{"report_id":"c408570f-bfd3-4e60-9f37-bad313d5e268","version":6,"status":"done","tags":[],"date":"2025-10-11T11:23:53Z","url":{"schema":"http","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"title":"ojuibz.com/"},"submit":{"url":{"schema":"http","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-15T11:23:53Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"ojuibz.com","ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":42,"request_count":21,"received_data":2522285,"sent_data":10460,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Zepto","description":"","website":"https://zeptojs.com","common_platform_enumeration":"","icon":"Zepto.png","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"lanhu-oss.lanhuapp.com","ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"domain_registered":"2016-08-25","domain_rank":0,"first_seen":"2024-12-29T23:36:48.952177Z","last_seen":"2025-10-05T17:04:10.921747Z","alert_count":0,"request_count":8,"received_data":11976,"sent_data":3760,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ojuibz.com/layer3.1/layer.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d0c975e34297f3e44e99c9d83555ffc1","sha1":"7e465bd79e65428cf07e5991196cff512ce44a4b","sha256":"691aad750624d84b17f2fbb73a4982860edd18837f3000c5b660ac82bf408e82","sha512":"1d9dcd7e1afe695e5716ea55f9a5a3e3aa45852722b4e1a2653ebd3f3a85c8b7a34b15264751f5ee26ea56ee49c8683a00d771197d8b32d9ea53d842d6db3b79","ssdeep":"384:41xCih92A3igrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:41EiV3i+WtXItqF13k8","tlshash":"56a2b66a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","size":22104,"data":"","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-04-05T10:30:25.310274Z","times_seen":5064,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5287119092d8c95da9162bbed0babba7","sha1":"bda158f8be9dfd5dbbdbf76bcfed30cc7945910a","sha256":"a0a469204de956debdc163261a396fa914a6d9abd1ef9fc0f0a9552450b38846","sha512":"839654f741816975cac19ccb96d3fd93693b726d6b92d089a9ee55f5c411e4b7365e4bf547412836693f6c73b3f7a53da2a3a67e6e1b80c7a7e6fd371f02cb00","ssdeep":"","tlshash":"2111ed487bb665b5e057203ad5ff80c01f4e259bd14aa690feed54aa0f212d4b0b3a0f","size":996,"data":"","first_seen":"2023-03-07T16:38:18Z","last_seen":"2026-04-04T05:26:30.234448Z","times_seen":242,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/common.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bbaa3ba82eabac17365b789a50885a52","sha1":"72daa321d794ab876e580a3d74c8c93c7bf3ec91","sha256":"ce9f8f9bb4e5eef2462667de0e76e65bd65c6e670cef61b5e76ed47be6813cf9","sha512":"0004dc6643aa9a056edd186964e70964886558ad9dfd8208c8d8183faffb84a636728447817e5c89f2102cc0b5ef85aeceb6a64571b5562a84cbef7f2c4a312b","ssdeep":"","tlshash":"a4713098b34c912b10f673319abf1909d83ba5734103d408f95ca0853ff825eb3a6ee9","size":3807,"data":"","first_seen":"2024-03-03T07:44:42Z","last_seen":"2026-04-04T05:26:30.202071Z","times_seen":331,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/weui.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2d509279b32ca4e47fc1b9208f604f7","sha1":"9d5157bf10eb7e2a24593ec7168ae95289299899","sha256":"e292ce67ecbecc4ff34ee38d51c8dda6e71597f7ae44a2e9980f1da0be246c50","sha512":"3525e32a00a8f3b6f4c52e90143cd8811d04aa382e5c4fa85dda30d18e44a6c143627ac484c1a15fdc03b2b999b52b1e3f0ca19b3ee5822f66f5d3a7c4a79ca4","ssdeep":"384:CuQzFSVlyfFD364d7X7fhFuZgkmQUxXe8NcztGcpnGcu6O1/cbivDFA7B2a/RaVW:MjXZ7fNkmQU88Ncz1talRcbEDf+iD1O","tlshash":"a1f2d7983281b4e623d350b5443f560fb33a4c3a98077400b7b4d9e56fb89ea56b7f29","size":36806,"data":"","first_seen":"2023-03-07T16:38:18Z","last_seen":"2026-04-04T05:26:30.205215Z","times_seen":607,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fcb1e9601acea586065dc5228ef4bf74","sha1":"08793e21c6bef0908db93639a77c8835ddecbad4","sha256":"bd2c5ef34349c3d71401d41dd5fb94e604adef06fb1923f2517c263a05b6d312","sha512":"13fe21d64c878caf87fc7256c8b7c935eec47afb99c9e824b7e6e30c2cf04a848d6e280de4187ed71840e4962a45c4a6f2a730b36de8b7085100cf48bc5c7c17","ssdeep":"","tlshash":"c301bd1739b7c0660a2bf024222f8c1a3069dc175518e69a784e422dbfe5ae9e8227c5","size":795,"data":"","first_seen":"2025-04-27T14:54:46.888077Z","last_seen":"2026-04-04T05:26:30.235024Z","times_seen":92,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4ee2c82e801f610493cef28806a90389","sha1":"45665aa12f62a4126f1c2f9e68a47f20399bd518","sha256":"5051437721bff5cc7ce361d77dbb5229a0b7bd36d7fdaa1e83815579e460413e","sha512":"884c6f5f973399c30c070180303edc2d45a4515c7f9a3b57d122d8b9850ffecc69e872603eca47c3d8334461877653a8350973e02baaafb115fc4b0fa176ad76","ssdeep":"192:7DbCKyuCqNDC5YmzNGCUN1U2+A9DPiVsrlMbdkznS9dSLZCp8kw:7KgNzmI02+SFzS2Z","tlshash":"b8e12e0e25f310275973a02d5f7f66043a60aa13518ada613d4e43d5cf84a7caa7efe8","size":7282,"data":"","first_seen":"2025-04-27T14:54:46.889042Z","last_seen":"2026-04-04T05:26:30.236042Z","times_seen":91,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/plugin/swiper/swiper-3.4.2.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb13ef3e875ca3497ede35d3774be9d3","sha1":"ab0743a89d522438c17ae7eaf5943fd4590ee3d0","sha256":"4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083","sha512":"7b9fba1a93c724bc53e1dd4e27e59534430076346ddc73b24fcb71c9b7cb831321a70ffa38797185f7108ee64a18f1fa08cf2b7ccf2dbfc03e767b23187814c5","ssdeep":"1536:eyOkN3TklR3ZIFDJ+Y7n2L5ydUTq0tSQfCBTR:LTX73uTq/","tlshash":"0d93d66eb314f3e295d3214a675ac64122f21706b809dae870b54c4a68bcc5d03bffbd","size":96419,"data":"","first_seen":"2023-03-07T01:17:19Z","last_seen":"2026-04-05T10:06:15.124832Z","times_seen":3053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/zepto.