{"report_id":"a47c97e3-19e8-4b0a-a088-6cb1174dc0da","version":6,"status":"done","tags":[],"date":"2026-01-07T15:27:39Z","url":{"schema":"http","addr":"wefab.online","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"wefab.online/","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"title":"Wells Fargo","dom":{"size":44766,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b099feabe192ce5ac1785b4043d95d60","sha1":"cb6fb1f5112bf1fa2e37d0bf03964143f889db23","sha256":"fc2cd08f2042be26f29cf62bff244290e8e7e5c450ab92aa152148875098a797","sha512":"59bff13a80bf4cc0d6ad355e2e36e303318e980ba242c3f1ac1994a1a56d7616edbdc74bce71cc4d7022a4d1caa759b242b92f30614948c76d1ef5fb53e42b16","ssdeep":"384:7d/Gdgf2HEGflgEuV2AUtHIMZRqSQtXOU1mmk6+pRqwXFG:7d+d7H1g1V2AUtHIMZRFQtxEmk1pRqW0","tlshash":"5a13ed2064f54137528392d66a216f1bafe1ea07c94f0a1871fc0b985fe3e93ce4766d","dom_hash":"domhash1c54813e9bb0ad375c8a814e7f20099f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wefab.online","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-11T15:27:39Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-04T22:17:15.216142Z","alert_count":0,"request_count":1,"received_data":3918,"sent_data":660,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"wefab.online","ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2025-12-30","domain_rank":0,"first_seen":"2026-01-07T15:27:40.206642Z","last_seen":"2026-01-07T15:27:40.206642Z","alert_count":215,"request_count":36,"received_data":2042747,"sent_data":42099,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WOW","description":"Reveal CSS animation as you scroll down a page.","website":"https://www.delac.io/WOW","common_platform_enumeration":"","icon":"","categories":["JavaScript frameworks","Web frameworks","JavaScript graphics"]},{"name":"PHP:8.1.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/bootstrap.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80663,"data":"","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-14T19:05:12.446202Z","times_seen":15763,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/index.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c42a7428f9fa67b7f7c8eb0706cda2d5","sha1":"f3e7b39fa2155f90c2a556222500db7a1b3246af","sha256":"ba504aded4386892b363f4d467c7ebb745c8665c0030e45a4ac7b76746f514e7","sha512":"fab7a47e0cc68d5b3d72d0cde25edf28d61fec392e988324d17f4decee96abca04749dd4c8a11b0a4c9b60c27c6f4e32b6a40f7bfe90c3cbbf101cf3486cd1da","ssdeep":"384:kD0X1Wu3mL6DAFXC9CG0Eq7oNRaL+pXK0Nq6YD6inndr0:kD0XAu3mL6DAFXC9Cuq7oNRDXKXxnnW","tlshash":"cba26349b012207944bfa73e6e2b9708fbb153279141ca563dbc419a0f37b6095d2fed","size":21774,"data":"","first_seen":"2025-03-06T08:48:00.27391Z","last_seen":"2026-01-07T16:15:20.460424Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/venobox.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a442fbef3cfad604f274f0b48214ba56","sha1":"6b2e59e236336b11dcaeb2074a3bd1abe05ee7ca","sha256":"1df1d8fbe0373dfb1d4df909c8070f05195dc2919a9d46a6dafa5311ea2b0047","sha512":"2fbebec5e7209e78411b14456ecc68f3c5464f6b3e16cba98ca12cc2e13ec25cd40220fb59ab5d47ab44814443a74b45132aa9e567bdb8a057c643995f04881f","ssdeep":"384:B/dqgNS06xAuAVgFqXdXWVGtAiLjX3qBBBxhg2:ddtNS0aAVgFqXAVGtsBBRg2","tlshash":"7262d8b82314253d02a786f571af8346337691eae51282334779d4560efacccd1a3be6","size":15910,"data":"","first_seen":"2025-03-06T08:48:00.285719Z","last_seen":"2026-01-22T04:23:58.028955Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/swiper-bundle.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"81e42a90e259549baffbe02d8d7c1fa7","sha1":"d64244d62d84069f55dc112cb37e26de2669fdd1","sha256":"03d5419055d6d0b6be436ac82b73c113802b4c727656e3f53d87d3718926d403","sha512":"dee15c64d0551c97016e314f43c83e4d01ffae00540bf3dd7f72f829fa80ba13ed0b6a3293d6ac051e3a750a27fec2dcc1db22a22927db8e3f224295eb10e13b","ssdeep":"3072:eJ24juukm4tuD6poy9v8cnWDkwV4y++GocpYgft/Cx/CFD:eJ24iukm4tuD6pl9v8cnWDpV4y++GPuq","tlshash":"49d3f8997360b1a552e3268b92a9c611e3b51400b809c4e870bd4c5b697ed9c13ffffe","size":139274,"data":"","first_seen":"2025-03-06T08:48:00.286714Z","last_seen":"2026-01-22T04:23:58.004414Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/jquery-3.7.1.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9771cc3e90e18f5336eedbd0fffb2cf","sha1":"6ee8aaa3ac1f4e0ae18717a3fd26892e9f0e4cc5","sha256":"3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24","sha512":"c503341fa3a7176fd10bd8cd7a5717c8faf971f87fa0c158f2d94fcd484ae3ed5031f49414dae833fb806b7365b5699c21d2e655376f69adb052b22f6f6982a7","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GK7:sHNwcv9VBQpLl88SMBQ47GK7","tlshash":"8083f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87532,"data":"","first_seen":"2023-10-13T22:05:06Z","last_seen":"2026-04-14T18:54:59.866852Z","times_seen":21918,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/wow.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f4af8cf3e102f855e3bdd1d0897b6ba","sha1":"ac49cfc6d4a45b406c438479b8b5ec73fe5f4fd4","sha256":"82fafe5e5180ffbc4bd0f48dcbb4b7da9b61bae2aa6510d0af6f432da569f8f8","sha512":"c0c8315640a98e6a66aa7a2eaa468235e2161ec7eff2f453bacaa4dda3a3ab9b45c8fb21953fb8a36a41f5cf1cc5ec562b9918b58ebe76df6192d7e9d9aac9f6","ssdeep":"192:bmEE6yAmu6qUxbU5C9nrr1GkEPIAeJ3KO4poIR:CEE/Amu6qUxVBxGkAI///IR","tlshash":"a402caa5374a70718a9a6176c93f0202a932156e74d4c8ec747cddd4aeb4b29336bf3c","size":8199,"data":"","first_seen":"2025-03-06T08:48:00.28765Z","last_seen":"2026-01-22T04:23:58.038327Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/anime.