{"report_id":"db0c2707-92b1-4f90-9cfa-0926410a74af","version":6,"status":"done","tags":[],"date":"2026-04-19T08:57:38Z","url":{"schema":"http","addr":"gmb.com.cn/","fqdn":"gmb.com.cn","domain":"gmb.com.cn","tld":"com.cn"},"ip":{"addr":"128.14.163.252","port":0,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"gmb.com.cn/","fqdn":"gmb.com.cn","domain":"gmb.com.cn","tld":"com.cn"},"title":"gmb.com.cn","dom":{"size":2651,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"017979f008cc51b6c4de56986b070c4a","sha1":"6ecc9a81480770b0e2c99a3889b0957def49133d","sha256":"c3771304f9b7adbdf17483fec487528bf1f4db7a9845bac036261357eee1accb","sha512":"e273df2e1969146fa84afe8e1b966f567b5cd3f42ddb51c43246abeceb6655641f691af759a5604f24e76ac2294e48962231294808e02117d526604f7e3712e8","ssdeep":"","tlshash":"ca5145f3c4f3545f4a50d0c067a02e2deec5f00fc8898891b6ec1b996f4ee5ac95742a","dom_hash":"domhasha84e88b457c5f374d02d1ed7b4f9c455","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gmb.com.cn/","fqdn":"gmb.com.cn","domain":"gmb.com.cn","tld":"com.cn"},"ip":{"addr":"128.14.163.252","port":0,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-24T08:57:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-19","alert":"Sinkholed","trigger":"zjfeiyi.iok.la","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"static.orayimg.com","ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"domain_registered":"2009-11-03","domain_rank":0,"first_seen":"2012-07-17T11:18:17Z","last_seen":"2026-04-04T23:12:18.561338Z","alert_count":0,"request_count":7,"received_data":247505,"sent_data":3209,"comment":"","tags":null,"fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"gmb.com.cn","ip":{"addr":"128.14.163.252","port":80,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":867,"sent_data":1219,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"zjfeiyi.iok.la","ip":{"addr":"146.56.248.213","port":38618,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2015-04-01","domain_rank":0,"first_seen":"2026-04-19T08:57:38.682759Z","last_seen":"2026-04-19T08:57:38.682759Z","alert_count":1,"request_count":1,"received_data":2955,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"jQuery:1.7.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"static.orayimg.com/js/jquery.extend/jquery.window-1.1.2.js","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"8397400cd739c896004a18510edccaa2","sha1":"a90e7dc46f107013eaa2f1094e6cb1e9278d40a5","sha256":"03f609b639616757cd45c25589d46521c2a5490461b41388c1c2d2033fea5fe6","sha512":"b4ac1b80994a950d86957c9ac0eea24ff21650ffe12b39724cc2faff5283e9c62d6a0fdc4b6168a96648348a8cccaf68f0fe9c81738215f42627ccaecb27ff7a","ssdeep":"","tlshash":"075100eeb7a53068e0b8d029561b6e5a3632d9237146952cb07decf09c74c472a36fb4","size":2761,"data":"","first_seen":"2023-03-10T19:56:29Z","last_seen":"2026-04-19T08:57:58.228376Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/js/jquery-1.7.2.js","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8d64d0bc142b3f670cc0611b0aebcae","sha1":"abcd2ba13348f178b17141b445bc99f1917d47af","sha256":"47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4","sha512":"a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc","ssdeep":"1536:8YRKUfAjtledhTmtaFyQHGvCXsedOgRc9izzr4yff8teLvHHEjam7W5X3yzSiLnM:VUb6GvCu09s2o2skAieW","tlshash":"b393e7d9b2d67123c7b731b850af510bb17698aa784c8c50f068d8e4be74a48907bf7d","size":94840,"data":"","first_seen":"2023-03-07T01:03:23Z","last_seen":"2026-04-19T10:27:48.820818Z","times_seen":20151,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"zjfeiyi.iok.la:38618/","fqdn":"zjfeiyi.iok.la","domain":"iok.la","tld":"la"},"ip":{"addr":"146.56.248.213","port":38618,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":true,"md5":"106cfc1fae5fbf3da79aac76c8