,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PA-a.42471da7.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PA-a.42471da7.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-967\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2407\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2407,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"42471da7c8e18d8b7869c646f151a0ad","sha1":"3af4428d2036b33486ea5196ff8396be9740f8c0","sha256":"b3c906f2c015b5da124fe087f8a359cd3a6af6c18d3d6b1487d390ceec46409e","sha512":"a69f2eba9b60fd5f3a5c66a88c7b97f859eba762a291da3f295dfdec7b6ead8bad5f977999f1335113dc65a40f00253485be4d479f4075136d3280d8a2924125","ssdeep":"","tlshash":"a541517bfbcae9b5d348e398d5408839301a00f7b891c5c142d0ff4aa6221cf06ad5e8","first_seen":"2025-08-17T08:14:45.322962Z","last_seen":"2026-04-03T20:50:12.304906Z","times_seen":437,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T01:36:24.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.datalc.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:25 GMT\r\ncontent-type: text/html\r\nlast-modified: Fri, 12 Dec 2025 01:57:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"693b769e-f9f\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3999,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (470)","md5":"181b34b9edf97bcc91dc55bcb690e6f2","sha1":"9b3de92319a307657fe6d57112bcc1cf9ddcd0cd","sha256":"8d66c88fc9ccdc6762040720996cb37c3ea9acc6d3da24b2fd4374d8371c8431","sha512":"834c95d5235b13765551ae34ffb315354897658a2811788766b553bca89665332338828913d4ee1a70cbd6007e3fd9405dfafb192a15bf36c3998608f1ae2318","ssdeep":"","tlshash":"6281d67542fa99cf500312e60ea4c298788d8f57b671c990b6bce09d6f81e9e4c63e34","first_seen":"2025-12-12T06:35:11.468927Z","last_seen":"2026-04-03T20:50:12.387562Z","times_seen":254,"resource_available":true,"data":null}},"time_used":2070,"timings":{"blocked":925,"dns":394,"connect":215,"send":0,"wait":220,"receive":0,"ssl":311},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-mainGamesPC.json?1770600991822","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-mainGamesPC.json?1770600991822 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"692e5f0e-a58\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Tue, 02 Dec 2025 03:37:50 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2072\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2648,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (2648), with no line terminators","md5":"4ca02cb6008ebc19fb52f63494c7529c","sha1":"9e32beec49368146ef26e8296ef860384819bb71","sha256":"8b637868f7677d8afbe78f0825d115a7a7a45baa5390591d30fb290a7d418f91","sha512":"42ee82f11761aa849579903860c8780f9655553bd072b01802d1044e8ef0feeeb8ffae50125ef58d168bfe376fa3525b6486203f580b30b815d97a5e3ac6bc7b","ssdeep":"","tlshash":"f1513e14ca3606d647ebcc32f76006ed492c75d92fd6b5b7a894b4c5782bc105c47431","first_seen":"2025-12-02T05:56:55.058126Z","last_seen":"2026-04-03T20:50:12.402808Z","times_seen":231,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-egame-1.json?1770600991828","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-egame-1.json?1770600991828 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"692e5f0e-1b6c\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Tue, 02 Dec 2025 03:37:50 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7020,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (7020), with no line terminators","md5":"49dbc150cd18aeacf0bb4e90ad00ea69","sha1":"239dd90cc90ba23d60254e73703fb14270f3e177","sha256":"4bf0046849550a569516c6a0fc92f44713e3b71342b80c336aa47110e3c1c2d6","sha512":"c061601e888234a7707ed46cecb4ec997af798953f48dd2f7a36df2002acd66e9a816a8a5882d570ed2ed9bf24339e374131b23bbe610a2954336c619e91e910","ssdeep":"96:velE6xQ0qw6yKv7vXvIBT+DmpMID/kd9Re1vgF2XaK/TgkmqampjTqpKUI:velvxJqwK0xtMIQPnG/kN7pKN","tlshash":"17e19df69a73652607a6dfacc69a8c333b0f5916ba28390303916ddad04d21d11b1dc8","first_seen":"2025-12-02T05:56:55.050409Z","last_seen":"2026-02-13T02:48:27.938011Z","times_seen":145,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":407,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/constant/query","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/constant/query HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 059e5e2b10d5a575817e70e8aecdf0c6\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 54a5826a09799e952d9083190b7f5d26\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 71\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":71,"data":"{\"keys\":[\"HEJI_DOMAIN\"],\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:36 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7472,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2e6122e6a0dfdf775b3844cbbc732f0c","sha1":"a25c2d7e4848729cc6ec82d748fd3c257828d067","sha256":"8dfaeadc435001b310feb03469a02c30902f1ad01c577512f80a7b2ec96a6bb2","sha512":"518175bca118ec1b2484aac218b79e9a87e05be73b3ac90ba0c91966eff61a12bb596320921cbcb045489ada8eb035f5b6372e664b808fb69e3da97659f7ae3f","ssdeep":"192:uHXyxrLWjWW2AVmCrNwfQ1p2/CryH6HMqYiV:/WjW2uwo/HUV","tlshash":"41f1afe102b7cd773f4846cdd97aa0a086e0bdcd40317774e851a18021f8b97679e5d4","first_seen":"2026-02-09T01:37:18.657405Z","last_seen":"2026-02-09T01:37:18.657405Z","times_seen":1,"resource_available":false,"data":null}},"time_used":465,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":465,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-headerDropdown.json?1770600991730","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-headerDropdown.json?1770600991730 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"69733558-756c\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Fri, 23 Jan 2026 08:46:16 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30060,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (30060), with no line terminators","md5":"39fbd3f39bf477119be01c2f18a97843","sha1":"29f628263f380413147ae5cc103b2d2110e2ee10","sha256":"a4bd03dc003fc344441e4442ccf2899ce47e7f5495d8922be4d491b1df882710","sha512":"495c1e224bc264dcac8568ee276da02ca8c7036c8aa52640a89af68399f0c486a5c10c2afac8df98eadbba22d1dffec2674a2eb0b7cbeb23701bf4574cd743ee","ssdeep":"768:9J7fMFEnbx/3JIQ9kxKfdJJX4HdmplY9EP85veZLFVTyTR4s:9J7fMFqlRVmx+dJJxPY9PEVG","tlshash":"aed2e01290bb644cae589aaafc1d5901268bfefff89df0086d40b9d97245fe87540d8c","first_seen":"2026-01-24T18:38:15.815006Z","last_seen":"2026-02-10T09:34:26.126649Z","times_seen":22,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/SW-a.d577f02c.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/SW-a.d577f02c.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:33:59 GMT\r\netag: \"69842f33-54e\"\r\nexpires: Tue, 09 Feb 2027 01:33:59 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:59 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1358\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1358,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d577f02c3537527f2a537e8606939053","sha1":"4591ab0e969c77b3bc46c08fb7d1ddc9aa68d7f8","sha256":"d26b445e8ebfec559166524d419bfd6f7e2ae93b002133c428cdce2b3619c7ab","sha512":"aebf97db226bc47d373352072577f489046d7a03a1747a9a86e11f131d4448cc1da10d15decb874ba54a5f485f8b9569a067c2aa27fbf0cef4497ab27c14ca89","ssdeep":"","tlshash":"172153e6b3ac4344ea05cb608315d6b23b372cfe2325c64862da5d11a1e856e88ccec7","first_seen":"2025-08-17T08:14:45.235025Z","last_seen":"2026-04-03T20:50:12.334947Z","times_seen":445,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-cf.doefa88uid.com/cdn/tus5r4v1F/cdn_test.txt?1770600986648","fqdn":"tus5r4front-cf.doefa88uid.com","domain":"doefa88uid.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.675Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"doefa88uid.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 04 Jan 2026 12:48:55 GMT","end":"Sat, 04 Apr 2026 13:47:36 GMT"},"fingerprint":{"sha1":"E0:D8:6A:D1:8F:28:F4:D2:ED:70:BE:2A:75:67:1B:4D:CF:01:DC:FB","sha256":"BB:D9:49:06:48:52:35:D1:46:5D:87:22:62:57:FB:1C:FB:50:8E:44:D1:3F:2C:94:55:58:45:53:28:D8:93:28"}}},"request":{"raw":"GET /cdn/tus5r4v1F/cdn_test.txt?1770600986648 HTTP/1.1\r\nHost: tus5r4front-cf.doefa88uid.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":43,"dns":27,"connect":1,"send":0,"wait":0,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PG-a.331867f2.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PG-a.331867f2.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-1769\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5993\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5993,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"331867f220975cd22acf3a8ca9876885","sha1":"32e13bb5996e2aa24271bdd6b641cc2c3bc4b169","sha256":"4361bcb53a5d6696f370c2f21bcb58174564795c4b626120ffff66d1f2a0989f","sha512":"b62da573b30481c34f1165f1535b91254d596ee36a024d49272b5aef2114b1b89b4904744560cbd9c92f5beda5a7b7b85de43c711a059f3f947779307af76566","ssdeep":"96:vbXnFRzLU7qtO8+eBwYryTnMEC9YnckSI8C6qstaCUv/q14n4t:zX3UQB+eBwYryTn1nTSI89qstaDGt","tlshash":"5ac112c29799f1bc960c9b69490ab678703374feb732c39ccad32723646a06a4919dc5","first_seen":"2025-08-17T08:14:45.306523Z","last_seen":"2026-04-03T20:50:12.370389Z","times_seen":438,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/proxy","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:38.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/proxy HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 1a0bf85b4b867cedc81e832f72d5650a\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 1f6e7d7ea0f77b2546663a4c17af7e34\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 233\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":233,"data":"{\"uri\":\"/dynamic/path/process/inactive\",\"paramObj\":{\"activityCode\":\"N4hhyFhyMr\",\"productId\":\"H86\",\"loginUiCurrency\":\"USDT\",\"url\":\"/N4hhyFhyMr/inactive/query_task_detail\",\"loginName\":\"\"},\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:39 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2544,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"15e03ff5cedd9382568cb397b5a640d5","sha1":"a5efa5cfc36d9eaccd4b110aa438bd984106bfa5","sha256":"accee89db7b9fc05e79afc79bd799dfd348f050d9da74fc6bdfa483530275832","sha512":"2e53dc5b78a8f9317a1e60a80c19360f36fdd4171b5a422482611a9e19176d468e7f9ca604fa8200503318eb03e744e25bb186fde43b2b6b0912086864d5235b","ssdeep":"","tlshash":"d5511cfb1d2218dacaeb41ad62ba91b314327dcba42ca14446a74eed947419c8dc8879","first_seen":"2026-02-09T01:37:18.661168Z","last_seen":"2026-03-25T03:25:51.586522Z","times_seen":3,"resource_available":false,"data":null}},"time_used":396,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/5G-a.a93bca2e.