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d00108cf216727ac7eaa7aa575371e2a","sha1":"5068c01ad37289984c6c92236b7e063aafade223","sha256":"1d80da6a9bf40a2f929675b88059ae2b0516a4377dc5c483f85cda931b37064f","sha512":"c37c6afc9ad97e9e6ecb5391b67b2fca8b7a84594dd5648cbc10b031f75dc0890afbcdf939d24ef774fc64609336c04ea15dd534c66eb36278624d3518d2688b","ssdeep":"384:X7LTpKyzqrGGpLZo12xhMFoFlm5dwi7SeigzrLL:fTppX12j2LD7SeH","tlshash":"a082a6cc32c3b496539395b2806f244bb23e5d8064ad98a0d669f1f43c3495d89b7efd","size":17800,"data":"","first_seen":"2025-03-06T08:48:00.267353Z","last_seen":"2026-01-22T04:23:58.027751Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=DM+Sans:opsz,wght@9..40,400;9..40,500;9..40,600;9..40,700\u0026amp;family=Manrope:wght@400;500;600;700\u0026amp;family=Marcellus\u0026amp;family=Oswald:wght@400;500;600;700\u0026amp;family=Plus+Jakarta+Sans:wght@400;500;600;700;800\u0026amp;display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"43:D3:3F:93:6C:4F:F7:67:58:9D:D5:48:20:4C:74:A2:69:DB:13:9F","sha256":"8C:DB:D2:85:E1:AB:12:7B:1D:5A:65:A7:EC:22:67:6F:B3:A6:65:01:28:29:FA:D2:3B:01:8D:10:7E:4D:09:52"}}},"request":{"raw":"GET /css2?family=DM+Sans:opsz,wght@9..40,400;9..40,500;9..40,600;9..40,700\u0026amp;family=Manrope:wght@400;500;600;700\u0026amp;family=Marcellus\u0026amp;family=Oswald:wght@400;500;600;700\u0026amp;family=Plus+Jakarta+Sans:wght@400;500;600;700;800\u0026amp;display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 07 Jan 2026 15:27:16 GMT\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3232,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"7cae247e1cb1ff6758d0389eb6fd32fc","sha1":"3155498878a78a8707db768432d37aad2a042983","sha256":"ce45927a5a5c7dd365a8fe91d303200b3ea6315ead2b73d3fc950ce2eeda6603","sha512":"d1a777eb1484815bb200718065b4d8e5862a49c3b634440b2d8d6c6761be6c8437a3e370c075305cb2a98cc8500f6e8afeaa2f78359d09cd0af13d28792c4227","ssdeep":"","tlshash":"a761ae81047bb414979328c522cd7d32df1fa19064455c35bafe2888fc66d7e5361b4d","first_seen":"2025-12-30T18:38:30.539166Z","last_seen":"2026-01-07T16:15:20.475556Z","times_seen":3,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":154,"dns":1,"connect":28,"send":0,"wait":61,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/logo/favicon.svg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:17.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/logo/favicon.svg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:17 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 175\r\ndate: Wed, 07 Jan 2026 15:27:17 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f215cfa59fc8ca354b3458968659e8b2","sha1":"316cfb1a36f37da0facfa2f7d09a8eb6fd26feaa","sha256":"da832a3408cd2d121c39396047c5f89129ad247b105481971cb708dc6c03b85d","sha512":"1bc3b25ba4ae81224ddef9cc2edcfbf4d841aa004b3892f2d935ca8f544fd3c16f50d41c10c5aa5c658f86cf82155d94e26f6cfd074f364b7b96d2347ad48901","ssdeep":"","tlshash":"06e0126ccc814b4cb8ca7f787368e320001a31ab31ea8445a06141d0f4a22c3e8adcf4","first_seen":"2025-05-17T12:19:11.402772Z","last_seen":"2026-01-07T16:15:20.468339Z","times_seen":9,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/css/bootstrap.min.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/css/bootstrap.min.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 28325\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":232971,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"b7339e2e38e49e5e7391843bbb8d359c","sha1":"a1aecd0017b3560abd3a349a2fec2af41cc7c024","sha256":"7ee34865255c56df68bb73b6a67b22ee5efc4ea6774923fb615dab21bb77edf2","sha512":"472cb506f0f33c19197e5959fd6b1eb78dc178aaa0199dca67c2ca390c24ba592d5f73c447566fb953d8c738dc9d2fac5335890159a55380da45de355efcfe07","ssdeep":"1536:m9YnIWbn98fhRfvO5wlP7Qp9P3CV98IsYRElV6V6pz600I41r:pnIw98fxV986I6V6pz600I41r","tlshash":"2f3482d6f590317d9ca7c1499681fefd8a6fa985cb1209a6f003776807cabd30962dcc","first_seen":"2025-05-17T12:19:11.419581Z","last_seen":"2026-01-07T16:15:20.473138Z","times_seen":9,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/financial/v1/person-img.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/financial/v1/person-img.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 10237\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10237,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 313x308, components 3","md5":"e33434ecc372469561659dcc2d1ba8a1","sha1":"ff4e9adc0368ef6dfba4c574b52f005b29e2d5ba","sha256":"af35f9d740399a79db85f1ea86c641e8475fcd163691341d03f1e5f295178080","sha512":"befae8dd7e44fc23e4f2fc0d79abe92d29d8e124fb5b02ce4c1a50f4242f92581632245b75fc3cff5fecc51b3d4c044b4180e82e133d3530b7bbe4b783beb0d5","ssdeep":"192:E+rcFGpjoc521L9yyo5KJdYQl3NTR0SVxKDf48zZPNHVfS7+IZwdYIlc7Os/:YFG+cmpyyVkQuSrqfZtPM+M22v/","tlshash":"6722c00226878581d72c84e056fe23e8232330261b55a7f9f43cb90a63fec76a9a7517","first_seen":"2025-03-06T08:48:00.257691Z","last_seen":"2026-01-07T16:15:20.487334Z","times_seen":9,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":562,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/why-they-prefer/v1/quick-support.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/why-they-prefer/v1/quick-support.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 14672\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14672,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 518x575, components 3","md5":"483c54d98e9ecb172e362a76d0e79144","sha1":"97f166bc942e8dce0cc030a48990c474180d50fb","sha256":"814e9ef2d17d2e4335d76d51880afbf74d8491ed272bfa8032323e72ee488ae1","sha512":"fd6d9253396bb8ee85e54b664ef5d4c3e3f92e570b248e13e58617117b9ce79fe80981dab61990c1f18795433397c731edbe257851ebe18261106e5a6f4f94d1","ssdeep":"384:OOuBP9OSMYOd7kubNySCxkCAaJ1xA4n6+JL:OOo15/ubNySYnAmxXn6+JL","tlshash":"6062bfe917ea94a3c7c63dbc545b1304639bd02194966172db9cde1c76c4eb22cef842","first_seen":"2025-03-06T08:48:00.271807Z","last_seen":"2026-01-07T16:15:20.484711Z","times_seen":10,"resource_available":false,"data":null}},"time_used":603,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":602,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/discover/v1/meet-team-img-3.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/discover/v1/meet-team-img-3.