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2dd2e0f33e6b0fe9d4800aef6199e605","sha1":"50e5731db220ebef453bc8b45b0653faca6f8b99","sha256":"29fd5016efe08849f1124ff05b0658d6579e6826fda0569fc1b77598c0e56036","sha512":"c0c380eafa19ff621cc7d74fa8b782b28b7c8bb2e72d88a6887d0367f5710befe616b8d33903cec1cf4d671ef27f2e25ce58914b9cf770a4ddc48140a732f740","ssdeep":"384:WRWPO3mlNwpEiFT4wQpNWdkLSDei2uFHs0YB35FYQtoskIX9:jxlNwpjoERT2KHXYp5JkIX9","tlshash":"59d272ccb2c2b46707a7b1b8506f624bf23a6889380e4454f169e8e57c7890e9577f7c","size":29237,"data":"","first_seen":"2023-03-07T16:38:18Z","last_seen":"2026-04-04T05:26:30.223891Z","times_seen":704,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/jquery.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","size":92629,"data":"","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-05T10:30:52.406888Z","times_seen":60701,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"ojuibz.com/image/weui.css","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/weui.css HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 15 Nov 2023 09:25:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65548e7d-c52a5\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pi3ESWVc9s44TeNq9b4iQeDFlmSlsBUYR2vo%2F099YJxKA8UoTaZ7wWh%2FrlXk6f2LEzvuN2vOg58eK6ShBvy4B73Its6h%2BWRb\"}]}\r\ncf-ray: 98cdfc5af8c5712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":807589,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (786)","md5":"d491e9da17a3ec85b9aea593c01b77b1","sha1":"219e97584cc27116234c39528f3a607ca56c9a0d","sha256":"045622e58d664331f7044186d07c4ecfd332563dafe401b47cb8031cc1c11600","sha512":"b64715ede430d768dcca74318bab9ba142cb30dce753e4c0bcf9eee34979b9f31bea3796bee8462d7ce7e1b7e58719b66d4f965f4566c851ff0a2b52a3fb4882","ssdeep":"12288:PcNlDoIcChMhulsssrAcE7WHsUbk2jsu2PIb2vO3+y6NdG7XzUftCFIJlpGn4hQF:PcNllcChMhmrG","tlshash":"0a053aef9e587605b41e570a71c3da5ba32b5543249261ce98ddf280cf3aacf72e052c","first_seen":"2025-04-27T14:54:46.88053Z","last_seen":"2026-04-04T05:26:30.210541Z","times_seen":110,"resource_available":false,"data":null}},"time_used":1336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":682,"receive":654,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/common.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/common.js HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 15 Nov 2023 16:35:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6554f36f-edf\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XD3PxdKe4nqKT%2Bedb81IJWevbzf3njCAuVmJDxf89eIwYu9hU1THM3FCaoiYwpuU1c%2BpnHcDkgVj9jSqNcAbsHwCMq31aTPt\"}]}\r\ncf-ray: 98cdfc5af8cb712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3807,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"bbaa3ba82eabac17365b789a50885a52","sha1":"72daa321d794ab876e580a3d74c8c93c7bf3ec91","sha256":"ce9f8f9bb4e5eef2462667de0e76e65bd65c6e670cef61b5e76ed47be6813cf9","sha512":"0004dc6643aa9a056edd186964e70964886558ad9dfd8208c8d8183faffb84a636728447817e5c89f2102cc0b5ef85aeceb6a64571b5562a84cbef7f2c4a312b","ssdeep":"","tlshash":"a4713098b34c912b10f673319abf1909d83ba5734103d408f95ca0853ff825eb3a6ee9","first_seen":"2024-03-03T07:44:42Z","last_seen":"2026-04-04T05:26:30.202071Z","times_seen":331,"resource_available":true,"data":null}},"time_used":658,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":658,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/common.css","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/common.css HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 29 Dec 2024 16:09:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6771744d-495\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5W97lXluXypKEJlRIdUWsYZGIxLP6gt%2FGx%2F4cOkqyDlDXP7b9lEoKT0C9oktXBHoVSxZEUyhkf%2BgzOlkqhEJGQnOndfpe%2FMO\"}]}\r\ncf-ray: 98cdfc5af8cd712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1173,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"3fe1d505340ac53714c82a35dff6f3a9","sha1":"c6f89884caf88ac76c92e3b538b0d7b617a89862","sha256":"7d020cfe0eeeaea8e1894ab646cc47513d9513c6e3fc8f65e56fb2f687aef293","sha512":"d572d02115b625a70fab66ea2e29253b52930a813d713f3b83c4c599b78a6c7f77841eb23a2c44f80697d15206deb7c200e902fc3a4443ff522ab577ea098fb5","ssdeep":"","tlshash":"1e21f69ca156624e8f539a883bb8c309dce6e4b4deab835f74db038d11df0a41d421dd","first_seen":"2025-04-27T14:54:46.886115Z","last_seen":"2026-04-04T05:26:30.216067Z","times_seen":102,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":681,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/plugin/swiper/swiper-3.4.2.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /plugin/swiper/swiper-3.4.2.min.js HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Feb 2023 16:28:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63ea6548-178a3\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3xRPwU3WG7g6udMB3PYGKCX%2BXCwbxInbCff8sLclXHuK24dFVeeP4g2rdusgbEXoHxYFkwOr2jh%2ByRYktc%2BXippk5%2BgvH91D\"}]}\r\ncf-ray: 98cdfc5af8d0712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":96419,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31999)","md5":"fb13ef3e875ca3497ede35d3774be9d3","sha1":"ab0743a89d522438c17ae7eaf5943fd4590ee3d0","sha256":"4a10219bee747aadeeda78f166d787adf32583f361f88d44b472f6f3da798083","sha512":"7b9fba1a93c724bc53e1dd4e27e59534430076346ddc73b24fcb71c9b7cb831321a70ffa38797185f7108ee64a18f1fa08cf2b7ccf2dbfc03e767b23187814c5","ssdeep":"1536:eyOkN3TklR3ZIFDJ+Y7n2L5ydUTq0tSQfCBTR:LTX73uTq/","tlshash":"0d93d66eb314f3e295d3214a675ac64122f21706b809dae870b54c4a68bcc5d03bffbd","first_seen":"2023-03-07T01:17:19Z","last_seen":"2026-04-05T10:06:15.124832Z","times_seen":3053,"resource_available":true,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":657,"receive":216,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/index/Okx/market.html?type=1","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:31.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"POST /index/Okx/market.html?type=1 HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://ojuibz.