cb4b59","sha1":"7b97e0040ba3f566ec604eb971287ca9feefa9db","sha256":"c46999491a043c375a1d954f6fb540984be97e28161af6b8d3057a6184723f8a","sha512":"2c8d4b41aefd38345557eba0b8856e52e1f610327c59e4803f8ee76e491e943bf68f7cbf51af19c7e3316283a67acb4124f0540e984bebd761f03ef7d15f009f","ssdeep":"","tlshash":"bcd08c129543c000246220e70aae1e6415a0d14f0008fc21330c9280cf96f9d5357eb2","size":195,"data":"","first_seen":"2025-05-23T06:58:34.31797Z","last_seen":"2026-04-19T08:57:58.236074Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"static.orayimg.com/peanuthull/img/hsk_app_code@2x.png","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:18.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /peanuthull/img/hsk_app_code@2x.png HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://zjfeiyi.iok.la:38618/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/png\r\ncontent-length: 17656\r\ndate: Thu, 08 Jan 2026 11:40:34 GMT\r\nlast-modified: Fri, 15 Nov 2019 04:40:33 GMT\r\netag: \"5dce2c41-44f8\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nvia: ens-cache16.l2de3[0,0,200-0,H], ens-cache17.l2de3[1,0], ens-cache4.nl3[0,138,200-0,H], ens-cache7.nl3[139,0]\r\nage: 8716606\r\nali-swift-global-savetime: 1767872434\r\nx-cache: HIT TCP_HIT dirn:12:291823583\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 312109409\r\naccess-control-allow-methods: GET\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890405228110e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":17656,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit/color RGBA, non-interlaced","md5":"c7120f4154932fadbba63f88cddcf4cd","sha1":"40d03bc059e805b4be1b734dc30a09381569020b","sha256":"bff7eedcae53cfca6488fcacdda0ce933d889daede5a02cbf4974e04d03217db","sha512":"91854f9a1ed0345625ce69098c5322bd3c428c2ff627decc471064e57cb8087fcf01dda7929d0e2d47caa8122e20f562bde2508bd176d1c0963080d543abca1f","ssdeep":"384:ITsR9CWce/H1x5xdPs74Q8oXa8Uja0gRN+fsPl9zh7:ITc4LIw0Q8oXGjp8dl7","tlshash":"1182c0f7dc8c16232cb75a4db9d2d08aaf6c5569c843d032ce5f08502f4f21d642da2e","first_seen":"2023-05-29T18:03:31Z","last_seen":"2026-04-19T08:57:58.219505Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1740,"timings":{"blocked":1537,"dns":0,"connect":0,"send":0,"wait":176,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/peanuthull/img/locking-bg.png","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:20.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /peanuthull/img/locking-bg.png HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://static.orayimg.com/peanuthull/css/hold-sale-1.0.4.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/png\r\ncontent-length: 78223\r\ndate: Thu, 11 Sep 2025 21:37:42 GMT\r\nlast-modified: Fri, 15 Nov 2019 04:40:33 GMT\r\netag: \"5dce2c41-1318f\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nvia: ens-cache3.l2de3[0,0,200-0,H], ens-cache17.l2de3[24,0], ens-cache12.nl3[0,25,200-0,H], ens-cache7.nl3[37,0]\r\nage: 18962378\r\nali-swift-global-savetime: 1757626662\r\nx-cache: HIT TCP_HIT dirn:10:147078619\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 301863637\r\naccess-control-allow-methods: GET\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890408918407e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":78223,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3840 x 1958, 4-bit colormap, non-interlaced","md5":"95e377245292c2437f4efc0b1746e3dc","sha1":"cf3ec1471e0d0b5390717e72a8126190e5171909","sha256":"424ef37c7fa103ab2f1e71d169b0f116b808e58c5f19c2d800757aed8f6f8dcc","sha512":"d8cbd98d8764af83ad81c7cfef4a2e6874f1a909645ecde6c92f15aa86db58398ea8295158e93681f327cdd311e03cca4d906899e5fbcf9eb364692ce27b3b12","ssdeep":"1536:5yBc5Rr3kzEhHVPXineqibapU04BuX3dXSwzGNjTZF+bNRq4dU4:YBcfkeV3qiE6MIcuZF0RD1","tlshash":"87731212a25cf776cc63e0b5067e6934c2157648c67787ce4d448bb2fb9b80fa30892a","first_seen":"2023-10-23T14:16:23Z","last_seen":"2026-04-19T08:57:58.221048Z","times_seen":18,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":64,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gmb.com.cn/favicon.ico","fqdn":"gmb.com.cn","domain":"gmb.com.cn","tld":"com.cn"},"ip":{"addr":"128.14.163.252","port":80,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://gmb.com.cn/","date":"2026-04-19T08:57:17.134Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gmb.