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1533\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1533,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 67x67, components 3","md5":"8e4915301157737c84fbec5c2b08a023","sha1":"4a568ca79e8c2442ad614f9cc306904e92a31c5d","sha256":"5727f1f045b2312844ed7dcbe67512a9c44e4347d2359e560d1bce40adf35275","sha512":"7c2ead51e5b33b32033cad968ba9db37fa5865f60f0736a3daacbe560d903a1c62bf2b4796e53addb5aae3478596281f08b643239cc15e992947b8af8c56f084","ssdeep":"","tlshash":"7f31e9435f570d41e36932b928b41f8927cf8c190795c7bd60816d1fd93fc78a9d0681","first_seen":"2025-03-06T08:48:00.25272Z","last_seen":"2026-01-07T16:15:20.472502Z","times_seen":10,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/jquery-3.7.1.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/jquery-3.7.1.min.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 29737\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":87532,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"c9771cc3e90e18f5336eedbd0fffb2cf","sha1":"6ee8aaa3ac1f4e0ae18717a3fd26892e9f0e4cc5","sha256":"3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24","sha512":"c503341fa3a7176fd10bd8cd7a5717c8faf971f87fa0c158f2d94fcd484ae3ed5031f49414dae833fb806b7365b5699c21d2e655376f69adb052b22f6f6982a7","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GK7:sHNwcv9VBQpLl88SMBQ47GK7","tlshash":"8083f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-10-13T22:05:06Z","last_seen":"2026-04-14T18:54:59.866852Z","times_seen":21918,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":229,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/bootstrap.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/bootstrap.min.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 22905\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":80663,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"6baf57f25796c332144ed58a2a0cd9ee","sha1":"f7fd0f3dc84b2cf93bf81e832505a673f354e0a3","sha256":"82f64f62bb03c1bc1824b0f9c9e05f70dba33e146818e63cdf5c306c8cf3dedd","sha512":"5ff6240d9ca34dfe30c9cd95cb5e981823c7c0063cad9258f8f3a0a24663401da684844524272410673a6325fd78db0f7e7d0fcd3844b8db3eb9aa2613908ee8","ssdeep":"1536:Qmw0iELO+TBR2t472RirWyKsVfK5GEfy3YJtCRv/45wZbqbXZTbYWU178:VwXza3YCl45wZODZTbYR8","tlshash":"cc73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2023-09-18T01:21:14Z","last_seen":"2026-04-14T19:05:12.446202Z","times_seen":15763,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/anime.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/plugins/anime.min.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6964\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":17800,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (17638)","md5":"d00108cf216727ac7eaa7aa575371e2a","sha1":"5068c01ad37289984c6c92236b7e063aafade223","sha256":"1d80da6a9bf40a2f929675b88059ae2b0516a4377dc5c483f85cda931b37064f","sha512":"c37c6afc9ad97e9e6ecb5391b67b2fca8b7a84594dd5648cbc10b031f75dc0890afbcdf939d24ef774fc64609336c04ea15dd534c66eb36278624d3518d2688b","ssdeep":"384:X7LTpKyzqrGGpLZo12xhMFoFlm5dwi7SeigzrLL:fTppX12j2LD7SeH","tlshash":"a082a6cc32c3b496539395b2806f244bb23e5d8064ad98a0d669f1f43c3495d89b7efd","first_seen":"2025-03-06T08:48:00.267353Z","last_seen":"2026-01-22T04:23:58.027751Z","times_seen":11,"resource_available":true,"data":null}},"time_used":613,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":313,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/css/responsive.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/css/responsive.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Jan 2024 22:53:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 10601\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":91242,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (478)","md5":"7336e6f6982d68d96978f9cc55281640","sha1":"921031815c3721c0b07a4c5be773cbc2d6b5568a","sha256":"02efe8eb9f26dc3b6cc7d178dd8bca4ab18f1ab5ae8e445690185bce9aaacb53","sha512":"640fc2ef24f7f139ee1d1998345fb2c9535471fca91b30a9eafffb13549d939a261065f891db94eb3c99bc0234f6abb281a06a48c1ada3b7c2ce2eff59f7da53","ssdeep":"1536:co12+Y7i6p77YK2tYb16wOF98LO7zjd7i6Zb7iw7T17iR4e:u7i6p77YK0Yb1+d7i6Zb7iw7TAR4e","tlshash":"a69365de78a720603896267b7dfa62606132d423e2dddce63dd8622dcf4c354dad1389","first_seen":"2025-03-06T08:48:00.265156Z","last_seen":"2026-01-22T04:23:58.036531Z","times_seen":11,"resource_available":false,"data":null}},"time_used":373,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":370,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/discover/v1/meet-team-img-1.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/discover/v1/meet-team-img-1.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1620\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1620,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 68x67, components 3","md5":"def2fc446d104be005eb54ccc104243d","sha1":"5641400099e305554fcebd641f042961eacfdc4e","sha256":"2f078c64b2eb852c0c874a4c9ae0a9eb499f453d877e8ba024c6d38d528a2446","sha512":"d4e1a2499ed7d0ad7a790fd845cd41de91c71c6b436b2fda1db0d1bb0064a1a4b2c376fe239aab8c6b385eeca974e92e350102e9fe735bad48c072b6e1cd91c1","ssdeep":"","tlshash":"7b31b505b7185a25e3a3097425c46ca9b375b841acd2c3b78051ae22086ecf0ccd51ec","first_seen":"2025-03-06T08:48:00.266303Z","last_seen":"2026-01-07T16:15:20.471833Z","times_seen":10,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/financial/v1/chart.svg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/financial/v1/chart.svg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Sun, 21 Jan 2024 21:32:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4801\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12853,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"077214d6ca9c27616917efa808e8d43e","sha1":"eb085377e00847638d524c4bcfa6f9194824c983","sha256":"e889d226719be514a699d6caab22da7f44ec6639a0cbf187beafe2cf58691dce","sha512":"0de3df4b64b9b63dfb5697f36619b0a7c1911d37eb98175dd312c28baff990c5549700d398697c98bfa8dee40dc802247cc6b594ce1f1db09e1fbc22d70a0dbc","ssdeep":"192:bSZtim6KTlNwuUsOw1GtMU16lim6KYF4WyxsMSvrj1UQ7ljp8t0Ave5:bSZtiqTlaFsJ161Siq2ax0yQ7k1e5","tlshash":"6e4253ca1320938d5ecdc84eff3654e4751fa0abffb698c145de8a18954f990f618c88","first_seen":"2025-03-06T08:48:00.251109Z","last_seen":"2026-01-07T16:15:20.483907Z","times_seen":10,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":595,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/discover/v1/meet-team-img-2.