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:32 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=kcJM1Ac2feXKv7d%2Bf7nh3TU5gw6eT8QxoR0oIHzhWHYI8Ke%2BZjP5iSNoCCjj08obizmbJie2PxlLhZ6Coi%2F1oBexmKFZ6909\"}]}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: PHPSESSID=30a043f7247663d72e7d37c6ffc00068; Path=/; Max-Age=1440; Expires=Sat, 11 Oct 2025 11:47:31 GMT\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 98cdfc641920712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":6729,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"99d85c088890e140e200aac406c2442d","sha1":"6db1324b8fef69228120099c45ab1a8829f34d7a","sha256":"8871a8a361afd96dbac953c5ef7fb4201773445cd501191eabbed2c897794cee","sha512":"bf921ed806528028780bba7707cd35566d57d1489cd3c31ad28355de60a8a7e7fd9aabcff28a9ffc5e63943a3d789a58da2f8e08ef55469862d58e66af2268a0","ssdeep":"48:YdhL8rLP4L6LbLxL8LNlgLFL/+LWL8LMLEQL/U:AKGsPJyNs9/A4yCz8","tlshash":"70d1e42261d8013264e2984da9be1f6f1fb2f184edabda037bbd065d474ed00ee4f495","first_seen":"2025-10-11T11:23:59.467205Z","last_seen":"2025-10-11T11:23:59.467205Z","times_seen":1,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/zepto.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/zepto.min.js HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 May 2023 17:28:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"646a54d2-7235\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=v4VkkbOgGo%2FH8s382Txr2SblbtKa34F8CT3TOHn9qPrXIT%2FEioBeKpX%2FE5JoGM6XBT%2FKU19NeJMupE0M2MbHCeFEo%2BmHQ1j7\"}]}\r\ncf-ray: 98cdfc5af8c7712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29237,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (29237), with no line terminators","md5":"2dd2e0f33e6b0fe9d4800aef6199e605","sha1":"50e5731db220ebef453bc8b45b0653faca6f8b99","sha256":"29fd5016efe08849f1124ff05b0658d6579e6826fda0569fc1b77598c0e56036","sha512":"c0c380eafa19ff621cc7d74fa8b782b28b7c8bb2e72d88a6887d0367f5710befe616b8d33903cec1cf4d671ef27f2e25ce58914b9cf770a4ddc48140a732f740","ssdeep":"384:WRWPO3mlNwpEiFT4wQpNWdkLSDei2uFHs0YB35FYQtoskIX9:jxlNwpjoERT2KHXYp5JkIX9","tlshash":"59d272ccb2c2b46707a7b1b8506f624bf23a6889380e4454f169e8e57c7890e9577f7c","first_seen":"2023-03-07T16:38:18Z","last_seen":"2026-04-04T05:26:30.223891Z","times_seen":704,"resource_available":true,"data":null}},"time_used":900,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":683,"receive":217,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/layer3.1/layer.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /layer3.1/layer.js HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 13 Feb 2023 16:29:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63ea6561-5664\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SAqmAOLvzyNA8quHt9vKRlqiNoWuPeIqXDkbxV3cK88lfzaV1sFibiXAkex6c1WUGB8JP3Lv3%2FtxrdeWlgwMctfXT5zF31Dm\"}]}\r\ncf-ray: 98cdfc5af8ca712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22116,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22020)","md5":"d0c975e34297f3e44e99c9d83555ffc1","sha1":"7e465bd79e65428cf07e5991196cff512ce44a4b","sha256":"691aad750624d84b17f2fbb73a4982860edd18837f3000c5b660ac82bf408e82","sha512":"1d9dcd7e1afe695e5716ea55f9a5a3e3aa45852722b4e1a2653ebd3f3a85c8b7a34b15264751f5ee26ea56ee49c8683a00d771197d8b32d9ea53d842d6db3b79","ssdeep":"384:41xCih92A3igrLXSt/SdMrXqE6tGLxzAOTElH0jjhtjfs8:41EiV3i+WtXItqF13k8","tlshash":"56a2b66a754034976323906ad11fba0b31f21d24d7078128f22bb4ae1dbcd95a2b7f5f","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-04-05T10:30:25.310274Z","times_seen":5064,"resource_available":true,"data":null}},"time_used":667,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":666,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/iconfont.css","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.425Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/iconfont.css HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 21 May 2023 17:28:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"646a54d1-63ce\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bnNXD%2FRfSu21N4LpAB%2FLGNo%2Fqr7KGQOrIK8qxbBEOfgLW3kIduQmaEivraYI%2F1kOVhPpkokMFut%2Fp9WUusNpJuWw6uQ1t0qM\"}]}\r\ncf-ray: 98cdfc5af8cc712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25550,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (20698)","md5":"7636674a9cc00e0ab274c0118bf30792","sha1":"f27a0be01fbbbf273a89d3c422379aec2764e686","sha256":"9fa256777e1db1a122b57fc40c30257f8f850a678bed98019d471e6df77eef75","sha512":"d689560eb32216bc369b734a97df8a0fd12cb53dfd23f9c424cb44199fbf151e5eda7764c88b97a31009627931522b7608f2917153ab0aceb94bd5c62d7bd735","ssdeep":"384:LBCVGK9CWi1Frac1AzSvwRf/S6a4ukK0SlgOLkQ3PJv4IpQCKWPlNU3PLLg1UXav:to/V6mc1lHFkKdXvZ4KVKWdNsrav","tlshash":"87b23cf499bd5ca41306e4d53342a760ef0d66a48d8b4d5bf3a73c9cb7e32018186aec","first_seen":"2023-05-09T00:01:32Z","last_seen":"2026-04-04T05:26:30.215417Z","times_seen":490,"resource_available":false,"data":null}},"time_used":882,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":667,"receive":215,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPng14164e4e5120b6c1585f17a6255aba90b588dede1009ba2dee4c7dc348346fed","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPng14164e4e5120b6c1585f17a6255aba90b588dede1009ba2dee4c7dc348346fed HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:31 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 821\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E330AF7903636B804EA\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"1A4C242244A2406D63B0C2E6EF0BB7CD\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:38 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 13823599729461846474\r\nx-oss-storage-class: Standard\r\nContent-MD5: GkwkIkSiQG1jsMLm7wu3zQ==\r\nx-oss-server-time: 