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gmb.com.cn/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 19 Apr 2026 08:57:17 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 283\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":283,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"92698361c5b3be0ab5e95ab0c52bdfee","sha1":"84779bacef8cf8500f684e4bfa61b7c072d39003","sha256":"5fe0790873bf40b5d440a7e462da27d7646cd62b0f1b6c5f95afa1af5962a9f0","sha512":"935ba1933432a468d757d30a69faf61a570c4d2c4b9329c4e26cd5dbd14d5b8141675c78d364464d86aba39b5bb697e4e426154bb5af557852058abce07e31f6","ssdeep":"","tlshash":"46d02eaf3500580ca32682bcb0f73202dba28ce3a8948c52e0d328b715d1a1c5cd337f","first_seen":"2026-04-19T08:57:58.222398Z","last_seen":"2026-04-19T08:57:58.222398Z","times_seen":1,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/peanuthull/css/hold-sale-1.0.4.css","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:18.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /peanuthull/css/hold-sale-1.0.4.css HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://zjfeiyi.iok.la:38618/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/css\r\ndate: Thu, 22 Jan 2026 19:19:31 GMT\r\nlast-modified: Fri, 15 Nov 2019 04:38:50 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"5dce2bda-192c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nfront-end-https: on\r\nvia: ens-cache6.l2de3[0,0,200-0,H], ens-cache10.l2de3[1,0], ens-cache11.nl3[0,129,200-0,H], ens-cache7.nl3[130,0]\r\nage: 7479469\r\nali-swift-global-savetime: 1769109571\r\nx-cache: HIT TCP_HIT dirn:11:728848459\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 313346546\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890405438139e\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":6444,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"1e6802cde36dd5ddb2c8ef30e6be101a","sha1":"d22bd1e1d2aba5642af8a8b2beae56796559bbfb","sha256":"aca2d17db389ddac2cc058b495859485b5a1ef54713d3d1f359d93722bab610d","sha512":"2e7e3c4557c530d9e850e4fe2042d7b8902e005d9e2178d5ab7fb8826192705df45e91e507fc0e14172ea6d42ee54d10dcd686a5104cb050d9c5db259e8a5030","ssdeep":"192:LcJOIjiSw+aAa7YBY5yRzy61YzEuPoPv68JZoxKIZ:oJOdSwaTv68Qd","tlshash":"d2d1ec91ca502725e0eea44a76dd3ae27f52e12343470ffeda596518fb5f033132660a","first_seen":"2025-05-23T06:58:34.269859Z","last_seen":"2026-04-19T08:57:58.225106Z","times_seen":13,"resource_available":false,"data":null}},"time_used":3345,"timings":{"blocked":1566,"dns":961,"connect":26,"send":0,"wait":211,"receive":0,"ssl":575},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/js/jquery-1.7.2.js","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:18.