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/discover/v1/meet-team-img-2.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 1562\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1562,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 67x67, components 3","md5":"c80db425e55919864d5bd036c98bf4df","sha1":"bf0362e1cb915a67b7f58c3eec3bdde929b27e03","sha256":"4f5133a425f7dd025c7cc8c435edbc489d5c7874f5233af343a5cf1dafa6df55","sha512":"83b5f91dfbd97e5e020bb897a653e344cc3661711edb60bd1d15d09770afa42ebaa1cbc7cb6fd4c23af9f070f861056e1a49f5421ed4804748f71773ccb9e99a","ssdeep":"","tlshash":"77318588af6b2a0be784157e032d6b76775d4d298d5417f190612c0f0477df88ae1b68","first_seen":"2025-03-06T08:48:00.283811Z","last_seen":"2026-01-07T16:15:20.479118Z","times_seen":10,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/discover/v1/plus.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.410Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/discover/v1/plus.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4052\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4052,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 308x308, components 3","md5":"74402ced9656f6f2fd6b9f1e4b138996","sha1":"fff954cac99d0396a7d29c5fa9ebf4dc5f696677","sha256":"8740c33c177f6218f2ab9af43552e374676d257f40f6d7cec924bfbcb3bdd3ba","sha512":"4cac8458fd517d342390431cebe0018bb4f02b36a3616725811f433b7cad9025fe0bb32a979a2d8b2812f9b80439648508428e93f24f9536543d2a5491bdab56","ssdeep":"","tlshash":"4b814d1373df6064d3bafa39d3125224253865e212ed1af1e64a7f1c3ca0cb9cd98034","first_seen":"2025-03-06T08:48:00.26015Z","last_seen":"2026-01-07T16:15:20.473768Z","times_seen":10,"resource_available":false,"data":null}},"time_used":621,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":395,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/all-icons/icomoon28a0.ttf?74zehw","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:17.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/all-icons/icomoon28a0.ttf?74zehw HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/temp/base/assets/all-icons/myicon.css\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:17 GMT\r\ncontent-type: font/ttf\r\nlast-modified: Wed, 10 Jan 2024 01:28:02 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 14492\r\ndate: Wed, 07 Jan 2026 15:27:17 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":25056,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 11 tables, 1st \"OS/2\", 14 names, Macintosh, type 1 string, icomoon    ","md5":"a624c1b68ce4a38b38c3621ee7d12fed","sha1":"810950a9a7829aa1d2d0c37426d3d1ee3b7525ca","sha256":"215d2649490ffb6ed0c77def2d40ba9e2bd0e077743acbb72aaa43ab8bd211d5","sha512":"2ba756187f68b8a83e2c9874b3841406572f6c76aee4bafd75fbb23d658ddc7c5f0b62a4e11f3684952f47dbf694b1f61a73dd855af00ced5072c951b518a1f1","ssdeep":"768:YhAywbNCQv/eJVGx10ifC1oEEXlDF21HliGgg9JAwghxGYHGpcTqnO:YhbwpZOJVGTfC1oBXlmHYg9ppy","tlshash":"16b24b27db8bffddd819a2374c6601224de5dd21d639e287a6861c85d01e4fc4e34b8e","first_seen":"2025-03-06T08:48:00.275089Z","last_seen":"2026-01-22T04:23:58.03952Z","times_seen":11,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":138,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/css/plugins/venobox.min.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/css/plugins/venobox.min.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2758\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15103,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14938)","md5":"266c8269b3caf866ebc95017f237fa0b","sha1":"58be51e0f41db6d966b81656748749b271374c39","sha256":"78843dea1d739d4e8a9690903af5ab76e307f31ad2c7e89a609e8085360679b8","sha512":"f6665fc2c7b4d9f2b478e136a29996659b05fd8e7af96b4e222522678411a7fbb99bb1de294e9ef569f9d586f20b27247f590af5853643b7c06486379d8c1efa","ssdeep":"384:l/+Vv/JYyRsLHeRiSii53BCPPaYSQEL3FIgPOKcAekXzfszC+0UUzHumYJDgGjpT:l/+3JYyRsLH/Sii53BCPPaYSQEL3FIgU","tlshash":"6e6255b11f1021dab5478753a3ec8f984136c6929e334fdfb321a0a84bc6ab65357763","first_seen":"2025-03-06T08:48:00.278215Z","last_seen":"2026-01-22T04:23:58.013782Z","times_seen":11,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/css/style.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/css/style.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Jan 2024 22:53:28 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 36247\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":376040,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3565)","md5":"fcadde5586e6ad0b5e7082f029668f16","sha1":"e7d367bfbd9c013b159241c4541828a11e9acf45","sha256":"46b0dd37882c7893d67f7d050df5744b4d663ce95afc87c78f10117eb4fc9d9e","sha512":"a9b46783998ccf92ded3aa60f6e5d769348b5317ffda606796cbbec68f72e8b4401e26bb0cc3d55f70acf7c114cb868c2c3413c5bd930c4572684e107fccf831","ssdeep":"3072:1tbSUU3paqy2/+2CSO3zABW52Fco7W7Q7+7kXT+m/eyuy3CCuKdm:rfU3paqy2/+2CSO3MW52L/3CCuKdm","tlshash":"348492e4a19b5560168786ad3ed6a710e37cc0138a89d8b8bbfe150c4f927dcd1d236f","first_seen":"2025-05-17T12:19:11.406121Z","last_seen":"2026-01-07T16:15:20.470437Z","times_seen":9,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":247,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/storage/app/public/photos/mDlqTjML17CdaRq14XYEV20S8vNfNUzIgMXi5hLi.png","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /storage/app/public/photos/mDlqTjML17CdaRq14XYEV20S8vNfNUzIgMXi5hLi.png HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 30 Dec 2025 22:01:47 GMT\r\naccept-ranges: bytes\r\ncontent-length: 18054\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18054,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 41, 8-bit/color RGBA, non-interlaced","md5":"34625ea6d49a3f98dac22b5837d7cb74","sha1":"c9d4dfff079e9390208345722b002234d73e284a","sha256":"279df4746c7c7efc9f41b4b6358745113a35e9c56659c9ca87100b78a74b39e5","sha512":"fd6c023c6323d179fc0af169abb83017f28c2d56c8654ef0341d3af635363e9ba2f142ad0f9c6e7bae80e46e3d5682e075fabc44db1ab36f7e2f69b257ca07ab","ssdeep":"384:Q/db5qg/AuDzNspaDNR3cMTocr7crEBikMuVSENjK:Q/dYqAuDz84R3PscRVK","tlshash":"2482d0d4bec1be04f27ecce6f48554a578f20e9a97217c1edb5880dc8e1bcd94894e64","first_seen":"2026-01-07T15:27:48.091037Z","last_seen":"2026-01-07T16:15:20.48607Z","times_seen":2,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":373,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/why-they-prefer/v1/digital-visa-card.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/why-they-prefer/v1/digital-visa-card.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 10034\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10034,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 410x578, components 3","md5":"efe40615927bc0b14738fb5136a2be3b","sha1":"85429ff601207fef02af6764184307785cf2f397","sha256":"6d636142952e9bdc36c8fbc16fdf04c4d2de8234369cb80c66d1ae937450bb13","sha512":"bb33c555590f186294714ffb2d981d9a13bf143445ee1219795e59aeebb3f832bd05c087be0ec4dd997397e234b53ac2ab2a4afc4f3c6e4fb1b3417463be0884","ssdeep":"192:EjfyJBeIQmATY8EHkFlM6rm/vgI0Gn+PBtQMFofO7esvQg:0yJBhAoB6rG4rPtFEAvQg","tlshash":"9622c0450259a549ebe42f382c9d173aa3d7b7c5086acfbf9508c64890a4cf24fb7375","first_seen":"2025-03-06T08:48:00.284699Z","last_seen":"2026-01-07T16:15:20.485382Z","times_seen":10,"resource_available":false,"data":null}},"time_used":627,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":626,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/discover/v1/right-img.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/discover/v1/right-img.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 33090\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":33090,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 628x670, components 3","md5":"2d8ce882f6cc19236cf69f5e0df274f5","sha1":"ac74c31c9bf5f33f04c8eef4453ad17cabb9a9fe","sha256":"6c0b264f802355cb5fa88fd2673c71c13dd90f37fd2bf8f326100b9a9c874710","sha512":"b0dec7cb54368b313664cbe5181379b06dc893f22ab3050899940dea6685efc61fda441210f7a98a29c4d31fa219984ac607fde50e23c94d42a224505d3f7512","ssdeep":"768:1KpWutECFCbOfNg8U05Vft+LujCCrpSaDWhrIOU+SIIUL5P8vMJJFDflows9:8gut7QqfnU0ZYWCk0aDWhrIOUo5DjowG","tlshash":"bce2e055b346b54edfcb10b05b8403a56b493f22c789a73d9974be259c00e344af9b7c","first_seen":"2025-03-06T08:48:00.272896Z","last_seen":"2026-01-07T16:15:20.464532Z","times_seen":10,"resource_available":false,"data":null}},"time_used":623,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":231,"receive":392,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/recent-blogs/v2/recent-blog-img-1.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/recent-blogs/v2/recent-blog-img-1.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 10832\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10832,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 410x330, components 3","md5":"2f8049424e17fcb7f529562ae92edd97","sha1":"7bf425f08381dd15d97114fdcd24da52b7e7227a","sha256":"b68ce981657d8cc4fe682918b904c8fef9b538384bef7cd83a329d73e2ef0466","sha512":"dd579dd1f8547e9877c75926c34f50e5dc08b9e19ac5aea64be76f641f8032772cc68449bca6c97df85f161239c8838e5fb4bf7e86f47af656a7e266235f8708","ssdeep":"192:E4MH4C8Eua+ik9qSvTWH7xp9qhNPpJycA3/yHwKPQyRJJOKLB09DrGr1vr:cYC9RC47xp07yFeFJW9Dyxj","tlshash":"fa22b06a66e4e4a6df81a8f2c787ef757b89441a01a79bfa3c135c14e71bd361070037","first_seen":"2025-03-06T08:48:00.261742Z","last_seen":"2026-01-07T16:15:20.474575Z","times_seen":10,"resource_available":false,"data":null}},"time_used":622,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":621,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/wow.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/plugins/wow.min.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2632\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8199,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (8046)","md5":"3f4af8cf3e102f855e3bdd1d0897b6ba","sha1":"ac49cfc6d4a45b406c438479b8b5ec73fe5f4fd4","sha256":"82fafe5e5180ffbc4bd0f48dcbb4b7da9b61bae2aa6510d0af6f432da569f8f8","sha512":"c0c8315640a98e6a66aa7a2eaa468235e2161ec7eff2f453bacaa4dda3a3ab9b45c8fb21953fb8a36a41f5cf1cc5ec562b9918b58ebe76df6192d7e9d9aac9f6","ssdeep":"192:bmEE6yAmu6qUxbU5C9nrr1GkEPIAeJ3KO4poIR:CEE/Amu6qUxVBxGkAI///IR","tlshash":"a402caa5374a70718a9a6176c93f0202a932156e74d4c8ec747cddd4aeb4b29336bf3c","first_seen":"2025-03-06T08:48:00.28765Z","last_seen":"2026-01-22T04:23:58.038327Z","times_seen":11,"resource_available":true,"data":null}},"time_used":619,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":618,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/all-icons/myicon.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/all-icons/myicon.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 10 Jan 2024 01:29:32 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 985\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4988,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"48d031bd64fcd3fad070a83a6f64d5ec","sha1":"5e5c2a1f0bed6eed4d220e373e5482f10c6a0673","sha256":"92f6292b096646c45ee33d40ea5dde947bc8a4683d9ac28ea53516b5712edcb0","sha512":"9d9b7f228b2bff3e5fe4e71c0bc764d061d19210f96ab3701d1723179b89c8aa3a255b5c33a6eb6b4c637a517f1a08401ba39e0f5f29ed86d1e50acdd958c9b4","ssdeep":"48:Y51BrOEOrMa5BMa6whMPc/G+jF0Y8PxQCmpwWLGQQvCYfpZm:Y51BrOEOrM5foGQOUbQvCt","tlshash":"e2a1c0e8a8bd09905340e4d123522620ff1da3299d9f2d5af2b3788cb7e2215d5d73ed","first_seen":"2025-05-17T12:19:11.393006Z","last_seen":"2026-01-07T16:15:20.469081Z","times_seen":9,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/recent-blogs/v2/recent-blog-img-2.