59\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"1a4c242244a2406d63b0c2e6ef0bb7cd","sha1":"2fdc0d731f28b0c103f70b8b0f2d823f3d97e8a5","sha256":"41bb685c7450498ee459b9a1db59c7ece0ca15c3a1c3d6e6e45603341553855d","sha512":"1846b5910e05eed6c1df8e32f95c46cbc66c6a99d85db389462c11d17260b66aa5a586f943ebd0846f33375913fcbcdc316ad4bd2b5be664f9af583e82f2012d","ssdeep":"","tlshash":"5e0186df0a732810dfcb12b6327d12204d463217f0534e88c55081a8ac922d96a48313","first_seen":"2025-04-27T14:54:46.882083Z","last_seen":"2026-04-04T05:26:30.200372Z","times_seen":91,"resource_available":false,"data":null}},"time_used":2802,"timings":{"blocked":1229,"dns":251,"connect":246,"send":0,"wait":306,"receive":0,"ssl":767},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPngb409855b65289ab3fef742c27066eaffdbfdd3078ff49bfc8dfdab73f2cceabe","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPngb409855b65289ab3fef742c27066eaffdbfdd3078ff49bfc8dfdab73f2cceabe HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:31 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 809\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E338247A237396473DA\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"CA3A499EF5033FD73512AB27F865ADDB\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:38 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17055413479064090890\r\nx-oss-storage-class: Standard\r\nContent-MD5: yjpJnvUDP9c1Eqsn+GWt2w==\r\nx-oss-server-time: 11\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":809,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"ca3a499ef5033fd73512ab27f865addb","sha1":"4f0bf2e5378b409403e02306a5e8a538ddded6a6","sha256":"48a0ff5f7cf98690af83a87f19c76f52cde779965958432ed12df82c782469b7","sha512":"e23119d699c9cba56f8a2fb3ab4913f2b78abbf431a893088fc3c2eca6f8f7d2938e6570790bfd1d6c067616167933b9e1afffbc2c3d4cff59379bf9bd583348","ssdeep":"","tlshash":"5e01c5ab8b9b0d01f662203a0a07f3129224233a4100104c9f34c01f0ef3bdf8e94e96","first_seen":"2025-04-27T14:54:46.882863Z","last_seen":"2026-04-04T05:26:30.222857Z","times_seen":91,"resource_available":false,"data":null}},"time_used":2739,"timings":{"blocked":1222,"dns":249,"connect":259,"send":0,"wait":258,"receive":0,"ssl":748},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/jquery.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/jquery.min.js HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 May 2023 17:28:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"646a54d2-169d5\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vuBVE%2B2sKc39%2BkA0peDr47t8gJx%2FtzuwC4E67AmmdvidyL4W%2F3BA6baqvm9TuMf9W5FIT5M%2B5%2BkycgWhOmzkmIAQFBOSmCoz\"}]}\r\ncf-ray: 98cdfc5af8c8712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92629,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32089)","md5":"397754ba49e9e0cf4e7c190da78dda05","sha1":"ae49e56999d82802727455f0ba83b63acd90a22b","sha256":"c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4","sha512":"8c64754f77507ab2c24a6fc818419b9dd3f0ceccc9065290e41afdbee0743f0da2cb13b2fbb00afa525c082f1e697cb3ffd76ef9b902cb81d7c41ca1c641dffb","ssdeep":"1536:dnu00HWWaRxkqJg09pYxoxDKMXJrg8hXXO4dK3kyfiLJBhdSZE+I+Qg7rbaN1RUx:ddkWgoBhcZRQgmW42qe","tlshash":"8c932bdd72d2b03257ab30bd106f540ff2361959280d8850f268d8f9bc79a49a277f6d","first_seen":"2023-03-07T01:02:08Z","last_seen":"2026-04-05T10:30:52.406888Z","times_seen":60701,"resource_available":true,"data":null}},"time_used":1148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":447,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/plugin/swiper/swiper-3.4.2.min.css","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /plugin/swiper/swiper-3.4.2.min.css HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 13 Feb 2023 16:28:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63ea6548-455f\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Fj74D%2Bnwwf79HyrzWW%2BMA1wTecT4dVxNiGV8MykiIAR8sGgSEXVZ5nl%2BgpSWaImnAj5QYKiNxfXblNl5xkYMqYPvSp%2BcucvS\"}]}\r\ncf-ray: 98cdfc5af8cf712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17759,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (17459)","md5":"6af34d0737ad0ca608111771cf74cc79","sha1":"15d0417baa08a741c6aee19fdfbf4813635f98f8","sha256":"47b0e7129add982c0e394f0dfa8d9621e6c9e4126859b26e1ad25c18def0d812","sha512":"74b738d66a9da306308153c683bfe1fc784bdf34166492eb4e76ea015c32bdf1f01c5f97a6c7eee5459c13b04e8dc63f7ffd20579e6808fed467e0896abe4baa","ssdeep":"192:bgG0GpaNCO8jrfg5WHmXgyXyzSHF68DJB0SwD:bgG52CXfgWHfyXyzSl68Pe","tlshash":"2982832c17002067f6324f1947c9e77c9715c893ae0368ef6650de48cbbb5a9227f796","first_seen":"2023-04-05T14:33:33Z","last_seen":"2026-04-05T10:06:15.109002Z","times_seen":4528,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":680,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/202311141.png","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/202311141.png HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: image/png\r\nlast-modified: Sat, 16 Dec 2023 10:51:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"657d811a-a34c\"\r\nexpires: Mon, 10 Nov 2025 11:23:30 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=09iPg2QTopYkv0KT%2F3jhmXVkRDitUkc4qe12h7lVWWGDFdMSu8CyBO4X2g%2Ft8nMVD3T7O4VbSj%2BIjuYTcdUafeqInA6MeJAl\"}]}\r\ncf-ray: 98cdfc5b08d2712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41804,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 360, 8-bit colormap, non-interlaced","md5":"30fe62998cb2776909f855fcef374436","sha1":"dcd2ba238188ea68b73b6884090544e298c6ae29","sha256":"eacab6919dee6aa4e2fd407b804e17ca8b7678bafe88a3d4aee542a5838086c9","sha512":"15221e92cba3ab293ffe36ac67a66ba14399a5ebae0e2defd96f833b2e6ee06eee832228e81a57e66e4d69f9f1a07dbf13d4999f5d62ed8fc3452550971f173f","ssdeep":"768:Jw+zZqKKAcTp/k0uVedw0/EUGgPZ1B7NGIkdGWueJuR1JYarO2UYorXh/tsn2:gr1uVer/6G1WGkJuRzK5HFt","tlshash":"be13e2df7ea4a5d68eba3e8390670118aa307b6c7d1f457d9f3ca81652003584f87316","first_seen":"2025-04-27T14:54:46.865372Z","last_seen":"2026-04-04T05:26:30.213396Z","times_seen":91,"resource_available":false,"data":null}},"time_used":1106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":672,"receive":434,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPng089144b36214caf5f18d0b0987ad2908b116a0c54ff0bd7fc1570183af5437cd","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.447Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPng089144b36214caf5f18d0b0987ad2908b116a0c54ff0bd7fc1570183af5437cd HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:31 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1189\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E33A8F750353325CF89\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"288E98F58AAA02DD80A5AB30FF22BFF7\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 12699321898726704924\r\nx-oss-storage-class: Standard\r\nContent-MD5: KI6Y9YqqAt2Apasw/yK/9w==\r\nx-oss-server-time: 11\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1189,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"288e98f58aaa02dd80a5ab30ff22bff7","sha1":"3d7dddc1e2bc1412f6caad9121af09f407f8f585","sha256":"90108a41bcccb1ca120973516eae430111c9d86cf54917494664abd51ba0a0c7","sha512":"917f83d0054aae0ccd80c01771403d6f7259918d56d644104245b3c250244b6393c3b947c4d6fe2a3b034a44da378061e84ad1c251b35379f1644f96adefaf22","ssdeep":"","tlshash":"cb21a70783b8ac13e992783d13368359f751e20a523290d9a31781aa4fd5b63e8d0256","first_seen":"2025-04-27T14:54:46.866187Z","last_seen":"2026-04-04T05:26:30.207207Z","times_seen":91,"resource_available":false,"data":null}},"time_used":2760,"timings":{"blocked":1225,"dns":248,"connect":266,"send":0,"wait":273,"receive":0,"ssl":746},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPng40a01b0459b3c56610160280245931c058444ea178beba8293e1411ee3aab189","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPng40a01b0459b3c56610160280245931c058444ea178beba8293e1411ee3aab189 HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:32 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 768\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E34A8F750353318D289\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"D0D7C4E10A1B481C49B96B71ADACF3AB\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 3766254790085566804\r\nx-oss-storage-class: Standard\r\nContent-MD5: 0NfE4QobSBxJuWtxrazzqw==\r\nx-oss-server-time: 4\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":768,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"d0d7c4e10a1b481c49b96b71adacf3ab","sha1":"7e3317489827514b18a02a32df64989c5de44a1d","sha256":"f1d52edd37bc8f0a1136aaaf3db1555dc61b1429634f8b0ad550aa9ea5f3efed","sha512":"0703a059f449c5bf3bc4cca0a9731b6c545ef7a6be546e6f33875f16601c1f3bc443d5fbe79f36af306db8875d8277f1a35ca46a9b878e58756d0b33b3712156","ssdeep":"","tlshash":"7f0165fe8b019c8cd3c56433ee234624ca158bf74402d9079d85c8a93e812d65888a97","first_seen":"2025-04-27T14:54:46.877645Z","last_seen":"2026-04-04T05:26:30.225338Z","times_seen":91,"resource_available":false,"data":null}},"time_used":1767,"timings":{"blocked":1496,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/layer3.1/theme/default/layer.css?v=3.1.1","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:31.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /layer3.1/theme/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:32 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 13 Feb 2023 16:29:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63ea6561-381f\"\r\nexpires: Sat, 11 Oct 2025 23:23:32 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CQV7jbB3lRUX7y1UhUZSIU7xBkGkjiKhXyou03A1g1MToHPSTt052h7UfiS%2FRmOXtvGKvSZuz8mtgcCifnFYun3wllb0ig2P\"}]}\r\ncf-ray: 98cdfc63b91c712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14367,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14367), with no line terminators","md5":"3d2e0d91c5c0b96abb8dbdc2234aba77","sha1":"9d55e153b30fd7414fada5718e20918e9c7f65e7","sha256":"e3144d018a6a24f733c6fc2a2ee603fb583f0030585e9d4b71bec471b78e31fc","sha512":"42bf3eff281998d088ce012b9a5910f72951c91715595572bb968fbfc5fa2b1cddacef3ca683a1734eb41114b302b6a4dad8b7432c5877b3563a080a2547ae05","ssdeep":"96:mp+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:1WmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"2e5221e144811299b0278721d6dc7eba32f88d43e5630daef257381f874c6dba2b6647","first_seen":"2023-04-05T06:05:22Z","last_seen":"2026-04-05T11:27:49.06514Z","times_seen":5860,"resource_available":false,"data":null}},"time_used":647,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":647,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-11T11:23:29.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 11 Oct 2025 11:23:30 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TfNy1Ke37CHEgy3%2Bha3ae13%2FfgMC2E3eXheSeKQl6vle0odFVysmL6ysuvOdxuTxUH3J2dOtzkWmkcQ9rT6fpDqIjO8g68oI\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: think_lang=en; Path=/\nPHPSESSID=30a043f7247663d72e7d37c6ffc00068; Path=/; Max-Age=1440; Expires=Sat, 11 Oct 2025 11:47:30 GMT\r\ncf-ray: 98cdfc54ee8e5687-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Zepto","description":"","website":"https://zeptojs.com","common_platform_enumeration":"","icon":"Zepto.png","categories":["JavaScript libraries"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":27090,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8ac721fc6b5219fb876750eb7eb05b59","sha1":"b58f4caf62add014aa32d864e3f6189343531334","sha256":"2c2c0c079430a4c31b6e6eda1830e28d1fb3d816cbe8bf9dc28ce2b7f9563c5f","sha512":"a8604f2692406476900498a498933e85d69d84fa4c082cf5e32a36270d845b53f0b5a5ffa8d61e025335dec083227aa915883942c60a99ad17aa9e999c6bc539","ssdeep":"384:cIDfZNXp6vxIAC4yo+JgQpJ4MCdAe94uuKgNzmI02+SFzS2kwcD4VSQ/bb0Sb/OS:dDffEvEO+JgQpJ4G9Fu98g2U/icur","tlshash":"c1c2b5026ab7181750279068ab3eaf4c765f4913d60fce2479af365ccf889e46536bcc","first_seen":"2025-04-27T14:54:46.879548Z","last_seen":"2026-03-16T06:56:53.641451Z","times_seen":47,"resource_available":true,"data":null}},"time_used":766,"timings":{"blocked":27,"dns":1,"connect":1,"send":0,"wait":712,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/bootstrap.min.css","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/bootstrap.min.css HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 21 May 2023 17:28:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"646a54d1-1da71\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9IB9%2FsSMXXcGytcsFuDNaxGkzH2McWk25Z%2FR%2B6XW1r6%2FkoH9I6lG68shVPfG1BTuHFM8ZzmVLbyKTkTKMcoHJZ3bk9eoo02%2B\"}]}\r\ncf-ray: 98cdfc5af8c6712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":121457,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65369)","md5":"7f89537eaf606bff49f5cc1a7c24dbca","sha1":"b0972fdcce82fd583d4c2ccc3f2e3df7404a19d0","sha256":"6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11","sha512":"0e8a7fbd6de23ad6b27ab95802a0a0915af6693af612bc304d83af445529ce5d95842309ca3405d10f538d45c8a3a261b8cff78b4bd512dd9effb4109a71d0ab","ssdeep":"768:rf7Gxw/Tc/hOWlJ+UtVIuiHlqAmQI4X8OAdXFxbv8KIf2BdU+JdOMx1iVvH1FS:sw/YGGIuiHlqAmO8l1bNXdOqT","tlshash":"0dc3c7a0f21031ea7333c55a71d0fd872219a153e6664eb7f22f25d88f846ca1673f1a","first_seen":"2023-03-07T12:03:40Z","last_seen":"2026-04-05T11:15:00.257274Z","times_seen":16545,"resource_available":false,"data":null}},"time_used":930,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":705,"receive":225,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/style.css","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/style.css HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Jan 2025 04:13:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677dfb54-a51\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2aHnp7YxQa2ILDCEg6vhP6LusulRpEkNdwWU8LHK2X93UI0NymDAMQNCelsv%2BdJ22AyZErYjsW%2BOXQhk8d9eBNEgwKEod4Br\"}]}\r\ncf-ray: 98cdfc5af8ce712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2641,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with CRLF line terminators","md5":"07e6711c56df864c28560c6abae1370c","sha1":"16a4f7a1490702cc3917541b12335b6142a7db8b","sha256":"e310e2ee66d791daa4f42552714620d8743e569d845fa3cf1f675e3bd8f97353","sha512":"43c7457ce63dfd47fa4eee4c047bf092ea40ad69d604971a74504a5812f73d524a3490795d55a60b1575a040b50c9e3ae12ada65321b986024745059ba4a76d1","ssdeep":"","tlshash":"2c517b9dda9b188fb34b7e58fb709f465e4404625e4f826eb4f16a0499c883937612cc","first_seen":"2025-04-27T14:54:46.863853Z","last_seen":"2026-04-04T05:26:30.228012Z","times_seen":102,"resource_available":false,"data":null}},"time_used":689,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":689,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/weui.min.js","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.420Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/weui.min.js HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 May 2023 17:28:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"646a54d1-8fc6\"\r\nexpires: Sat, 11 Oct 2025 23:23:30 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=haz4aVWOWOI32TJxzwjUbACK1l7irsNKq68ysCbvgQXMWB7lsm2Gcnl4gGX1nU7roMm%2FqLoz8Zh5r8S%2BtCN7mxu5HeO%2FVNP0\"}]}\r\ncf-ray: 98cdfc5af8c9712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36806,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (30581)","md5":"b2d509279b32ca4e47fc1b9208f604f7","sha1":"9d5157bf10eb7e2a24593ec7168ae95289299899","sha256":"e292ce67ecbecc4ff34ee38d51c8dda6e71597f7ae44a2e9980f1da0be246c50","sha512":"3525e32a00a8f3b6f4c52e90143cd8811d04aa382e5c4fa85dda30d18e44a6c143627ac484c1a15fdc03b2b999b52b1e3f0ca19b3ee5822f66f5d3a7c4a79ca4","ssdeep":"384:CuQzFSVlyfFD364d7X7fhFuZgkmQUxXe8NcztGcpnGcu6O1/cbivDFA7B2a/RaVW:MjXZ7fNkmQU88Ncz1talRcbEDf+iD1O","tlshash":"a1f2d7983281b4e623d350b5443f560fb33a4c3a98077400b7b4d9e56fb89ea56b7f29","first_seen":"2023-03-07T16:38:18Z","last_seen":"2026-04-04T05:26:30.205215Z","times_seen":607,"resource_available":true,"data":null}},"time_used":873,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":661,"receive":212,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/nav6.png","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/nav6.png HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 May 2023 17:28:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"646a54d1-11c7\"\r\nexpires: Mon, 10 Nov 2025 11:23:30 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=59meB5EN%2FXVVjshg17gdR74jat1%2BuHMOFp6gwZ8YcKhAe39RZWnO23ZLtBSmrfiO9M6QEoAYkB5ifszxaBdAWqcTlb5VtiJX\"}]}\r\ncf-ray: 98cdfc5af8d1712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4551,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced","md5":"2b48a5119ae2577ba771b1a56255cf21","sha1":"4b76aa263b1500ebbdd664c57236c06aec5042da","sha256":"352d1d21f87dd1eb47b34b0355728f0d9a15cdda8c7ef5141115c09333896ae1","sha512":"e9292c7a2c1f75db0f3de77d7f287c57b67207d52c5b8910fc13a3638695149cd733df621046e9c59a6b4012d4b3a87a943dc995ad0e161e7ef2359de84e2319","ssdeep":"96:OSMllcHitlIxv9vk7C1+I4wWHLihk/x8TvsczDwULotvw5EQT9jb:OSHIIHUCD4waCrJB0tvhQJjb","tlshash":"a4916dcb8584459c10090a6d3467db4f9aa39554d3debf248ebd930e9111c72bc75bcf","first_seen":"2023-07-31T18:35:56Z","last_seen":"2026-04-04T05:26:30.212764Z","times_seen":276,"resource_available":false,"data":null}},"time_used":672,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":672,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/usdt2.jpg","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/usdt2.jpg HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 14 Mar 2025 18:19:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d4734e-4bab\"\r\nexpires: Mon, 10 Nov 2025 11:23:30 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HeSOZ5kbsLz0jzcOySsrG2yPhTRMFHbt12mQLhyhaPQkQIdARN%2FIl5R6WU1Sh4nd1Ua754PDCYaNBRLdGqnGURaqT%2BUV5bVm\"}]}\r\ncf-ray: 98cdfc5b08d4712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19371,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 