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/5G-a.a93bca2e.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-48cc\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:58 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 18636\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":18636,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a93bca2ea08d35a32f904bba9a4b035d","sha1":"9300ab25ec1856cba7a9db34ea8d8de3cfe4fc35","sha256":"ec82dd125321ab1edb2cb8a1992c88373ad3cbe7a0b2dfa2d460d1b837f91642","sha512":"b5dd8cdcf16a4128a409a6828ce6c1574aa4ce7caa371b1b4f7338ac8229e78567b0c39406ceb16415e95a1b65cbbe0abffe3b099dfd1a2fa6ce8a34c84439c0","ssdeep":"192:M5YiPSK1cb3GsHcoGLs2padjsq07IL3H3q42l6zfx/3AIWfcae/KZHcU1X7eTMP8:M5YKNsHco4sXN33C05//PzU1LhIsAIE","tlshash":"258252d8736a60b4f806a3e5c797a4361da22ce87510c4988fe86d13ed6540e0ee9ddf","first_seen":"2025-08-17T08:14:45.181917Z","last_seen":"2026-04-03T20:50:12.402198Z","times_seen":441,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.datalc.com/","fqdn":"www.datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T01:36:23.364Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.datalc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Encoding: gzip\r\nServer: Nginx Microsoft-HTTPAPI/2.0\r\nX-Powered-By: Nginx\r\nDate: Mon, 09 Feb 2026 01:36:19 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":1594,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1565), with no line terminators","md5":"e3bbb5cc9d32e24b8a5e52d14aee76b3","sha1":"efe6419f19bbd4d6663742574ea9764bb46cf759","sha256":"3a877ca70caeede0bd686cfffd687595a3fdffa0f6040e4b715b636ebfe727f8","sha512":"b197b71b273058f3313b6912d2a0603871868b3521eb5eed0129ef122ec398cb9496290a2e7cd13eaa7d75c1c95e77c4297742e7951f7ddef8a2d7dcdaa7c300","ssdeep":"","tlshash":"2631cf3365b0007d00599764ddb0ff7d81a3eb515328e301a8e4586dca47d5298d378f","first_seen":"2026-02-09T01:37:18.663337Z","last_seen":"2026-02-09T01:37:18.663337Z","times_seen":1,"resource_available":false,"data":null}},"time_used":799,"timings":{"blocked":266,"dns":1,"connect":266,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-09T01:36:34Z","timestamp":1770600994,"ip_dst":{"addr":"172.18.0.14","port":60512,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017","source":"{\"timestamp\":\"2026-02-09T01:36:34.168273+0000\",\"flow_id\":442172152713538,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.204.158.66\",\"src_port\":80,\"dest_ip\":\"172.18.0.14\",\"dest_port\":60512,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024228,\"rev\":5,\"signature\":\"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"www.datalc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":827},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":935,\"bytes_toclient\":1439,\"start\":\"2026-02-09T01:36:23.364866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-adsDialog.json?1770600991831","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-adsDialog.json?1770600991831 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:32 GMT\r\netag: W/\"69855ceb-3340\"\r\nexpires: Tue, 09 Feb 2027 01:36:32 GMT\r\nlast-modified: Fri, 06 Feb 2026 03:15:55 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13120,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (13120), with no line terminators","md5":"5b9bb35588d182549a8cbfc127aaf695","sha1":"aad57870448f8844c76ba21d016900e13e322e51","sha256":"6174ec47f7b51e0cfe812551dcf64aa52e7ead7b3c81c060fc425cdb3832885d","sha512":"0b12fd54fbb4569e5377286d2dd40ad4498a893340174ce873e90ba65ec3b04b9cd201e2e4738a8353e75e6e0de3bb32e2f54fb9c0e21cad6e8d68e8477f5690","ssdeep":"192:DFaDQ4BUmszzBfIsbjrVEg5nzP0Tz5M9AZr8rJ0Gekl2rxdVkBlz9Wnfuir:xa4lAyPVE8D0PUGr8Jek0rxdVqh9Wfum","tlshash":"8542c069a684d3ef02af5268f12db901cd77e40809718efdc4200b869fe910bdf6d4d9","first_seen":"2026-02-07T09:57:53.87139Z","last_seen":"2026-02-09T17:50:41.153216Z","times_seen":5,"resource_available":false,"data":null}},"time_used":697,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":697,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"www.datalc.com/favicon.ico","fqdn":"www.datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://www.datalc.com/","date":"2026-02-09T01:36:24.048Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.datalc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://www.datalc.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nTransfer-Encoding: chunked\r\nServer: Nginx Microsoft-HTTPAPI/2.0\r\nX-Powered-By: Nginx\r\nDate: Mon, 09 Feb 2026 01:36:19 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Microsoft HTTPAPI:2.0","description":"Microsoft HTTPAPI is a kernel-mode HTTP driver in the Windows operating system responsible for handling HTTP requests and responses with efficiency, scalability, and security.","website":"https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page","common_platform_enumeration":"","icon":"Microsoft.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PT.c0bd5fdb.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.467Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PT.c0bd5fdb.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-1388\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5000,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c0bd5fdb135b5e3b5560cf409f788d3e","sha1":"2f30ad5c5a8bece46d04ff38f6396e898b6e0807","sha256":"02be978b2a88d2901a10b94ec4c12304502f824a6754c9f62d7facc9a0eb5fc3","sha512":"2c1a12b89434cf33dba19188fda53cee8b220e4bf2c34bccd55bab2adff1c6d2798ebeaaa0a625335c72d38683afbc05007a8d53a8ebc2e4a1e81985faa1df51","ssdeep":"96:JNZ2QhV/CZ75XPqYKAkyjnsWs+iarwYlVnf5/qKb7aWtBgMDW:52QC2Arnc1aMYLfkKb7a6ZC","tlshash":"cfa194e6d7e562e0e006e3e4566a88363bab24fa7f31cf6d47e96de0d71111e0858cc1","first_seen":"2025-08-17T08:14:45.288159Z","last_seen":"2026-04-03T20:50:12.277604Z","times_seen":438,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-d1ee4a6a.36836749.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/chunk-d1ee4a6a.36836749.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:28:49 GMT\r\netag: W/\"69842f33-2b3b\"\r\nexpires: Tue, 09 Feb 2027 01:28:49 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2565\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11067,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11067), with no line terminators","md5":"8f3d18ac426cc2a18dba20db2a73d803","sha1":"e6819d68b751f7df8c1fedc82316a9b1037d5ab0","sha256":"a31f5cbb4ca98f4cb82e7c727235855439e23b5d8fe4b7a26682f95c35216f50","sha512":"af6ee8f558b4cc554bec51e244bc0bffa6d4970d400063e50bb764fca22729d77d55764ea1e4d231aa1bf5711f8c5ec13527c135d0dd48ea795c9c20f74c97a8","ssdeep":"192:2QHQZZKMzJ2ID6P/ZESUwjdR+u2u1uEr6:2QHQZZnzqHGwjdOu1W","tlshash":"85321015f93ca019f07fc590b0903ef96359d207d5625aacaed13d298947cfa362f2ac","first_seen":"2025-08-17T08:14:45.29901Z","last_seen":"2026-04-03T20:50:12.388688Z","times_seen":529,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/js/_wms/_l/electronicgames/games.js?7797b1e67e66e4cf26072e9ac556c2b2","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/js/_wms/_l/electronicgames/games.js?7797b1e67e66e4cf26072e9ac556c2b2 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.j9bba.com:9300/\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:33:23 GMT\r\netag: W/\"69844b0a-80600\"\r\nexpires: Tue, 09 Feb 2027 01:33:23 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:23 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":525824,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"beddeb2b9153049eafc13c547bec6164","sha1":"0c75081d66ff57d435cdb61fcb2a6d9c01d5eaeb","sha256":"0468d6e9aa5b0d35febccc6c9d5ee713b43764d15680c928faa671b36a5d661e","sha512":"f1f3f676dd680a23fd1f1a08dafb142046eb54e39525b2f4c626f9ad02d1d0ad53d5b6ff7002432835b8746b5bfe243bbfce37a8a6b4ab0a457e9c83064ba874","ssdeep":"12288:T/SYhUR42HT0kZrA9FVWYS48ABEMTnLUb+/euK:T9dlOrA9FV5v86wb+Wr","tlshash":"04b42310ac967f780999a628f06f2f7e1c8c47f8de164a8169b4dcc348d7bd348af558","first_seen":"2026-02-07T09:57:53.811411Z","last_seen":"2026-02-10T09:34:26.201499Z","times_seen":6,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-lgClugRecommend.json?b9aa38d5037667930641023eaa0477c3","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-lgClugRecommend.json?b9aa38d5037667930641023eaa0477c3 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:32 GMT\r\netag: W/\"696da112-4c0\"\r\nexpires: Tue, 09 Feb 2027 01:36:32 GMT\r\nlast-modified: Mon, 19 Jan 2026 03:12:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 991\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1216,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (1216), with no line terminators","md5":"064c077f2adf92bb6f28812de42e01e2","sha1":"01936c3ce4b8b581f78a1849df89f337e66765ea","sha256":"1d0e018df4c59bc73902ae2d838561099d2bd48dc5b62ce9b751d66ccee3f623","sha512":"2e0528fe8a14c69527de4837c26677f6699403e16d5a0534c0a7970d17dc50b14077db105fb454859413bba888057abeb43f6d85b1cd46a556c9c37e6dff98eb","ssdeep":"","tlshash":"fb21e405740ca1f61bf7459ae94e57fbf803c4a43ac892c36d29bdb8a44c3102489f11","first_seen":"2026-01-19T03:24:33.938324Z","last_seen":"2026-02-19T23:15:49.895155Z","times_seen":55,"resource_available":false,"data":null}},"time_used":552,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":551,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/JDB-a.19d80af3.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/JDB-a.19d80af3.