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/recent-blogs/v2/recent-blog-img-2.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 7797\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7797,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 410x330, components 3","md5":"3f6c13f2b6526edf2091fcff9b963592","sha1":"989f72d57eed4ed38ac9808446fb92c64537616b","sha256":"98613bd7cf936b6606328f1d2018d8f573e529b9ade6e14d49247e335b8426cd","sha512":"a7f89bb3caa5aa5a1bf91a4a1a863ac7c1f7da49c2fbaed27b3b5732ae8706e3141bfd8cfe11e28f8c97b904fe723bbaf4164886fe8ceb97dfcf70b10f44b530","ssdeep":"192:E4iqm0S22Lu8F8xx2qRdSJgsh8HAulqcdqwvudLmQTcl:Sqm0/8F8zbRJHAuTjwHC","tlshash":"e6f1af86735d2cafeb27e074165d4648a34c95625fb81cbe62dd4895b840c324caa6c7","first_seen":"2025-03-06T08:48:00.262914Z","last_seen":"2026-01-07T16:15:20.465408Z","times_seen":10,"resource_available":false,"data":null}},"time_used":622,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":621,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/index.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/index.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Mon, 22 Jan 2024 22:21:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3884\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":21774,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"c42a7428f9fa67b7f7c8eb0706cda2d5","sha1":"f3e7b39fa2155f90c2a556222500db7a1b3246af","sha256":"ba504aded4386892b363f4d467c7ebb745c8665c0030e45a4ac7b76746f514e7","sha512":"fab7a47e0cc68d5b3d72d0cde25edf28d61fec392e988324d17f4decee96abca04749dd4c8a11b0a4c9b60c27c6f4e32b6a40f7bfe90c3cbbf101cf3486cd1da","ssdeep":"384:kD0X1Wu3mL6DAFXC9CG0Eq7oNRaL+pXK0Nq6YD6inndr0:kD0XAu3mL6DAFXC9Cuq7oNRDXKXxnnW","tlshash":"cba26349b012207944bfa73e6e2b9708fbb153279141ca563dbc419a0f37b6095d2fed","first_seen":"2025-03-06T08:48:00.27391Z","last_seen":"2026-01-07T16:15:20.460424Z","times_seen":10,"resource_available":true,"data":null}},"time_used":618,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":298,"receive":320,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/swiper-bundle.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/plugins/swiper-bundle.min.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 37086\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":139274,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65376)","md5":"81e42a90e259549baffbe02d8d7c1fa7","sha1":"d64244d62d84069f55dc112cb37e26de2669fdd1","sha256":"03d5419055d6d0b6be436ac82b73c113802b4c727656e3f53d87d3718926d403","sha512":"dee15c64d0551c97016e314f43c83e4d01ffae00540bf3dd7f72f829fa80ba13ed0b6a3293d6ac051e3a750a27fec2dcc1db22a22927db8e3f224295eb10e13b","ssdeep":"3072:eJ24juukm4tuD6poy9v8cnWDkwV4y++GocpYgft/Cx/CFD:eJ24iukm4tuD6pl9v8cnWDpV4y++GPuq","tlshash":"49d3f8997360b1a552e3268b92a9c611e3b51400b809c4e870bd4c5b697ed9c13ffffe","first_seen":"2025-03-06T08:48:00.286714Z","last_seen":"2026-01-22T04:23:58.004414Z","times_seen":11,"resource_available":true,"data":null}},"time_used":621,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":610,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/js/plugins/venobox.min.js","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/js/plugins/venobox.min.js HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4887\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":15910,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (15510)","md5":"a442fbef3cfad604f274f0b48214ba56","sha1":"6b2e59e236336b11dcaeb2074a3bd1abe05ee7ca","sha256":"1df1d8fbe0373dfb1d4df909c8070f05195dc2919a9d46a6dafa5311ea2b0047","sha512":"2fbebec5e7209e78411b14456ecc68f3c5464f6b3e16cba98ca12cc2e13ec25cd40220fb59ab5d47ab44814443a74b45132aa9e567bdb8a057c643995f04881f","ssdeep":"384:B/dqgNS06xAuAVgFqXdXWVGtAiLjX3qBBBxhg2:ddtNS0aAVgFqXAVGtsBBRg2","tlshash":"7262d8b82314253d02a786f571af8346337691eae51282334779d4560efacccd1a3be6","first_seen":"2025-03-06T08:48:00.285719Z","last_seen":"2026-01-22T04:23:58.028955Z","times_seen":11,"resource_available":true,"data":null}},"time_used":620,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":619,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/storage/app/public/photos/gZs3IbfdmVfUSbET5HiUCtc8P9RYskexIyne50jR.png","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:17.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /storage/app/public/photos/gZs3IbfdmVfUSbET5HiUCtc8P9RYskexIyne50jR.png HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 29 Jul 2024 12:57:01 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4063\r\ndate: Wed, 07 Jan 2026 15:27:17 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4063,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 101 x 175, 8-bit/color RGBA, non-interlaced","md5":"4d7460a2fcb9aab0f091c3b2e8bacd84","sha1":"c19d6862bdabd2b20bac0dd448188d0ad3890964","sha256":"3ac7e2422f5e97c36bc5cb708c520cb09d06fab0dc7cd311f45639576cba1f97","sha512":"474e063cfd2fab716e68460ef34198631c267fc579111b66e45b8ce2d96c400d475218bbb013f80aff43042c48da30704cb7b8d46452f3689bf598f7f620dc6d","ssdeep":"","tlshash":"01818e9d5931891c6ab4641010a607de5e13cc36f88d8bfe6c067d755c88d9bcde0d5e","first_seen":"2024-08-19T14:16:27.218157Z","last_seen":"2026-04-03T05:20:02.884437Z","times_seen":40,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-07T15:27:13.