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /js/jquery-1.7.2.js HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://zjfeiyi.iok.la:38618/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/x-javascript\r\ndate: Sat, 15 Nov 2025 18:39:57 GMT\r\nlast-modified: Fri, 15 Nov 2019 05:11:49 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"5dce3395-17278\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nfront-end-https: on\r\nvia: ens-cache2.l2de3[0,0,200-0,H], ens-cache4.l2de3[1,0], ens-cache5.nl3[0,108,200-0,H], ens-cache7.nl3[111,0]\r\nage: 13357043\r\nali-swift-global-savetime: 1763231997\r\nx-cache: HIT TCP_HIT dirn:11:75964509\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 307468972\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890405628159e\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":94840,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32769)","md5":"b8d64d0bc142b3f670cc0611b0aebcae","sha1":"abcd2ba13348f178b17141b445bc99f1917d47af","sha256":"47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4","sha512":"a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc","ssdeep":"1536:8YRKUfAjtledhTmtaFyQHGvCXsedOgRc9izzr4yff8teLvHHEjam7W5X3yzSiLnM:VUb6GvCu09s2o2skAieW","tlshash":"b393e7d9b2d67123c7b731b850af510bb17698aa784c8c50f068d8e4be74a48907bf7d","first_seen":"2023-03-07T01:03:23Z","last_seen":"2026-04-19T10:27:48.820818Z","times_seen":20151,"resource_available":true,"data":null}},"time_used":3339,"timings":{"blocked":1584,"dns":963,"connect":31,"send":0,"wait":164,"receive":0,"ssl":592},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/js/jquery.extend/jquery.window-1.1.2.js","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:18.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /js/jquery.extend/jquery.window-1.1.2.js HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://zjfeiyi.iok.la:38618/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/x-javascript\r\ndate: Mon, 22 Sep 2025 18:48:11 GMT\r\nlast-modified: Fri, 15 Nov 2019 05:11:45 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"5dce3391-ac9\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nfront-end-https: on\r\nvia: ens-cache21.l2de3[0,0,200-0,H], ens-cache18.l2de3[1,0], ens-cache3.nl3[0,144,200-0,H], ens-cache7.nl3[149,0]\r\nage: 18022149\r\nali-swift-global-savetime: 1758566891\r\nx-cache: HIT TCP_HIT dirn:12:462660574\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 302803866\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890405218108e\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2761,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (2759), with CRLF line terminators","md5":"8397400cd739c896004a18510edccaa2","sha1":"a90e7dc46f107013eaa2f1094e6cb1e9278d40a5","sha256":"03f609b639616757cd45c25589d46521c2a5490461b41388c1c2d2033fea5fe6","sha512":"b4ac1b80994a950d86957c9ac0eea24ff21650ffe12b39724cc2faff5283e9c62d6a0fdc4b6168a96648348a8cccaf68f0fe9c81738215f42627ccaecb27ff7a","ssdeep":"","tlshash":"075100eeb7a53068e0b8d029561b6e5a3632d9237146952cb07decf09c74c472a36fb4","first_seen":"2023-03-10T19:56:29Z","last_seen":"2026-04-19T08:57:58.228376Z","times_seen":21,"resource_available":true,"data":null}},"time_used":3284,"timings":{"blocked":1540,"dns":954,"connect":29,"send":0,"wait":205,"receive":0,"ssl":549},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gmb.com.cn/","fqdn":"gmb.com.cn","domain":"gmb.com.cn","tld":"com.cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-19T08:57:15.893Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: gmb.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-19T11:23:18.17825Z","times_seen":13932203,"resource_available":true,"data":null}},"time_used":684,"timings":{"blocked":684,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"gmb.com.cn/","fqdn":"gmb.com.cn","domain":"gmb.com.cn","tld":"com.cn"},"ip":{"addr":"128.14.163.252","port":80,"asn":21859,"as":"ZEN-ECN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-19T08:57:16.747Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: gmb.