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-2e6a\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 11882\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11882,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"19d80af3da89ba37f5ee3c4ac53026f6","sha1":"13c49614bf0dfe55b5282d799199c36aa2eeee66","sha256":"0d47cb04fc41403f6347e0eb2958f3bae392026fb6fc86ed8609302a929f22c2","sha512":"47f8dc038d120cc096319392ab9f0592c9fea6ec312ffd0b446dc7e31b95bdc9aaa1367b54e4f16562e790019e2d383767c0b0883865b41f5b7bab53d06c5bfe","ssdeep":"192:8yCQmqOneXH58nY8BYqyy51QNsLPmu1Kt3s6lqdmZ9Fw3c2ANjcIUYXTMjVs5h:8fQwtnY8BYqyy51QqLPmvpNrUKMRi","tlshash":"e432959ef3bea1b4b10df7bdc22798743a931df66a66c52842a57d46d12400d0dbcc8b","first_seen":"2025-08-17T08:14:45.092284Z","last_seen":"2026-04-03T20:50:12.341945Z","times_seen":438,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/dynamic/query","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/dynamic/query HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 57711d3fa785e15d4f066aeaf2b6c648\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: f941cb3aef7de8fe27c9272ad99b8c77\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 91\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":91,"data":"{\"bizCode\":\"DIGITAL_CURRENCY_EXCHANGE_RATE\",\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:36 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":984,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"abcd412e71d354bf585c69615d109bfd","sha1":"126cb7deaffb88d7cf81d890835cf3e9eb16d85f","sha256":"ed31a97cb60357f3f047bd331066bc31c7f41f92be2acac644ab1003050a2300","sha512":"cb57aa1ec921c388838b481406645275a43cb0f6be221e6ecaa923e884a39f7b581e43e0bdc1b5102094bfb7e68c467e871c980b28eaed4b6ac00dd92c64aa1b","ssdeep":"","tlshash":"2b1108e9389d5606114270fbfa977a06a0c5ee380df5ad8a0309b22df0a960a0c4776f","first_seen":"2026-01-29T07:45:10.341311Z","last_seen":"2026-02-09T01:37:18.669296Z","times_seen":2,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":463,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-6c84c516.49d6591a.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/chunk-6c84c516.49d6591a.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: W/\"69842f33-789\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1031\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1929,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1929), with no line terminators","md5":"1b97ba2e1b97ead3029e38203000a553","sha1":"86b67bb87dbf8b7b66ff82ede315f0ab63e0da69","sha256":"479cce7819cac20b032093114e57f3b67de3db3a072c3baf55c982bc136fa6bb","sha512":"c06530414db98be657cf3957ea74dd1b7233ed28b2513e6501cf1cbcc150b6f29babd40b4489621ed27cbab0a039fd6ca415ad16a94a1edae1873414c831b5de","ssdeep":"","tlshash":"4941c85dfb839495aeb690b025173763b0601f9cb6068adcf8bcc9c72aa465c235d634","first_seen":"2025-11-18T09:12:39.080943Z","last_seen":"2026-04-03T20:50:12.328202Z","times_seen":285,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"3s.hqvai.com/api/v1/stats/collect","fqdn":"3s.hqvai.com","domain":"hqvai.com","tld":"com"},"ip":{"addr":"38.182.202.2","port":443,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:39.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.hqvai.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 24 Sep 2025 00:00:00 GMT","end":"Thu, 24 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"0C:1E:74:31:EC:AC:CD:B1:2E:D8:AD:43:C6:EC:9C:C7:F3:AF:C8:FB","sha256":"D8:13:B1:71:B8:7C:BE:95:8D:73:43:F3:CC:AF:7C:31:F3:AA:B9:C6:3B:08:81:A1:3D:B6:A1:A3:45:B3:3A:37"}}},"request":{"raw":"OPTIONS /api/v1/stats/collect HTTP/1.1\r\nHost: 3s.hqvai.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: x-requested-with\r\nReferer: https://www.j9bba.com:9300/\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:40 GMT\r\ncontent-type: application/json; chaset=utf-8\r\ncontent-length: 34\r\naccess-control-allow-headers: x-requested-with\r\naccess-control-allow-method: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":34,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e19fb88180d8d4d3d0e4e9996c358875","sha1":"47671f435eeea682b4f68c8432efff5dc3051ce3","sha256":"56b0161eedf5558313aba167032a3a1bf0532985565b83f1f3db5bfcdd326d9c","sha512":"9b470d1671f9a9cb73b0f7b7c3997e8a23b42836e36ba66654aee0bd0fc45637328ff8f971b3a64f13e03415b3cd75d68ebe7a8b3e22223d706fe958d33d138d","ssdeep":"","tlshash":"7e800080822a2aba3ac3288233323a202fa02a80000a208e030c8c280380cc3800a308","first_seen":"2023-04-19T19:35:48Z","last_seen":"2026-04-03T21:57:49.306913Z","times_seen":13750,"resource_available":false,"data":null}},"time_used":2134,"timings":{"blocked":907,"dns":365,"connect":212,"send":0,"wait":320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/YOPLAY.71dbe6f7.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/YOPLAY.71dbe6f7.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-3d5\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 981\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":981,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"71dbe6f70ba4d68a40ef19628a110f6a","sha1":"1ad8aa91b51e5f51a0e5b925ede5841cbf80d7f6","sha256":"52b22fc48c2301cb65f4aa39c6dc9c896b19e3a89d207dece1d28728619a368d","sha512":"e28453ad9f3e47f95bd0f1a4b067ddfd1dcaa28481574a63fff69da32523694947ec6cfe2be966eced8ee245b0d9b65f5bd0e38ceeca3766b7b193d0c552e2bd","ssdeep":"","tlshash":"4111bdd4b74c9101c6886ba5da2ae43a12d714ec722193a5ed822b7771985ef4ca9b80","first_seen":"2025-08-17T08:14:45.134792Z","last_seen":"2026-04-03T20:50:12.274792Z","times_seen":441,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-vendors.7e6d6ba0.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:28.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/chunk-vendors.7e6d6ba0.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:26:42 GMT\r\netag: W/\"69842f34-39b2c\"\r\nexpires: Tue, 09 Feb 2027 01:26:42 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:26:42 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":236332,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"464368b66923a5741e84279b7ad84c90","sha1":"5bf07f149854f86913beecab4884173fffc1ef2f","sha256":"ac4187b276f341015d9646338e5d5ebaefe3ee592022ecb4f458a74dda5c1402","sha512":"010bd7f33380455abbb56bc8c704d6d5edc147c70f901b2d6d71bf4b74755d5d9bb7bb881b0a80f4425f1206b279db46dd20f9b4892868d909869068a08fb5a7","ssdeep":"1536:jrgW9cMERw4B78O6iZkJgYu8e2W0kSDDvIc/eu4JP4hjEIajnMLl3yTto0w6vASN:jKwW27euLL6ob6v7f65WCXk2A6q","tlshash":"9834a5109b17243b622bda6d74c0fa896f28c363d8735b7afd95740cc6e64991227e0f","first_seen":"2025-08-17T08:14:45.33668Z","last_seen":"2026-04-03T20:50:12.241585Z","times_seen":534,"resource_available":false,"data":null}},"time_used":1050,"timings":{"blocked":419,"dns":1,"connect":207,"send":0,"wait":207,"receive":0,"ssl":214},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/EVO_NLC.28bceb88.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/EVO_NLC.28bceb88.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-4227\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 16935\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16935,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"28bceb8889e822600b85d56c679b4f37","sha1":"0fa9e14f1fbfc4f3b681514dd58614836904b1cb","sha256":"9c8cbb4c1ef7919e9c022603db241e34729f5182c804265edf508e6d2fd90b57","sha512":"9723e71ea2d7594ebada53adb7a3fdf70afcacf64849a233219cd0dc01eabb69a76c2dd2f08c785c63b88def19b3348997ef1000c2ffe66ca4259a88289054a4","ssdeep":"384:l/qaIlEYS5hcDotsIkkCLFq/cBK6GDNxs+LsJrZ1aLXy7oLd:+lRJZIkdLFq/d6X+Ls1Z1aLXeoh","tlshash":"4f7244e1d3ea93f4f107f3a0c5278435765328fa7e16de5483aa8eaae54049d48cd886","first_seen":"2025-08-17T08:14:45.242477Z","last_seen":"2026-04-03T20:50:12.342682Z","times_seen":442,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/app.f98aaace.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:28.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/app.f98aaace.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:32:41 GMT\r\netag: W/\"69842f33-d3146\"\r\nexpires: Tue, 09 Feb 2027 01:32:41 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:32:42 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":864582,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators","md5":"95ed2053760e7f98416584a510904756","sha1":"0461d891911c0efeca5cf74dc99674ea07b65908","sha256":"92544c387be041c6d713ce97dbdfadf817009bb01541723fa28d4045ac61701f","sha512":"dbd8265d4ccec9e26e60109c83f37f0c385453fc8e1b8f661f172852100e2a0e9e5c66ab870b3e1fb92267c58c3e46977dafd1e56864820b18aa8ea24ed2cda4","ssdeep":"12288:3EXl24QvFZpKGOsp/mqiZVx19McPeiM2RYRFJq1DNV:UV24QvFZpKGOO/mqiZVreJ2RYRFJqHV","tlshash":"1c056ca9f1c5b1e45646a3f0a42b2111f12a3ded7945c8d8f7acddc06bb0c8d522af78","first_seen":"2026-02-07T09:57:53.853558Z","last_seen":"2026-02-09T17:50:41.166509Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1676,"timings":{"blocked":429,"dns":1,"connect":210,"send":0,"wait":814,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/activity/public/proxy","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/activity/public/proxy HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 36855b8cc27b199c24f69722d09c999b\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: ffb379e5a63aee754a2eeb89c3a01289\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 207\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":207,"data":"{\"uri\":\"/jackpot/queryJackpotHistory\",\"paramObj\":{\"activityCode\":\"FaEU9HeAXn\",\"productId\":\"H86\",\"queryType\":1,\"isNeedLoginName\":false,\"pageNo\":1,\"pageSize\":50},\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:38 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3504,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"835df44ef2073b7b3a7f31ddf366d331","sha1":"8ebaa359db9ba9a76d28dabe648f51f10714753a","sha256":"d7898198594a1b2c5118b5510b3ff4ffb166fa66c2d658543126784ee2cd9762","sha512":"6b4880ec97b961e21fa6a084e6c9f35160254d96effcd0a30ac727c8d4c7b02fe0189a76fe3ba337ecee4e218de97dada7fd326838d4fa8411c4e90dcab93c26","ssdeep":"","tlshash":"56714cd8f46e8a579d65a9bcf7eda08723708c4ed4c7fc211212d2c8c04aa2385d39d2","first_seen":"2026-02-09T01:37:18.675244Z","last_seen":"2026-02-09T01:37:18.675244Z","times_seen":1,"resource_available":false,"data":null}},"time_used":606,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":606,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-6bc21bda.d9391d29.