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/8.1.33\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\nset-cookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; expires=Tue, 31-Mar-2026 23:27:15 GMT; Max-Age=7199999; path=/; samesite=lax; secure\nubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D; expires=Tue, 31-Mar-2026 23:27:15 GMT; Max-Age=7199999; path=/; httponly; samesite=lax; secure\r\ncontent-length: 5921\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"WOW","description":"Reveal CSS animation as you scroll down a page.","website":"https://www.delac.io/WOW","common_platform_enumeration":"","icon":"","categories":["JavaScript frameworks","Web frameworks","JavaScript graphics"]},{"name":"PHP:8.1.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":45166,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"b4bad5901a2b3900348923ddfb65c952","sha1":"f1868a239f7933b96e391d7652cb6b450313f659","sha256":"26c5930d27da76a6b87e029721745fd24542c1b1b98c04fc0665a18bd8541eaa","sha512":"8d9cfe1854b9269e8e96544fd916110b06e176d398593305ff8360a67546570b9857d1dba9b520a8bee9361c5fce3c882b456518547447d3c929592b1a387ef3","ssdeep":"768:Fd43UOXyTiXMr/J1PJRsK8dbS6YpJXsA1lzWJ:F+EOCGcrR1PJRsK8dbPYpJXsA1lzWJ","tlshash":"9713dc2024e5513752b381c96a216b9afee1c207ca4f4a1871fd2bdb5ff3d42ce43669","first_seen":"2026-01-07T15:27:48.104894Z","last_seen":"2026-01-07T16:15:20.482536Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2364,"timings":{"blocked":220,"dns":12,"connect":100,"send":0,"wait":1920,"receive":1,"ssl":107},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/css/plugins/swiper-bundle.min.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.371Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/css/plugins/swiper-bundle.min.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4414\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18354,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (18192)","md5":"fd8fccb3e5e9b5ff2812ace189123e4f","sha1":"0195d0ec2b0b4acf9dea87c4beed57dc894152b3","sha256":"459cbb2f30fcbdfc088657c7704e17991b5a0213466ad6e51b0e1bece6aaea5c","sha512":"82e440d05e41cbd0457e61f6c1827f238f34970ed190288ef79568df37109f10de9a3b494ad6b6594e5936a1fdda8bb8e1510ee974ef4b01bf13a8412f627ad3","ssdeep":"192:InmUJbiKneSJTLdKSme+jeF474nQ7p/l2GZb0Q5RfufKDvAYfg5faeesedOJxX/A:vUbeSJndKW+Sa0ni24tnWfz4cfQ","tlshash":"298255a85310182753274f364b71cbb9e97444c20fd389ae91c0ee58d7fadb9136f2a9","first_seen":"2025-03-06T08:48:00.248512Z","last_seen":"2026-01-22T04:23:57.998135Z","times_seen":11,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/financial/v1/dollar-img.png","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/financial/v1/dollar-img.png HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 62532\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":62532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 249 x 231, 8-bit/color RGBA, non-interlaced","md5":"904463fef51ac1d394b542bdcf932588","sha1":"2e639476aec486fd4e7ecbe0ad6f2659119b6ffc","sha256":"b97973c1e5a790ee4f8348cfbfbfbc1c3c545e15e47bff9638225254d93045df","sha512":"a1c50fcb2b55a7a0ccf9d92942c2970119adead11f4af45d97b94171e5c33b7dd85f9ffb7e41ad348ec38fbf4def23d048d79a47c47b994467adc209edc86912","ssdeep":"1536:Dy5iCGBpjwmhjEvRJY5HeYFNHSJNOPYT9bBCVIY9:DyPGBeECJY5+YFNyJQsU","tlshash":"2c5302d88616dd20544abf3471da413b60da66db2c87a10750ecb22526ffbdf89ef00b","first_seen":"2025-03-06T08:48:00.258776Z","last_seen":"2026-01-07T16:15:20.489707Z","times_seen":10,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":562,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/paymenys/v2/visa_card.png","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/paymenys/v2/visa_card.png HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 252021\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":252021,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 697 x 595, 8-bit/color RGBA, non-interlaced","md5":"97f7e8d4fbe373ff2c64c2cfb627a313","sha1":"ff064655ddd16b74e866ce5ebcb2f7891df03925","sha256":"c5a0ebed5a7ef004e33a661976d9627c651a2c0474cd846ff370720ce7701031","sha512":"b234847c56439cb1d7f816139524bc60d62d8e20794797e14a4aed666c78fc55bb1fe29038a0a746d3084ff44842d8e64c52e1467f9b4b7505cf7dcee4913a5a","ssdeep":"6144:r3mVxeD6vMZdp1FIykiec9CDJ1wp2IoNewP6+9:TGzQPkbDJnIl+9","tlshash":"ed34235edbb59a4a0cc7b84f95960f28fb8792bb91176dfd6821293c03131b59304fe2","first_seen":"2025-03-06T08:48:00.279229Z","last_seen":"2026-01-07T16:15:20.461632Z","times_seen":10,"resource_available":false,"data":null}},"time_used":562,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":396,"receive":166,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/why-they-prefer/v1/the-world.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/why-they-prefer/v1/the-world.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 13 Jan 2024 00:12:30 GMT\r\naccept-ranges: bytes\r\ncontent-length: 91126\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":91126,"size_decoded":0,"mime_type":"image/jpeg","magic":"PNG image data, 284 x 347, 8-bit/color RGBA, non-interlaced","md5":"0be60df2c4dfcafcf93db8c1eb88320f","sha1":"e2c09a76c5afb64a6e786b30c4da88a6a0dc9621","sha256":"8e0b7a1fcc216c6cfa08328eb01c32c24ef876c963a4754ab7526e2e6fd68946","sha512":"d06b51af664440f65304c3977f16ef044e754278242370a7bfebf81bee8c12bd8cd0dc886e9baf0c06b31887728f4ca96d081a3d9e87a40df2c8b84b2e3adb6b","ssdeep":"1536:MYE4EIehuFZsi/5U1c4dhBnMANTeeZkeUsZSwgFoD9LvFmEqem7kdSfRv+q3JJx:MCpecp/UdhBnMAheeZkeUsiiDNFmWm7b","tlshash":"c7931274d1b43a148e41d24cd117685587b6148ff88caa1af08cfd2e1e9ac0aa92fbc7","first_seen":"2025-03-06T08:48:00.269827Z","last_seen":"2026-01-07T16:15:20.463677Z","times_seen":10,"resource_available":false,"data":null}},"time_used":627,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":603,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/recent-blogs/v2/recent-blog-img-3.jpg","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.418Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/recent-blogs/v2/recent-blog-img-3.jpg HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 9743\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":9743,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 