400x200, components 3","md5":"4c411cf1d960b09a60a49cc3434a222d","sha1":"2d270992a0d6b5ba88e30a9ddeb39fc16d07dea0","sha256":"0f400e84f7bd330cb684b72519358e4d9e20ed1af2cbee3162e0e8dd66c3f73c","sha512":"0b11113cedd74659fb832c62206adcc98a95902a5c21ed12f61145eb7a104792849563e965e7b4a8bfbc74ecdc7d266d0a5f8c4ee381e2faaf9f9d911b24889f","ssdeep":"384:6BvHXM3gvaxRa7Al8bp3Be1q3uGnhqWM+jYbs+KsYOm6mIi1/z:WfM3caxRa7XV3Bekuroja7tYx6E","tlshash":"8c92e048d61bc672c3353ff4e138e291ef8b2070abbbb80576dca2c16b58476815660f","first_seen":"2025-04-27T14:54:46.874999Z","last_seen":"2026-04-04T05:26:30.203116Z","times_seen":91,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":661,"receive":218,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPng7d18f62a4ea932e3d3f3c0d6e0c173c4e9459138ba182619bbf16e20db18408a","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPng7d18f62a4ea932e3d3f3c0d6e0c173c4e9459138ba182619bbf16e20db18408a HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:32 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1260\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E34B8DE1630371289A4\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"2EE777CFB367F88C23CBBE73528C0A5C\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 16510630229195275125\r\nx-oss-storage-class: Standard\r\nContent-MD5: Lud3z7Nn+Iwjy75zUowKXA==\r\nx-oss-server-time: 15\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1260,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"2ee777cfb367f88c23cbbe73528c0a5c","sha1":"2a37dc59643d765147f5bb3fb4c68feba5114de8","sha256":"5f3ec643731be3a71b0845e6d398a07ea21dc3c6d0298150470b3b4a1942cf89","sha512":"d31725f72ccd6496588f11f9219da35f24001fd89030fa6a7ed7e55cc3f5b8eefb863c97910fb7206fa6608d6820501bd177019f4b99de345c3fe5c6152f54c6","ssdeep":"","tlshash":"e721e763621d0819e327b4f7f22f53713606336aca104580c5a0a13fbd5774718eab0f","first_seen":"2025-04-27T14:54:46.87584Z","last_seen":"2026-04-04T05:26:30.220591Z","times_seen":91,"resource_available":false,"data":null}},"time_used":5104,"timings":{"blocked":2404,"dns":252,"connect":243,"send":0,"wait":258,"receive":0,"ssl":1943},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/usdt1.jpg","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/usdt1.jpg HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 14 Mar 2025 18:19:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d4734d-e87c\"\r\nexpires: Mon, 10 Nov 2025 11:23:30 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=g0yZGzmC3V%2FjC5z7gMHzUswjVlYUf9AH3T0sD%2BSYmrqb938MlRRCAwRpZj0IVejer6KOuMNfAj9fDHD7XsuaThTI05z7qCeX\"}]}\r\ncf-ray: 98cdfc5b08d3712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59516,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 699x382, components 3","md5":"8b53caa1f5e4814f3c60f33728d73b41","sha1":"408e8eff01290b38ea222f44267d838bdf1c6178","sha256":"624a077a5d6f5777070dd78ecb5a72b4314665f9413e25a1818d029f67d55711","sha512":"966b0823d827e096bc3479cf4613c73b9839ff114f9da9146ef31109966d3771c928d69000ea97e860763ea08df160227b62319fbd4d122e4ac1e0679c89197f","ssdeep":"1536:MefzbUPBtCAqvIZyFF0g3HiMe5E2SdAeN7z:JfzeBgcyFdCi2w/","tlshash":"f543026ffbf00574109b46b0f48cabf6e24ee5db80fc03954495a8f5832cee64515da2","first_seen":"2025-04-27T14:54:46.873488Z","last_seen":"2026-04-04T05:26:30.205774Z","times_seen":91,"resource_available":false,"data":null}},"time_used":1128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":686,"receive":442,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/image/usdt3.jpg","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /image/usdt3.jpg HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:31 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Fri, 14 Mar 2025 18:19:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d4734d-106af4\"\r\nexpires: Mon, 10 Nov 2025 11:23:30 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-encoding: gzip\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=csI9zzjd8f0NJqeBHXRJkcE%2FRd%2B%2BOJaj%2BWMehVKm4TorfTZzcGqaW5QzpCnFBPiC8EyZW0YixerF%2Br8u9%2BRtQfZ07P5XKr9j\"}]}\r\ncf-ray: 98cdfc5b08d5712d-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1075956,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=12, manufacturer=RICOH IMAGING COMPANY, LTD.  , model=PENTAX K-3         , orientation=upper-left, xresolution=208, yresolution=216, resolutionunit=2, software=Adobe Photoshop CS5 Windows, datetime=2019:07:14 09:55:13, GPS-Data], baseline, precision 8, 1920x1277, components 3","md5":"8ff58f6667143b8d17979ffa770807f1","sha1":"da46c7499a3d5a8d1e61aa737dff24649f702bc2","sha256":"49795d124b67ae8bc1495cc62d954138f8cef9936ce1f8f8920f0863bf9c9c66","sha512":"5c3dcf43b700a17ecaaf5c69f45e5f4660fdb38a9e5f2226e67e9bf89f36fa97c8bb0a402fa19b4bd194862a9f3782bded46313be1825a3e42968827c6b57502","ssdeep":"24576:LElrnSwMhxVL3qZkjTb1sSgQslUVFEKeyWAMQ3BOKsCtg:Lp3qk7mOLE4nBg","tlshash":"67253304be980b8dd35ce57877141e612aae2c5bef066b5e32ac3be235d8317d169884","first_seen":"2025-08-03T17:25:40.456873Z","last_seen":"2026-04-04T05:26:30.219226Z","times_seen":65,"resource_available":false,"data":null}},"time_used":1929,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":653,"receive":1276,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPng04e2f5d43c1e0c6b78342e2609bb36b7152d4ec23cfba1b32f1491885b6c5163","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPng04e2f5d43c1e0c6b78342e2609bb36b7152d4ec23cfba1b32f1491885b6c5163 HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:31 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 966\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E33A7EDE83236777DEB\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"6549EE10275E8B1167415B2F4C22BB33\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 17970348457511745452\r\nx-oss-storage-class: Standard\r\nContent-MD5: ZUnuECdeixFnQVsvTCK7Mw==\r\nx-oss-server-time: 13\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":966,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"6549ee10275e8b1167415b2f4c22bb33","sha1":"ee32f271ff2e97f95c9caae7b2cc8f5ed8b89d79","sha256":"b6e326354af498a0ba25617a19bb064c526f1f1471c26547474447e4376b5111","sha512":"563cc95cadf63985ba9cb2d989b24d466e63918f8a01a1ab639854ebcdcead85b0844dad4ae085d2d022b5af864d71a58991d00799361f173b5e9c311fc53ef5","ssdeep":"","tlshash":"3e11c892037a6d93de0dec7c6243d359c976a5f05542ff2f5150ee2cc3e48452071809","first_seen":"2025-04-27T14:54:46.876694Z","last_seen":"2026-04-04T05:26:30.221851Z","times_seen":91,"resource_available":false,"data":null}},"time_used":2768,"timings":{"blocked":1229,"dns":247,"connect":272,"send":0,"wait":273,"receive":0,"ssl":744},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPng491ce1930519673b593e16de30e0f07448dc05f36705c7b38858dbe650ea405d","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.446Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPng491ce1930519673b593e16de30e0f07448dc05f36705c7b38858dbe650ea405d HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:31 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1210\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E335A7A5434377700BB\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"A84AD67B61CD1CF053E2B8CDDDB068A4\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 8358752877630264924\r\nx-oss-storage-class: Standard\r\nContent-MD5: qErWe2HNHPBT4rjN3bBopA==\r\nx-oss-server-time: 9\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1210,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"a84ad67b61cd1cf053e2b8cdddb068a4","sha1":"706538f2b3b23ed36cba872fb213b87c788cd0a2","sha256":"7c59c7a0d14d42a76c4e33eeb0995d84fb09bf71606ad52bd37636fc7a9dc626","sha512":"ecddcbdc1e9c114de2892ff88fd52f25bcf44438a5d5b90ac9048015326106d3e17f9d49d08ce2ea84676a4512fba1e645b6b06abeba861fb6aa1e99711ffc24","ssdeep":"","tlshash":"8121eae7f76d2934c7161c33ae254117937140f29412e36ee3f7cd39441343aad00420","first_seen":"2025-04-27T14:54:46.883788Z","last_seen":"2026-04-04T05:26:30.200999Z","times_seen":91,"resource_available":false,"data":null}},"time_used":2778,"timings":{"blocked":1235,"dns":248,"connect":262,"send":0,"wait":271,"receive":0,"ssl":759},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lanhu-oss.lanhuapp.com/SketchPngeea0b1f42295e3a28f5ca08c3c717136d8a319e30680bae35678e3c627752cc0","fqdn":"lanhu-oss.lanhuapp.com","domain":"lanhuapp.com","tld":"com"},"ip":{"addr":"121.89.3.25","port":443,"asn":37963,"as":"Hangzhou Alibaba Advertising Co.,Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:30.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.lanhuapp.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 15 Jul 2025 00:00:00 GMT","end":"Wed, 12 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"B3:02:44:92:54:63:F7:AE:A4:B8:09:33:6F:C4:B8:E5:E6:11:88:FB","sha256":"3E:8A:71:88:7F:E1:7A:D1:02:19:2B:6E:8B:20:E9:9A:B8:E7:BC:FB:53:DC:89:F7:E6:E2:7F:0D:9D:5B:59:E7"}}},"request":{"raw":"GET /SketchPngeea0b1f42295e3a28f5ca08c3c717136d8a319e30680bae35678e3c627752cc0 HTTP/1.1\r\nHost: lanhu-oss.lanhuapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Sat, 11 Oct 2025 11:23:32 GMT\r\nContent-Type: application/octet-stream\r\nContent-Length: 1017\r\nConnection: keep-alive\r\nx-oss-request-id: 68EA3E338247A237391876DA\r\nVary: Origin\r\nAccept-Ranges: bytes\r\nETag: \"1B71E4248A45E4D3B8C6FBF7DB8B782F\"\r\nLast-Modified: Thu, 26 Dec 2024 09:15:39 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 11967493914718211478\r\nx-oss-storage-class: Standard\r\nContent-MD5: G3HkJIpF5NO4xvv324t4Lw==\r\nx-oss-server-time: 13\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":1017,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, interlaced","md5":"1b71e4248a45e4d3b8c6fbf7db8b782f","sha1":"8d8d00f87c52d202f6340bd44785fdf1ce95e189","sha256":"b7a7bdfb231fb7e748b17cbb021bf32e23a72e3de1b1e679340cc7d378d00394","sha512":"108014c9cb92ebf35f430aeaf96e126d0ec4096a5eb9e58e5b96d934c614bff6d0cc28d9749c9eb5b9831fdca783c3dc7c81dd0817fcc68b757233c238d1ca5e","ssdeep":"","tlshash":"a811a5e79124081a87c334bb185bf221ca1996b3b488e64ce64c435be86f2f91ed5423","first_seen":"2025-04-27T14:54:46.864581Z","last_seen":"2026-04-04T05:26:30.204113Z","times_seen":91,"resource_available":false,"data":null}},"time_used":1737,"timings":{"blocked":1477,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ojuibz.com/favicon.ico","fqdn":"ojuibz.com","domain":"ojuibz.com","tld":"com"},"ip":{"addr":"104.21.69.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ojuibz.com/","date":"2025-10-11T11:23:32.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ojuibz.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Oct 2025 16:12:11 GMT","end":"Tue, 06 Jan 2026 17:10:33 GMT"},"fingerprint":{"sha1":"03:8B:59:C6:12:23:C8:D8:EF:C4:D5:5C:77:4E:5A:DF:A7:92:78:4A","sha256":"8A:3E:B9:7F:CB:45:5C:3A:EF:CA:9E:11:46:EB:2C:F5:C9:91:03:65:C3:54:50:CC:04:F1:6F:6D:6D:88:41:A7"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ojuibz.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ojuibz.com/\r\nCookie: think_lang=en; PHPSESSID=30a043f7247663d72e7d37c6ffc00068\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 11 Oct 2025 11:23:33 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b5LX%2BZCKStRhXUEGLNS42KAxPLiFMRrtsKQ3hQm7phxpA661BTGRoEYIpUMOahcijBa%2FY60IDL5WtazEX9JhCdkP7GdNt3Dl\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 98cdfc686937712d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-05T11:48:36.672612Z","times_seen":479476,"resource_available":true,"data":null}},"time_used":690,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":690,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-11","alert":"Sinkholed","trigger":"ojuibz.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}