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/chunk-6bc21bda.d9391d29.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:33:23 GMT\r\netag: W/\"69842f33-2838c\"\r\nexpires: Tue, 09 Feb 2027 01:33:23 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:23 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":164748,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65420), with no line terminators","md5":"263b0bc87f1c5e2dbc78813a18bcf54d","sha1":"f56b4fc9b7f2ed58c7841af0bf6eae118709ec54","sha256":"47661b4a857d1d762c9373e5c5b8e3973a3417ac6e6574a53ed2a1c6a168212a","sha512":"33cd3728961389f1d69436efa6e4e2e424dd573a953c52d1a988640f864590a8d07c099b94de39fb3598821bf7fc011f7e1c35dc94c28533d58a9ac87c9329d5","ssdeep":"3072:ZtNsgkvTGCs416xQ7H+J8kfFu60FDAJrDlOyD0uGaqRB:HSgkv3QAFQz0FD0guKRB","tlshash":"3af39f5bb682b4e5562752e0d00b2515bc622a44e248e8c9f73cfbe1edbdb1c1a1f53c","first_seen":"2026-02-04T02:40:25.990892Z","last_seen":"2026-04-03T20:50:12.250135Z","times_seen":126,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/SW.cf817db8.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/SW.cf817db8.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:33:59 GMT\r\netag: \"69842f33-552\"\r\nexpires: Tue, 09 Feb 2027 01:33:59 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:59 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1362\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1362,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cf817db8b926ed504e9e8ded4ea33ef8","sha1":"9670eff04adba4f8c368b73e33208486c400a746","sha256":"a28759c23a81900e520ed10fef4dfca49ee8ea7a8c331dab2a6489c838356a52","sha512":"28aee4ad904c2aaa2d7e69f145dd855a2efb873bbbe22b0027612ad889f411ec898b658d5e25aa46332c2ad87c02dcb17bd9551240b30755103094752fdb9d78","ssdeep":"","tlshash":"fc2153aab2acd3a1d584cb648756583233971cfe3b20c71cb1c87956a0d856dc8ccdc2","first_seen":"2025-08-17T08:14:45.142471Z","last_seen":"2026-04-03T20:50:12.294691Z","times_seen":444,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/websocket/v3/jp/pools","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/websocket/v3/jp/pools HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 14ac159bc2ecc1eb3ba7bbb858b5b727\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 5d0afcb59cf574f6eb01fcbf9fca9595\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 48\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":48,"data":"{\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:36 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3608,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3152e0ea9d999cd9ad58f1194c3011c3","sha1":"0298776b2c63a38894c0b05c192acf0037cf5a1f","sha256":"7260255f29420f743e0e7fbe9336cef0b73b0845c282ace2e0595720f79dbf10","sha512":"82059829ee028fff930c4f51bf6b97e94cd41dbbc35fcfd9718c250f3930d9dc1180188fe939ff92a76fde6b7a1c0c64f7ef0765444dad24b92f7dff94d24cf4","ssdeep":"","tlshash":"76715d85f1740602c99b1ef073fbfb7950833a889c2a7a6416d9db6760327501c1ee2f","first_seen":"2026-02-09T01:37:18.678183Z","last_seen":"2026-02-09T01:37:18.678183Z","times_seen":1,"resource_available":false,"data":null}},"time_used":438,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":438,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/service.7b398c3c.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/service.7b398c3c.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/app.c9631895.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: \"69842f33-5ed\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1517\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1517,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7b398c3c6a8b8b8ef98a5f33cd31f6cc","sha1":"03359430b73b66477bb8acddb7d5bd027ac404ae","sha256":"e30064347a7161a775d79016980482f2c1b8a810b701796c9a42540a88ce3326","sha512":"42af81fca759fa20828f0f81bc569ffed1cd74e29c6f668e262c45e0814f0a3b9d22848c34343b09c33b0b202962bd3a4f1b74e4b21f07c9282b52306195727e","ssdeep":"","tlshash":"ff3165d3a2e5f7b06a29c748cd159478370a2c3badbcc61a8043ead635284682c4d97c","first_seen":"2023-05-06T09:42:13Z","last_seen":"2026-04-03T20:50:12.31037Z","times_seen":440,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/CQ9.8b7e8335.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/CQ9.8b7e8335.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-1513\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5395\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5395,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8b7e833524e52efee5c32ced13e25fa5","sha1":"685b4bae7c3e8af17eac8b4b66bf3b6fb4a7c118","sha256":"a987f240607788259be4ce6683c499271fc3f5dcf207d2983e4d53766addb820","sha512":"874a8783504c57f56678f54d2e920855cb58bb26bddc9122adf84f23aed32b1ba250340e0b6efdbb419320ec836891070bf658e1676d87f55d7fb0448fc7ed28","ssdeep":"96:euzMwy+I+mz6aur/IcJdPrWdZfU/S7ogdmO2SivkEjrZ8c/gTwJWUA:euzMwbmz6/N6dvF2YEjVkwS","tlshash":"85b1b7d5f3e5b3f4d102f3e45269d5343a1728f67a32cb2887d62ea6d64305e84ac881","first_seen":"2025-08-17T08:14:45.147519Z","last_seen":"2026-04-03T20:50:12.40153Z","times_seen":441,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PG.1a267e9e.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PG.1a267e9e.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-176d\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5997\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5997,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1a267e9e37c8847a03843292101558d7","sha1":"c83d2b148d8af0899cec7bb70a86751a8fd02a83","sha256":"16008034430eb7efc0f228f48ac3aadb29022135f498c64c25e8d046abe2c3e6","sha512":"4323a5c9d89f73c7a608f68f7bbd88a5c70f2a035ab30581ff19a57af15e95828144aa753d136860402f511f8c787a599b603fc03a3dae699728926a0c0e78ff","ssdeep":"96:wXPFRzLU7qtO8+eBwYryTnGEC9YnckSI8C6qstaCUv/q14nw9:wXfUQB+eBwYryTnjnTSI89qstaDK9","tlshash":"cec112c29799f1acd50cdb29490aa678703334feb732c39ccad33723546a06e4919ec5","first_seen":"2025-08-17T08:14:45.060095Z","last_seen":"2026-04-03T20:50:12.411576Z","times_seen":438,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.owproofing.com/cdn/tus5r4v1F/cdn_test.txt?1770600986647","fqdn":"tus5r4front-ge.owproofing.com","domain":"owproofing.com","tld":"com"},"ip":{"addr":"205.198.109.13","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.owproofing.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 28 May 2025 00:00:00 GMT","end":"Thu, 28 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"01:B8:54:58:1B:E9:1D:89:71:40:D4:65:8A:B2:A7:16:0E:4D:5F:7D","sha256":"13:C5:CC:27:30:5D:CD:95:A3:F1:26:CF:B3:21:7F:31:9E:25:64:CE:F8:7B:16:01:5F:F3:D2:85:81:EC:E9:CA"}}},"request":{"raw":"GET /cdn/tus5r4v1F/cdn_test.txt?1770600986647 HTTP/1.1\r\nHost: tus5r4front-ge.owproofing.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:36:28 GMT\r\netag: \"69842f34-1\"\r\nexpires: Tue, 09 Feb 2027 01:36:28 GMT\r\nlast-modified: Thu, 05 Feb 2026 05:48:36 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: UPDATING\r\ncontent-length: 1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"0cc175b9c0f1b6a831c399e269772661","sha1":"86f7e437faa5a7fce15d1ddcb9eaeaea377667b8","sha256":"ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb","sha512":"1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75","ssdeep":"","tlshash":"c700000000000000c000003000000000000000000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-04-03T20:50:12.267296Z","times_seen":64047,"resource_available":true,"data":null}},"time_used":3955,"timings":{"blocked":1870,"dns":443,"connect":208,"send":0,"wait":212,"receive":0,"ssl":1219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-homeAds.json?1770600991830","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-homeAds.json?1770600991830 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:32 GMT\r\netag: \"691ebfc8-118\"\r\nexpires: Tue, 09 Feb 2027 01:36:32 GMT\r\nlast-modified: Thu, 20 Nov 2025 07:14:16 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: BYPASS\r\ncontent-length: 280\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":280,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"b85d1ebfae7f9e0602d489496d3ed740","sha1":"0a310f6c6d14e99ca6ff6596b555d639774df45f","sha256":"caa6e7615c20443b753f182c5de402add751d4daa4f7e114f1980db7ceb87b9b","sha512":"b42ddd73fd9174023748e1f61b8335e0ae03fa642f70b8ca22a9c9964a06abeb79072ea334736f9049cb26fa4ce44da81e17a15c3e9925cc5fa750c864671799","ssdeep":"","tlshash":"a9d0eb4e4d7ced33a4a81fe830e42e0b3040a0e4aa2c04ec0697f5fa424a6d83100938","first_seen":"2025-11-20T09:39:47.02626Z","last_seen":"2026-04-03T20:50:12.410292Z","times_seen":281,"resource_available":false,"data":null}},"time_used":817,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":817,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.datalc.com/","fqdn":"www.datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T01:36:22.649Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: www.datalc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":450,"timings":{"blocked":450,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-09T01:36:34Z","timestamp":1770600994,"ip_dst":{"addr":"172.18.0.14","port":60512,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"154.204.158.66","port":80,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"severity":"medium","alert":"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017","source":"{\"timestamp\":\"2026-02-09T01:36:34.168273+0000\",\"flow_id\":442172152713538,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"154.204.158.66\",\"src_port\":80,\"dest_ip\":\"172.18.0.14\",\"dest_port\":60512,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2024228,\"rev\":5,\"signature\":\"ET PHISHING Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017\",\"category\":\"Possible Social Engineering Attempted\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Web_Browsers\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2017_04_19\"],\"deployment\":[\"Perimeter\"],\"mitre_tactic_id\":[\"TA0001\"],\"mitre_tactic_name\":[\"Initial_Access\"],\"mitre_technique_id\":[\"T1566\"],\"mitre_technique_name\":[\"Phishing\"],\"signature_severity\":[\"Critical\"],\"tag\":[\"Phishing\"],\"updated_at\":[\"2020_11_19\"]}},\"http\":{\"hostname\":\"www.datalc.com\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":827},\"files\":[{\"filename\":\"/\",\"sid\":[],\"gaps\":false,\"state\":\"CLOSED\",\"stored\":false,\"size\":1594,\"tx_id\":0}],\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":8,\"pkts_toclient\":6,\"bytes_toserver\":935,\"bytes_toclient\":1439,\"start\":\"2026-02-09T01:36:23.364866+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/arrow.b3217e7a.