410x330, components 3","md5":"da63710e00b97cff47d8636c0ba6e9cb","sha1":"99d0da10bcf612ab7b647e3b45d30cbf95d909bc","sha256":"66d00731687503da56aaceb6cd93eccb42974c451473f21b1623f60d7d4c3a93","sha512":"bc4b438a330196cc5ddeff37c7cc5aacf614f1b1d7a227d61ba3a419936ab0182dd97abdf4828219a5b242006b41e2780bceca241a077c44044b027b725bd7a9","ssdeep":"192:E4k/qe8EbityHcX6ENRFFSYcXg2zeulJWkIxaMhOW97:0ZbityH2vNRFFD2gEjzSt7","tlshash":"d312aeeb43ea500aeb53a33695be131a5610de2d1a654f7118c13a4cc1a7ffb45b27cc","first_seen":"2025-03-06T08:48:00.281457Z","last_seen":"2026-01-07T16:15:20.479787Z","times_seen":10,"resource_available":false,"data":null}},"time_used":619,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":618,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/bg-shap/v1/01.png","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:17.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/bg-shap/v1/01.png HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:17 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-length: 207025\r\ndate: Wed, 07 Jan 2026 15:27:17 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":207025,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 1837, 8-bit/color RGBA, non-interlaced","md5":"ed739306ee497c9db43baa8b2eff00e2","sha1":"5085b6f132fe96d938dc60fffc23db91049d2b3a","sha256":"96c25ea1aa0e23b00f89527ea3fcb38d04a720aefc298f1183d7e87ff19a5e6d","sha512":"e16ed046746b30628fa303c01d020363df4b71c88f1b9cc7c28539a28a5631741dd21e46e5e40e086f717a5ab80e7e17acb646b1328dde78c1c5a4b2c5ccc423","ssdeep":"3072:gAVFkxDVNcurUPWeDMLjw8Vm6diYV7ouwOa8PWtfGTAbr8fJ42vkeYYFkracNiR:g4gDVN/eWEO8uhgfhba65eera4iR","tlshash":"9814f1fe942c6e7cc44c6df25c7a7ee6621643048bad2a245a72e3356903f0c6e52e17","first_seen":"2025-03-06T08:48:00.264011Z","last_seen":"2026-01-07T16:15:20.488196Z","times_seen":10,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/css/plugins/animate.min.css","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/css/plugins/animate.min.css HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 06 Jan 2024 23:33:40 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4800\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":71726,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65369)","md5":"2f99d132abe4bc5f2d8bde7310487c0c","sha1":"c00e8d1c2e32dcd4711147a533aaf5cb61c2d12b","sha256":"7610b060ff68c6471f26b03808d7f7f70fcae1947cb0a60609f9b27e860104f5","sha512":"a40cf2bdc7a7e618344edb1e6c3dee2624680c8d599e89d5d3621928bcf881ba08fe8e93acf8570c2463b4082b127d07660e6114823d8b74f506000bf0edba7c","ssdeep":"1536:p6uNQ3fdPwwanleMf72yMPkZ8PFwh1nAukdDO3Xyr5Ir5eh0dTo:4kZgwh1nAukdDO3Xyr5Ir5eh0dTo","tlshash":"266329ae4891128990230f6787cd5ea84b3dc6a315721cee33552c0b8b46fee73de617","first_seen":"2025-03-06T08:48:00.256208Z","last_seen":"2026-03-02T03:02:17.05299Z","times_seen":14,"resource_available":false,"data":null}},"time_used":129,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":129,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wefab.online/temp/base/assets/img/financial/v1/shap-2.png","fqdn":"wefab.online","domain":"wefab.online","tld":"online"},"ip":{"addr":"163.61.188.5","port":443,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wefab.online/","date":"2026-01-07T15:27:16.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wefab.online","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 30 Dec 2025 19:35:03 GMT","end":"Mon, 30 Mar 2026 19:35:02 GMT"},"fingerprint":{"sha1":"8C:D6:72:B3:A2:3E:81:80:0A:09:55:F5:29:70:07:B7:DF:C4:31:89","sha256":"6A:45:8D:33:F7:B2:41:02:9E:27:47:D5:AE:9A:E8:02:09:EE:A2:5B:A0:A6:F7:72:11:43:F2:38:05:11:AC:A7"}}},"request":{"raw":"GET /temp/base/assets/img/financial/v1/shap-2.png HTTP/1.1\r\nHost: wefab.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wefab.online/\r\nCookie: XSRF-TOKEN=eyJpdiI6InVYQnRNRC93VXhqUU16RTVLRWxWdkE9PSIsInZhbHVlIjoiS3MvcUxVK2Z1Ymg5TkhzZ1MveHRFS2p4ZC9rMTRoSnFtbTZCU09oSk9SRnlnSXZ6a2xmS1lqSkYweTV5OUlFNmdmeWs5dkNvV3NGV1RWRXgzWXVJcWVwRlJ6djljSFU3UEdYUW51S2poRkpnTHJ1empNNncydHdGZlFheVhndnoiLCJtYWMiOiI4MDM3YWNmM2Y5YmRkYTg1OTkxMTg1YmIyOTY3MTUzMzUxNDcxNTA3YTEyMzg4YTI2OTNkMDIwM2YxMTAzYjE2IiwidGFnIjoiIn0%3D; ubsfinance_session=eyJpdiI6IkpHQ0JuWWtwZjhINmw3NEM1RDZvNmc9PSIsInZhbHVlIjoiVVltRkh0TkVPUHFQdm82OFBIemtmQVpmTEJFOE9qT3U1VXJEbTI0N2VzZlJETGROT1BXWWswNHBiNGJMZCtwaUkxTUJuUUJxWitPdG1JckxuOUZua2pWb0MyV21MaVlldmtKMXROUysvYW5yRDFDQW5FZ1BZSmVLbnEwQlBmNDUiLCJtYWMiOiJkYzNkMmIxMjQzMTI4Y2E3ZTA4MzZmMzU5ODM0NDFiM2EwNjk5MzBhNmFiM2U2MGVkZTk5YTYyNDg4YTkyNjViIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 14 Jan 2026 15:27:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 22 Jan 2024 22:38:02 GMT\r\naccept-ranges: bytes\r\ncontent-length: 26592\r\ndate: Wed, 07 Jan 2026 15:27:16 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":26592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 837 x 717, 8-bit/color RGBA, non-interlaced","md5":"838cc1f6e41c3379c09cb29a4a1a7d45","sha1":"a99bcbaa17d92dfb56c03a908c752f4f754fd157","sha256":"c0c7bc1970ac9455b7dd4644e8d9f32b821509eae6794cb148c98bd9f300d79c","sha512":"34323f496d94353a7a5cbe4cc7783a93cd79676fd25c13e85216a2b6fda813e05e575d6eab7918fdc360db7b0d5210e5f8fa5ab27d27c0bb457444833e8ada31","ssdeep":"384:o/h3GTOZA+fUrL65RQqR5Dgj05SSMCWAVjjmC9V65oTh11fWIPRbJIaWM3:o/hWTARfUr+L005SihjjmvotPJgaWM3","tlshash":"97c2e11e5d0a4f7ef66585b951ca4122e7410b39d21233ad8c01b2e0de4a6e70df8edd","first_seen":"2025-03-06T08:48:00.280368Z","last_seen":"2026-01-07T16:15:20.477609Z","times_seen":10,"resource_available":false,"data":null}},"time_used":603,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":401,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-07","alert":"Phishing Block","trigger":"wefab.online","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"wefab.online","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}