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/arrow.b3217e7a.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:18 GMT\r\netag: \"69842f33-104\"\r\nexpires: Tue, 09 Feb 2027 01:28:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 260\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":260,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b3217e7aebb07997b84437413c356128","sha1":"6f85946a6fff0ac776c636037cf818f39eb0acd6","sha256":"6f323117336c505af32857cffcc9e4f41cb85bf452ae273350a5a7789cc8d8f7","sha512":"d998cbd1a19961b25b7235c1389bca841bd12317e69bedbd9b8dcf810ea566d5f21f65fb49a5a8c62345de36e069e356fa065ea534c37b4ea1a355119fbcf6ed","ssdeep":"","tlshash":"30d02ba31408890040049510b41a6d3517e760dac18c4d9af24035def2486d649900a5","first_seen":"2025-08-17T08:14:45.317001Z","last_seen":"2026-04-03T20:50:12.346476Z","times_seen":495,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":412,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/iconQuestion.34845f2b.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/iconQuestion.34845f2b.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:15 GMT\r\netag: \"69842f33-b49\"\r\nexpires: Tue, 09 Feb 2027 01:31:15 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:15 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2889\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":2889,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"34845f2b589d21c649a0dbcf0d1db526","sha1":"d6cfa9fa9a5d08df20af6079fb5bfaaf324fb2f6","sha256":"0161b9541f07641b40fe121cd98ca2517f5e02d49af6e6c0c8f552949e48196f","sha512":"9cf33653418e210dc436f85a299deb36b6fdbc540ee64a7f2b51e10824b823301947083944de154b4fcbb5cbe0ef3efa3030045c51b6ac2a678e1288708e1ca1","ssdeep":"","tlshash":"2351baeb520872d0d9460ff0cc1cd6713a9b38f33b6ec7a48164aad8f93226c8d99d50","first_seen":"2026-02-01T01:53:18.441622Z","last_seen":"2026-04-03T20:50:12.295472Z","times_seen":67,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":417,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/favicon.ico","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:26 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 67646\r\nlast-modified: Fri, 21 Feb 2025 07:58:23 GMT\r\netag: \"67b8321f-1083e\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":67646,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel","md5":"5b260b1f6cfc875998b302b185056a22","sha1":"0d850671c235b55081ac680a57ec97e7012f7919","sha256":"078c04056ed96ffee1fe478a4fa35d83e0682bb65447cb7907642ea59225f932","sha512":"5b015f6c9941a4942f9a6bf8cc4eb415b2b4185795715d9f0eb2b7558fea4fee2d9034f4363e617100fbe003ed46cb80bcac7c09a87baf7bb6d94b546c14bb7f","ssdeep":"1536:0AN6E1qtVl0m0tcVcYu/PyHA3cWEycnq3dPfcqdli66A+V+Fz:0FHAOq3Pevq","tlshash":"a36311e63cedfd3bdabe0478a2e182198434c42148775241fe27d6abda75e943e6f005","first_seen":"2023-05-06T09:42:13Z","last_seen":"2026-04-02T10:40:07.402193Z","times_seen":313,"resource_available":false,"data":null}},"time_used":450,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":448,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/3s_web_detect.js?product=tus5r4\u0026module=frontend_web\u0026v=0425","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:28.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/3s_web_detect.js?product=tus5r4\u0026module=frontend_web\u0026v=0425 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:26:42 GMT\r\netag: W/\"69842f34-b2e9\"\r\nexpires: Tue, 09 Feb 2027 01:26:42 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:26:42 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":45801,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (45734)","md5":"5cc950966ae7e8d2e998fb2522ee26b0","sha1":"e2689bc69f251faa08fcaeec7abee7b1094005b2","sha256":"26c4604a8dfca1276fc0e5239c84e5788def42725ebe87c1862f9355f0d7920f","sha512":"ef2fe0ff8622cfa7503bf50de8d292f60808ee8be1709a39869ea9f01d5de0c8f79b07a47d67efecb61168d65ddc3497b64f15fdfcee56facc0934f9eac873a3","ssdeep":"768:N52s3s7wTspsksLhsN5AOzYGwDgWRb/AM07OTQpzfxe5qefp:NsojTQp2hIUgWp/AM07Tfxe5H","tlshash":"24232b9d718a7075437366e9273ff208b0756aa0240e8400bb7695853c74e9be27bfed","first_seen":"2025-08-17T08:14:45.281296Z","last_seen":"2026-04-03T20:50:12.31971Z","times_seen":543,"resource_available":true,"data":null}},"time_used":1767,"timings":{"blocked":518,"dns":0,"connect":256,"send":0,"wait":723,"receive":0,"ssl":267},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/DL-iOS.ac6264cf.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/DL-iOS.ac6264cf.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:18 GMT\r\netag: \"69842f33-3b8\"\r\nexpires: Tue, 09 Feb 2027 01:28:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 952\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":952,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ac6264cf123dd943b9c7802d71c0be2b","sha1":"81fdacfef7a1d8a5daf64378c18dc8980cacde27","sha256":"fc5337b91a1ff57307d6c004dfbf78bb2f0d6e9a2cf47c8916ed51e673752da0","sha512":"43b36b7da3bdc2b86f1c75aac13087f4468e6bee6c5514f5183e11802b3fcd4c9fd6c91b9d2a959788bcc6fa02b77df8e2176d9be410d510c1338a6213ad5e5e","ssdeep":"","tlshash":"b511d0fa5519a5c0b04b8ff0ac2e90527c5b71756fcc13fb857ca1657a698c0894c085","first_seen":"2023-05-06T09:42:13Z","last_seen":"2026-04-03T20:50:12.318447Z","times_seen":428,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/EVO_RT-a.b7ad5dd1.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/EVO_RT-a.b7ad5dd1.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-393d\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 14653\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":14653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b7ad5dd1691e29f4f0d81b384e706c1b","sha1":"d09cd9c509522c57cce613d3bdd72121fef61e63","sha256":"60313dd64489269c008c926edcf2fb57974ee8dbdc1ebcd03cd4f803803b04ab","sha512":"e007c49ceebfe17e0fd5c75bdf6922a14f014837ea5ecea2eaafab893f35de8631558797c885985f48c4109ee8e3b3773540840dee3b757568c36dd881fae69d","ssdeep":"384:7i3+5LcyBlPJgBfpQ5Il2F3XzRg71FCyMyQw8+:7A+2BfpGbYszwF","tlshash":"4762a6e9e3e5f3e0f206e3e0932654757f673cba3e21c69d07a5ad90ea1111e44d8c85","first_seen":"2025-08-17T08:14:45.195937Z","last_seen":"2026-04-03T20:50:12.404398Z","times_seen":444,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-sport-hoticon.json?1770600991829","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.884Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-sport-hoticon.json?1770600991829 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: \"68ca6637-16c\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Wed, 17 Sep 2025 07:41:43 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: BYPASS\r\ncontent-length: 364\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":364,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (364), with no line terminators","md5":"2d6166f12f54c9e71d79633fde878773","sha1":"56a1a47827e31ac3ef4eb86094961e5dbc91d259","sha256":"b7b146ec201a371a940444cd10ddb2bed2d3ee4def0360bdfdc69635adf098e8","sha512":"d2ed43114d7417199a1fc8e00b2002f0bbece93b4621d67e26c20f7263a87d2c17acd42db05db38b16d956245737817451d47f55dc7383a95feca0ebbcf72020","ssdeep":"","tlshash":"ede0c0202592581c2e3db9d382f87c865765994bb47fdf81532931c19254bf4c7ac4c2","first_seen":"2025-09-19T06:22:33.231607Z","last_seen":"2026-04-03T20:50:12.322999Z","times_seen":483,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":402,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/EVO_RT.58491ce3.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/EVO_RT.58491ce3.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-393d\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 14653\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"58491ce3208319b782cdd336e6a5e5b5","sha1":"b45425f9b50ee06ea0e6e352c81520bb85e49ed7","sha256":"0868074d676336ace7d7854e24481a2e5aedbbaaefb10c9ca2758ce796de90f7","sha512":"187e04b3aa3d0d6801ecbf431044c379ef7f5190eb927af5c556571ff0f18aeb363fe5f27dc4180689a8253bd1bd4d8c4faf91067da6cac1e480edc69953bc8d","ssdeep":"384:7ib+5LcyBlPJgBfpQ5Il2F3XzRg71FCyMyQwQq:7U+2BfpGbYszw9","tlshash":"e76296e9e3e5f3e0f206e3e0932694757f673cba3e21c69d07a5ada0e61111e44d8c85","first_seen":"2025-08-17T08:14:45.302675Z","last_seen":"2026-04-03T20:50:12.322396Z","times_seen":443,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/IconWhite.aa677215.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/IconWhite.aa677215.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/Index.4e085b23.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:59 GMT\r\netag: \"69842f33-4bc\"\r\nexpires: Tue, 09 Feb 2027 01:31:59 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:59 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1212\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1212,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aa677215708ace0dc090ad4e538bd596","sha1":"00e7e1b9e915af8ae24ba82dc348173528c8ba7d","sha256":"b7892be675fa99246355310546993e216fa1e96cfff93bcd8af967ae63dd2fe2","sha512":"7117ece8fe1f7499994818e512181029558ae7ce117253523a88c7ae066428f5f76c6771ff5d0b5cfecba2a3caa7969ba457d413f1ed2201fa5ec93a5b0b8331","ssdeep":"","tlshash":"26219de9328c8df452031fb0a9284d169c2d5cf66fc946f8a1895dd3e4754a3c855ca6","first_seen":"2023-06-11T16:00:16Z","last_seen":"2026-04-03T20:50:12.229644Z","times_seen":496,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PP.b45833ae.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PP.b45833ae.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-15db\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5595\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5595,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b45833ae73fd1b8a08de69abff2a95f6","sha1":"4094296363463c1d9b3ccc9ecc1dc1ffd797aa66","sha256":"10180cc3e4ae337bd38cf8c85b9b88b700686e5f8790c5cc5502dee918fadbe3","sha512":"87d24aecec303b3ace9cb42de602e342c863bf875587f35ab81928602056a08243b9a4d7c626d08d3813ebc95ee594a5cd8eaf63db12dd03c91342aaa6e6d627","ssdeep":"96:WMToRYei9TQEqRhuHSinnNWreEconvO2AgU4o4d8RM0Q/W3Wec:WMToRYeiJQE4huHSinn4rpnvO2AWiR54","tlshash":"90b183abd3faa2f0d442e7e45660e865769b12f61e31d67903eb2e70ff1010f4c89894","first_seen":"2025-08-17T08:14:45.062089Z","last_seen":"2026-04-03T20:50:12.406964Z","times_seen":438,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":208,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/rank.2804baa5.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/rank.2804baa5.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/app.c9631895.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:30:04 GMT\r\netag: \"69842f33-253\"\r\nexpires: Tue, 09 Feb 2027 01:30:04 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:30:04 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 595\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":595,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2804baa5ee3b61ae330762eab01fce46","sha1":"9098fe1225ded6313c1a3b6a17e7fa6df3470187","sha256":"35c1aee081e68b2ca7c08a2c96c0df98fac16a3547b85b737b7c94b08b3a3522","sha512":"939fa66f72e3405d3d3e7271f47d793b162f94eb2830466bf4bb2dbfe7afbfd90db5e2288b611728bc607b717bb988ebef88bbad61cd08dab9dcef02fae2aff3","ssdeep":"","tlshash":"14f0ac66e95dad72a209c365d458d814302d7573998cc392a1c0af7a313ccd2188c7e8","first_seen":"2023-05-06T09:42:13Z","last_seen":"2026-04-03T20:50:12.381535Z","times_seen":457,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-recommedGamesJP.json?397bcd1cbed250597c97e7abe47197bc","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.567Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-recommedGamesJP.json?397bcd1cbed250597c97e7abe47197bc HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:37 GMT\r\netag: W/\"68ca6638-56c\"\r\nexpires: Tue, 09 Feb 2027 01:36:37 GMT\r\nlast-modified: Wed, 17 Sep 2025 07:41:44 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 1121\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1388,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (1388), with no line terminators","md5":"bb5e39c73c0e774120fa925a3ab8a35b","sha1":"5471a2f234b17ab1cb2b8bbe10cb78742feadca1","sha256":"7855cb9e5588c51db5232903afa176c5f67a593e7a33bff875e594608fc4bfd2","sha512":"7ce1867efaa9592260a6994a6bfe806af4748f297ce5abac1ad8921225dddeff948fb1213f6fbf055fad53f3a8922bf0fc798ee5f7370d70f609196c930c9e50","ssdeep":"","tlshash":"cd21d6ac9f8fd4ec417e3821ced0e5a84a18d4526c71d2a0d8a2c187e5d46227b8350a","first_seen":"2025-09-19T07:09:02.785552Z","last_seen":"2026-04-03T20:50:12.319104Z","times_seen":344,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":216,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"datalc.com/","fqdn":"datalc.com","domain":"datalc.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-09T01:36:21.149Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: datalc.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":706,"timings":{"blocked":706,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/fonts/dinbold.51c9de9f.ttf","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/fonts/dinbold.51c9de9f.ttf HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/octet-stream\r\ndate: Mon, 09 Feb 2026 01:33:54 GMT\r\netag: \"69842f33-6188\"\r\nexpires: Tue, 09 Feb 2027 01:33:54 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:54 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 24968\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":24968,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 15 tables, 1st \"FFTM\", 14 names, Macintosh","md5":"51c9de9fade343a6fcfa6201c72ad44c","sha1":"57f2bf89fb69f7dbb93c7a97dd797d93bf9e8259","sha256":"676cfed81d0a20c90a703192d896b56feabe1a0fa34309a136d8c718244c8363","sha512":"dd6c445ca6d89722b57451e9e027c31f15056157c5538c13badbff12245c15e0461ceaa22b50d072575dbc6b7004d02a289cba9fe35ab39ee704cac527812932","ssdeep":"384:neMouuY7vhMCXX1zRwrWe7neBPI/CXikxItTKZGReca:neDuuYdDX1zRmaI9pReB","tlshash":"35b25d508745cb4ecb2b75b88da18226e7656b39b7f39fa74e1021f6781e7b7080cd80","first_seen":"2024-01-26T20:58:36Z","last_seen":"2026-04-03T20:50:12.367924Z","times_seen":512,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":213,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/rank-title.fa3135a6.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.904Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/rank-title.fa3135a6.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:29:04 GMT\r\netag: \"69842f33-1af1\"\r\nexpires: Tue, 09 Feb 2027 01:29:04 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:29:04 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 6897\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6897,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fa3135a633ddae8b3a21c340f68007f0","sha1":"ff6e939c0283422497348e549caa411bce9fc6bc","sha256":"1077da9cf687025a2b59d668e29418556acbbd170a4e0e082aee18773a0d07f2","sha512":"387c92267df62ca4ec8f79467c70499bf70d5073bbcc34440be05c326e682809a54980e7047cf5a0bf11441c44f0c953e0ef0f1389a7377191574e56873b3772","ssdeep":"96:ti8eoZPjlzVH5TiJQYXNyysXh5SqK+lI16imaFDd7SkHcQx2bZSMs6DDmTWTaOQ+:Y8eGrufXNy9Xb4+MjFhNJ2buyG/OTkBy","tlshash":"50e1a5bafa9a9be1e141e398db219031359f68b7bfc5c374c295ad5da0220cd884ccd1","first_seen":"2025-08-17T08:15:27.525238Z","last_seen":"2026-04-03T20:50:12.32171Z","times_seen":400,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/MG-a.0655428f.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/MG-a.0655428f.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:32:00 GMT\r\netag: \"69842f33-78e\"\r\nexpires: Tue, 09 Feb 2027 01:32:00 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:32:00 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1934\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1934,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0655428fca3f308122141f1a79329326","sha1":"d4a1f66e5782475b92a3a22722f05ad55584c1b7","sha256":"81c0a242dadbcdccf02fd39e30ee05736e763953570a448a97f90cf0cc160bc0","sha512":"cfcc0a4b04ed7a1654d55b9bac12bc53fa0f0ce6d73e014196acb27497f6c1a159cc972f8efefdd25548146a47e764d6e49b013f57d44235bd526d6d035350c6","ssdeep":"","tlshash":"5f41887193e9f2b5d009d3d0c1265c36776728eabb72ca2c03d59f15962608f544cce1","first_seen":"2025-08-17T08:14:45.324666Z","last_seen":"2026-04-03T20:50:12.349818Z","times_seen":441,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-promo.json?1770600991829","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-home-promo.json?1770600991829 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"692e5c10-52c\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Tue, 02 Dec 2025 03:25:04 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 1070\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1324,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (1324), with no line terminators","md5":"eee89aaaccfd671eb3c0172d5eef18df","sha1":"ae7904ce1013871f199f178818991a86735fd5b6","sha256":"628cf43300d3e1b749e7bbf8905638b746288e35c3d6e48912ad25bc59b611f3","sha512":"2637249c1fc443af9875fc81c1191c9059738645ac5ce48e414107bf443e23c51e4cbe4469e16cb9f99f7c7a49deb3e50417d8ee748f40ffb6bdea51bccaf254","ssdeep":"","tlshash":"c421a8fa6402fca7c214b7f6904b7189ca34715ca7791a0d64d8d1fa1e05d9164dd0b4","first_seen":"2025-12-02T05:56:54.989042Z","last_seen":"2026-04-03T20:50:12.29749Z","times_seen":231,"resource_available":false,"data":null}},"time_used":401,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":401,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/YOPLAY-a.befff89f.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/YOPLAY-a.befff89f.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:20 GMT\r\netag: \"69842f33-a5f\"\r\nexpires: Tue, 09 Feb 2027 01:28:20 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:20 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2655\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":2655,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"befff89ff232b94162cefccffc024d0d","sha1":"e07b24c12ba6a32128122f3bb18f264c6ea6abd0","sha256":"24053a19c04ac451c8bb84013d823728d3559ce3c82fea83e1d7ae27b096dc0b","sha512":"ca0347f3d6c2c17d64196ad5a0131d7ab061fe071098f67cb5954bbd232f4fea77875ba36dd2cd17f59ab34994e69cd7bf5215933ba227654a22530da4c942c1","ssdeep":"","tlshash":"96519d37f95fb813e228d7e8de42d46a117e41abf4c191b18281ff9f24742c61a1d6b2","first_seen":"2025-08-17T08:14:45.058226Z","last_seen":"2026-04-03T20:50:12.239435Z","times_seen":440,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-hotline.json?1770600991712","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-hotline.json?1770600991712 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: \"68ca663d-58\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Wed, 17 Sep 2025 07:41:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: BYPASS\r\ncontent-length: 88\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":88,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"3da8be5fc42ad7410d81194d89a4c731","sha1":"a513791c5021a9cfba34bb5cc310f8bd49bb3159","sha256":"58336e17cd29562a93430075732efeed12f1e42ea7d36cc2ba8c70f45bc30be6","sha512":"7bd3acc74e5d7561ee7a2e0c6aa36dbf16f1eaaec2c53c587eae488506023708d5b6f27c3aa171cd2d6b89714663e27d9c11724cb7dba321301403ef76a8b348","ssdeep":"","tlshash":"17b0120b419bf100f06e3607228041837304f7c9331106c5d442648282210201500d40","first_seen":"2025-09-19T06:22:33.095379Z","last_seen":"2026-04-03T20:50:12.338802Z","times_seen":511,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/PP-a.ffa30129.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.454Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/PP-a.ffa30129.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-15d9\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5593\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5593,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ffa301293df145bec58192f531319760","sha1":"d279dfe49e85e29451e31bb5a31d86f808e7e4a7","sha256":"6fd47b148280a558eb30259484e866a80dca6a857e333fed1e795633d00c74bf","sha512":"a3783b53401ab3c0c67f72ea882164058fb99368b7d2bf2faa006f538d474be74a47ea22297bd189ae3f3392e9ecbee928fa31643036f9212f7bb0b8ee13545f","ssdeep":"96:WMToRYei9MQEqRhuHSinnNWreLconhO2AgU4o4d8RM0Q/W3WeT:WMToRYeiaQE4huHSinn4rOnhO2AWiR5P","tlshash":"31b185abd3faa2f0d442e7e45660e865769b12f65e31d67903eb2e60ff1000f4c8d894","first_seen":"2025-08-17T08:14:45.043571Z","last_seen":"2026-04-03T20:50:12.23229Z","times_seen":438,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/_glaxy_tus5r4_/constant/query","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:36.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"POST /_glaxy_tus5r4_/constant/query HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nneedEncrypt: 1\r\nSign: 60516ed7175c2a8c1ce2b459275cf177\r\nAppId: dd3b6a3102f54f588e0c8a37e1d96632\r\nQid: 143869076221c4a54ec8e1f4326e3613\r\nv: 1.0.0\r\ndomainName: www.j9bba.com\r\ntoken: Cud1gYgBquIXTsD8l2gL6FYx6E4h1LKBCroE3yU24gX4YzRsyuEzyFgidhnXBOK8FfXwZ1FG/jUoqNsmZgwuNz0FWl/X+eGlq0fyfECkKNLvmh69DTMuKQ==\r\ndeviceId: faed01b113cfb270c624ee1aa793ad6c\r\nContent-Length: 75\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/index\r\nCookie: _ga_6L9ZP3QXXM=GS2.1.s1770600986$o1$g1$t1770600995$j51$l0$h0; _ga=GA1.1.1066366896.1770600987; JSESSIONID=6F5F04AFBD4548C849B365180C3CE695\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":75,"data":"{\"keys\":[\"ACT_CODE_CONFIG\"],\"productId\":\"a80db5262e14467b82d6dec666073364\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:37 GMT\r\ncontent-type: application/json\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":215,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"335ae068603915f13a364a90f774c2cb","sha1":"d718c7ba8d4c5241b2597b881dd9a774858e33c5","sha256":"1c03f735b529bad52588e6bbaa4b13c7dcd3a3745d62c6b0f577e039f1aef401","sha512":"c8621a5d35e4fe359f7a4c0b199de3d71d4f8d720fae8103774e947ffdb6b6a5a1c9e493a7eb64cd43165e87fc5d220e797e11fb650254fcfdf5405c7417a246","ssdeep":"","tlshash":"6ed022c92eedda9239c202a8ca4837384013f9a26bb1e54c731e9a2b40e823a0408d94","first_seen":"2026-02-09T01:37:18.696176Z","last_seen":"2026-04-03T20:50:12.412285Z","times_seen":6,"resource_available":false,"data":null}},"time_used":364,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":364,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.j9bba.com:9300/js/abc.js?t=1770600985855","fqdn":"www.j9bba.com","domain":"j9bba.com","tld":"com"},"ip":{"addr":"149.104.167.2","port":9300,"asn":140224,"as":"STARCLOUD GLOBAL PTE., LTD.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:25.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"j9bba.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Sat, 29 Nov 2025 00:00:00 GMT","end":"Fri, 27 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"AF:35:56:17:DE:B2:47:9E:22:98:DA:30:27:B0:B4:27:D5:E8:99:7F","sha256":"00:AD:2C:24:2E:E5:88:5F:92:4D:ED:B0:A9:56:FD:B3:4A:21:E0:B7:6D:6E:18:28:52:C9:09:72:61:1F:F7:AD"}}},"request":{"raw":"GET /js/abc.js?t=1770600985855 HTTP/1.1\r\nHost: www.j9bba.com:9300\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 09 Feb 2026 01:36:25 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 05 Feb 2026 06:43:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69843c22-11c4c\"\r\nmagic_string: 178aa526b36126fd25b8d3446d0c1d25\r\nservers: Tengine/1.15.1\r\ntiming-allow-origin: *\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncdn-cache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":72780,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (593)","md5":"aba27e83b4c8d339299303e891aea49f","sha1":"3f7bda1251285587aa7ea48f240d684051c81ca1","sha256":"e868a57efefb64102f825ba1662d406528c6179a3e9a4ba1eb37a66c3ff5495d","sha512":"8a17752f627ab01bf9e3c37f1fd32652c5fc0222e1cbc975f3aa502dd8a21a55821a6847b983825e9e06537fd803b9aba154014e7d5de8469784c53af0f1fbb0","ssdeep":"1536:qUSwQLRcv3FEEKmaOkQqLhU0RhUNqBAvtL9Rzyf+a:qdLqv3FEEKmaOHqNU0ReNqCVP23","tlshash":"c46330a3ecc79a540356396ff33fa5dda2924a170c48752abc2ca5a15fce51ed9b0c30","first_seen":"2026-02-07T09:57:53.867579Z","last_seen":"2026-02-09T17:50:41.143272Z","times_seen":5,"resource_available":true,"data":null}},"time_used":445,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":445,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/js/chunk-05550dec.9174978e.js","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/js/chunk-05550dec.9174978e.js HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: W/\"69842f33-16cb\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1933\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5835,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5779), with no line terminators","md5":"d6a8de5cc45b13b5f8badc0ab075f0ef","sha1":"d2745101238b3861ad9827f33f65ab2f897f1f96","sha256":"bccff7d4a33e5841f0d23bbdbbc757158518660669123d88b0b97ef332ddbabf","sha512":"f32aff47835be768f2f122f622ce5297c4a6dc88c2407da49af80ba3bf08d43f3beaa7664056a67242e432e038830551c64112f0c7c42d25e6d00c457c8754fa","ssdeep":"96:PTHLf+Z3+Ccg+QeuhIMWI2WUIk+IIianjsIiaoVDRUh:7HLf+Z/xPhIMWI2dIkFIiaIIiaojw","tlshash":"6ec1b71095c399be8d2652c740353ee0e27a3e88945560daf77dce9135ec46e361f43c","first_seen":"2025-11-28T04:45:37.591115Z","last_seen":"2026-02-25T22:42:00.084179Z","times_seen":175,"resource_available":true,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/cdn_test.txt?1770600986647","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:26.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/cdn_test.txt?1770600986647 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Mon, 09 Feb 2026 01:36:28 GMT\r\netag: \"69842f34-1\"\r\nexpires: Tue, 09 Feb 2027 01:36:28 GMT\r\nlast-modified: Thu, 05 Feb 2026 05:48:36 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: UPDATING\r\ncontent-length: 1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"0cc175b9c0f1b6a831c399e269772661","sha1":"86f7e437faa5a7fce15d1ddcb9eaeaea377667b8","sha256":"ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb","sha512":"1f40fc92da241694750979ee6cf582f2d5d7d28e18335de05abc54d0560e0f5302860c652bf08d560252aa5e74210546f369fbbbce8c12cfc7957b2652fe9a75","ssdeep":"","tlshash":"c700000000000000c000003000000000000000000000000000000000000c0000000000","first_seen":"2023-03-07T01:02:14Z","last_seen":"2026-04-03T20:50:12.267296Z","times_seen":64047,"resource_available":true,"data":null}},"time_used":3906,"timings":{"blocked":1836,"dns":413,"connect":212,"send":0,"wait":220,"receive":1,"ssl":1222},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-homeBanner.json?1770600991735","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-homeBanner.json?1770600991735 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:31 GMT\r\netag: W/\"698840b5-2d40\"\r\nexpires: Tue, 09 Feb 2027 01:36:31 GMT\r\nlast-modified: Sun, 08 Feb 2026 07:52:21 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":11584,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (11584), with no line terminators","md5":"9fa61c95b2a4f274613c6cda43a88593","sha1":"f57238acca4d41b15557e19df758d7cd913e350c","sha256":"c416fe6ff26c1ed9e7d0e1201c29ea3dbb5a11c5d3970f6ee598901502254c98","sha512":"9bc4971d06978ee373ee48dd120dd482e084c67e35edfd64109832660f58a00e76a28de400c27f888267606416a614bf88cffdb833f6b4ae376316d2a146ed2f","ssdeep":"192:DzX7b9HEi4rYEMqKjXTlpcvAncpa8BkYMBfC+6Uju6rII7QWC1z:vreVYLjPRcvKYMBfC+6Qu6rIl5z","tlshash":"6e32afe24dfc626c9e1a455429fb4cadc6172e06e1f246f6227b432cf124f91e5b2131","first_seen":"2026-02-09T01:37:18.699243Z","last_seen":"2026-02-09T05:17:45.102549Z","times_seen":2,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/icon.049b7a82.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/icon.049b7a82.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:03 GMT\r\netag: \"69842f33-902\"\r\nexpires: Tue, 09 Feb 2027 01:28:03 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:03 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2306\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2306,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"049b7a8205030c1a56282cadc7012d48","sha1":"702f17d545a4530bb95fc47eaa905df0f33e22f8","sha256":"6d58d722f1e4faef62fe60431a8af44d0dac8e31ec95d2396d3d83301dbb959a","sha512":"a51dbc3b50bd3e7a6653664e48a8fb3d2b497e44c1ed4d8aeb559418a6e2f6791abaa570ba76c9a42884806de21ef93410adb76aaff2b69ce27a9821a7428f0a","ssdeep":"","tlshash":"1541fbbba7f9e4d1e20dc37a64e5b03e227731b99f81899441d46d908d3214e9b0ddc1","first_seen":"2025-08-17T08:14:45.141366Z","last_seen":"2026-04-03T20:50:12.302645Z","times_seen":494,"resource_available":false,"data":null}},"time_used":448,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":448,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/right-arrow.b061267b.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/right-arrow.b061267b.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/chunk-05550dec.c297abfb.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:53 GMT\r\netag: \"69842f33-30b\"\r\nexpires: Tue, 09 Feb 2027 01:31:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:53 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 779\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":779,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b061267bff3f389a5dd1570a75c8d0a2","sha1":"e1091532060f2586449bc54be02f293e34dcb7ee","sha256":"f8cd4c4e92f5c5241eeb470a9a79c2db0dd4c987be7ea0ce1c866e47635a0dc1","sha512":"33d69a7cffb9a58c2754fa54c299dfbe5ea4b7a91b86316d72e35852810bf07026af071f2c7d5d2af5388f14e3ac0ff6532409d057e015abf8a3015ade4acac0","ssdeep":"","tlshash":"4801b1fb779981dcd54f9bf5983b692200eb6cf60a4481dc5090a745e004571c454ee4","first_seen":"2025-08-17T08:14:45.23302Z","last_seen":"2026-04-03T20:50:12.349082Z","times_seen":499,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/rules-icon.b93b3e38.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:37.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/rules-icon.b93b3e38.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:33:55 GMT\r\netag: \"69842f33-446\"\r\nexpires: Tue, 09 Feb 2027 01:33:55 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:33:55 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1094\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":1094,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b93b3e38e43f96ae1442473223805f04","sha1":"3d309696db55cc91018d86275dfd9798c8766206","sha256":"dcd3b8c978223d3d1051f1d404121299ca76c4500b438ccc1722e2b261976a22","sha512":"c16ddb2a066be9cd9b4a5421b23d8a1ff929f8259ce5c902620e3b609ff0000495a21f46181278ccd16a7342634bb167755ada0dfc5c457af626db2e787faac7","ssdeep":"","tlshash":"1411ccb0c258c3ed9d259b402b1b2872b66a55fd9f14d15f33806f0c59d80af19ee9ec","first_seen":"2025-09-30T08:10:21.54482Z","last_seen":"2026-04-03T20:50:12.320356Z","times_seen":280,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/to-top.c9d21a69.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/to-top.c9d21a69.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/app.c9631895.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:31:18 GMT\r\netag: \"69842f33-1e5\"\r\nexpires: Tue, 09 Feb 2027 01:31:18 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:18 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 485\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":485,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c9d21a69f0be1ff40152075b20c37a8e","sha1":"789b5b22bbdef434fb2831be3028758c7c7926c1","sha256":"da020f3d1df7c6ea2e30c283539ce225e90eb2541f2ac1885df4458c000d5787","sha512":"4ba2bd39a41f679a87f01abeb705a3ff8b42065c064cd058f8ad37aceb997a1ff50bca91ba315020cc906cd2c8b6697b9a0d0588ab6365f254b6476f2864a2f7","ssdeep":"","tlshash":"26f0d43ae51efd16d714c640d88ae836606534bbe2c98150c1c4bb2f711c4c22c0e5d8","first_seen":"2023-05-06T09:42:13Z","last_seen":"2026-04-03T20:50:12.405648Z","times_seen":442,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/CQ9-a.88f3ad86.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/CQ9-a.88f3ad86.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:53 GMT\r\netag: \"69842f33-15f2\"\r\nexpires: Tue, 09 Feb 2027 01:28:53 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:56 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5618\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":5618,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"88f3ad8628ca6dd32f125faacc0b5340","sha1":"b0d01af14c102cbf84f5e8616337f445743caa98","sha256":"1573d7fbe56d59e7f00543155565717d7ed029e9a4fe3edf67e3fb4bb688125d","sha512":"010f0d7b08f75088ddff42f0cfd66615095a27b0a1f726d0fee7e0c11fbaeb7347201eb758124b33f718aaf00030bb1b1f7c58f0dbb43dd2c0b39d39a5527dda","ssdeep":"96:juzMwy+IPmz6aur/IcJdPrWWZfU/I7ogdmO2SiVkEjrZ8cd+TwJYp7A:juzMw6mz6/N6WJF2yEjVEwT","tlshash":"cac175e5f3e9b3f4d102f3f49669d5343b1724f27a32c62883d61e9bd65205e48ac881","first_seen":"2025-08-17T08:14:45.331577Z","last_seen":"2026-04-03T20:50:12.237008Z","times_seen":439,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/img/yunJi.08992946.svg","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/img/yunJi.08992946.svg HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-type: image/svg+xml\r\ndate: Mon, 09 Feb 2026 01:28:03 GMT\r\netag: \"69842f33-1a1e\"\r\nexpires: Tue, 09 Feb 2027 01:28:03 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:03 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nx-cache: HIT, policy, disk\r\ncontent-length: 6686\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":6686,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"08992946c5f2f1f51e7385a95516493d","sha1":"2bc57099c97d2f1ba76beb889b5136ae958d65ab","sha256":"2a600c0bfb78eaf09f75e4c785d1a27c86e2527aa7a2a8a89818fffa3faa975b","sha512":"5ec83922643c30fb3b4e1954e03788fcfd779a0e8d583d4096be2366514774e17efc94e94466f1142261a786bf8061e2599658a11711f5439912990a5099b707","ssdeep":"96:nXEl7Z51kjpQ8C5Hq6gyUz01f5MifAWgfBvQJK2FUNqKUVQqY/XfaeHQE2GLHMnp:nUFZ52jO8oqTyUY1OW692gUGxwEBLHM1","tlshash":"2ed196f3b7d4b2e4c84bd798d5179836762738fe7b15878a4340add1bb11169888ccd0","first_seen":"2025-08-17T08:14:45.173855Z","last_seen":"2026-04-03T20:50:12.394978Z","times_seen":493,"resource_available":false,"data":null}},"time_used":448,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":448,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/app.c9631895.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:28.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/app.c9631895.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:31:32 GMT\r\netag: W/\"69842f33-dd68b\"\r\nexpires: Tue, 09 Feb 2027 01:31:32 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:31:32 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":906891,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (64974), with no line terminators","md5":"cf8a56b3c69b0ab764644010b3c8055e","sha1":"099656bafdb49c0d0814bc9a31676f956e9ef053","sha256":"f4a33521f13b6ff6bec4b31591908bcf4a07ac8c6da64e5c5508bad6be42b0c3","sha512":"54b27f579fae5720e6068f3d20f2b5ff070c8c17f5931b2c04fcbfd4b90f35cdafaae8e1fcfa1fd583f0becd36c93a3593b0fe1aa69232ec31dade0901e5a08d","ssdeep":"3072:eRjvJ0tW61dpzM6Q2rw0pv0ij5kmt2tJtMthtaxPKNRI6MH5A8yh9:eRoWURM6Q2rZv1j5kmt2tJtMthttLn","tlshash":"5e15e620b35f202ab17bc6e4b0e06e5d5a28e317c5135e3dba653628cd971c7367378a","first_seen":"2026-02-04T02:40:25.899395Z","last_seen":"2026-02-10T09:34:26.121964Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1678,"timings":{"blocked":429,"dns":0,"connect":209,"send":0,"wait":815,"receive":0,"ssl":222},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/css/Index.4e085b23.css","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:31.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/css/Index.4e085b23.css HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Mon, 09 Feb 2026 01:28:49 GMT\r\netag: W/\"69842f33-165f9\"\r\nexpires: Tue, 09 Feb 2027 01:28:49 GMT\r\nlast-modified: Mon, 09 Feb 2026 01:28:49 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":91641,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"2b9a23bd194b4aab681bc70097d273a8","sha1":"c32bc26b33218a01da54464b466b5643393f19b3","sha256":"e34c8278ef97e59c4bf12b405320578bee1f6d42664e65aa2580124fe85bf1a3","sha512":"bdb1d1ce55e031f82e2a213efda2b8d3e063d68674423d3e64927ae22c7ba2a219754efd19875ed8c7b1ee0da43e09efb247524a4bb8d775112bdce6ea03cdb7","ssdeep":"768:aSS77k4/RMjlthv+GaaCmGUWm9JCq8KN9qii/1ysfaqjf4zTPY83bv666bx0GA/B:FGrtWR4JC","tlshash":"5493a421325c3029f577d6f0f0f0aa9e6118e307d2135e2dab557619ceab0d72a72bc9","first_seen":"2026-02-04T02:40:26.043992Z","last_seen":"2026-02-10T09:34:26.155177Z","times_seen":7,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tus5r4front-ge.qdyysh.com/cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-homeBanner.json?f9d772926301a65ecdc1976e540cca04","fqdn":"tus5r4front-ge.qdyysh.com","domain":"qdyysh.com","tld":"com"},"ip":{"addr":"205.198.109.99","port":443,"asn":140570,"as":"Hong Kong Beecloud System Technology Services Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.j9bba.com:9300/","date":"2026-02-09T01:36:32.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"qdyysh.com","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Tue, 17 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:56:35:5A:69:7A:FB:CE:2B:E3:BB:70:5B:39:2E:91:F9:F8:BD:52","sha256":"A2:28:8D:72:9D:DA:50:B1:0A:83:1B:43:40:0A:81:24:BD:6F:26:C7:08:E8:58:A2:D7:9B:66:AA:22:3E:62:CB"}}},"request":{"raw":"GET /cdn/tus5r4v1F/externals/static/_wms/_l/_data/form/wms-form-homeBanner.json?f9d772926301a65ecdc1976e540cca04 HTTP/1.1\r\nHost: tus5r4front-ge.qdyysh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.j9bba.com:9300\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.j9bba.com:9300/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncache-control: max-age=31536000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 09 Feb 2026 01:36:32 GMT\r\netag: W/\"698840b5-2d40\"\r\nexpires: Tue, 09 Feb 2027 01:36:32 GMT\r\nlast-modified: Sun, 08 Feb 2026 07:52:21 GMT\r\nserver: openresty\r\ntiming-allow-origin: *\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11584,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with very long lines (11584), with no line terminators","md5":"9fa61c95b2a4f274613c6cda43a88593","sha1":"f57238acca4d41b15557e19df758d7cd913e350c","sha256":"c416fe6ff26c1ed9e7d0e1201c29ea3dbb5a11c5d3970f6ee598901502254c98","sha512":"9bc4971d06978ee373ee48dd120dd482e084c67e35edfd64109832660f58a00e76a28de400c27f888267606416a614bf88cffdb833f6b4ae376316d2a146ed2f","ssdeep":"192:DzX7b9HEi4rYEMqKjXTlpcvAncpa8BkYMBfC+6Uju6rII7QWC1z:vreVYLjPRcvKYMBfC+6Qu6rIl5z","tlshash":"6e32afe24dfc626c9e1a455429fb4cadc6172e06e1f246f6227b432cf124f91e5b2131","first_seen":"2026-02-09T01:37:18.699243Z","last_seen":"2026-02-09T05:17:45.102549Z","times_seen":2,"resource_available":false,"data":null}},"time_used":575,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":575,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-09","alert":"Sinkholed","trigger":"tus5r4front-ge.qdyysh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}