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 19 Apr 2026 08:57:16 GMT\r\nContent-Type: text/html; charset=utf-8\r\nContent-Length: 272\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":272,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"22d75d361c12a0a1c4d328bc18880a64","sha1":"addf6afcc5ee79d55dbc1a93986527bd66b68fcb","sha256":"30e04234b0f23724bd43619e93a716437cc8ead6a59aada1f20c2c4e4f38f4a5","sha512":"b64a082b3c8b44899f4499886ef576296c59b4bf45aeea9454d8a79a48a5bb3f72a255d27268418a3c668d998a564b438e1ceab35ec3cdd980e22632f6cc4105","ssdeep":"","tlshash":"19d02eab31001c0c922682bcb0f33202cba28ce3a8809c92c8c224b614c1a1c5c9337f","first_seen":"2026-04-19T08:57:58.230453Z","last_seen":"2026-04-19T08:57:58.230453Z","times_seen":1,"resource_available":true,"data":null}},"time_used":459,"timings":{"blocked":153,"dns":1,"connect":152,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"zjfeiyi.iok.la:38618/","fqdn":"zjfeiyi.iok.la","domain":"iok.la","tld":"la"},"ip":{"addr":"146.56.248.213","port":38618,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://gmb.com.cn/","date":"2026-04-19T08:57:17.130Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: zjfeiyi.iok.la:38618\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://gmb.com.cn/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sun, 19 Apr 2026 08:57:18 GMT\r\nContent-Type: text/html\r\nContent-Length: 2723\r\nLast-Modified: Thu, 21 Nov 2019 07:23:19 GMT\r\nConnection: keep-alive\r\nETag: \"5dd63b67-aa3\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:1.7.2","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2723,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"34a804348b9a09bbcf0a13c80e49604b","sha1":"1511278d428eea2de6f828d3832adba298c0e156","sha256":"eb9b5ad0bf4b0b709de142e385098538dbc73f241fbdace4af755ff7caa99ae8","sha512":"ab0eecbb7b9de9714ee8e2726f336cc7bc9c05f4b1f96deb70d3248a79d2faf43772f887b81715ee047154897622194b7a9dd9e1adf2c6fae9ea6911ddbcbfbc","ssdeep":"","tlshash":"115137b3c8f2545f4560c0c065a01e1deec1e48bd9898891b6fc4b996f4de9bcd5706e","first_seen":"2023-05-29T18:03:31Z","last_seen":"2026-04-19T08:57:58.232429Z","times_seen":20,"resource_available":true,"data":null}},"time_used":3327,"timings":{"blocked":1529,"dns":1274,"connect":262,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-19","alert":"Sinkholed","trigger":"zjfeiyi.iok.la","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/css/style-2.2.69.css","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:18.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /css/style-2.2.69.css HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://zjfeiyi.iok.la:38618/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: text/css\r\ndate: Thu, 11 Sep 2025 21:37:32 GMT\r\nlast-modified: Fri, 15 Nov 2019 05:12:26 GMT\r\nvary: Accept-Encoding, Accept-Encoding\r\netag: W/\"5dce33ba-9ac2\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\nfront-end-https: on\r\nvia: ens-cache14.l2de3[0,0,200-0,H], ens-cache21.l2de3[1,0], ens-cache11.nl3[0,145,200-0,H], ens-cache7.nl3[147,0]\r\nage: 18962388\r\nali-swift-global-savetime: 1757626652\r\nx-cache: HIT TCP_HIT dirn:12:155700169\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 301863627\r\naccess-control-allow-methods: GET\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890405268119e\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":39618,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (462)","md5":"85d3aed1b08b804e2c3d631067c7ee3f","sha1":"614bd24918d02aba1f20ef7aaa2e8bd27f804bc7","sha256":"8440a1531e9a169ccd172a478d3079ef2627436361a8c8df92007152076a0e42","sha512":"75378ff24ced2c7011b10655a90e360299feca01e4cd50b78c74eed18fe8d0a06bf8703f1bb60e9536919f28739c280968f605a899ba194d6a60d4d294f531c4","ssdeep":"768:HDc7afR08VaUJO12CmcmGuirsmYhuiqitTGv9CmRDLCfwfxAA2KQkwK+xsHxrHCb:BlEMO1prs/kiqiU9CmRDLCfwfX2KQkwP","tlshash":"d9039311e5e0221db067d177f8a5b7a97624c01b96b70fbde4ab393ce6cb0c81533a46","first_seen":"2025-05-23T06:58:34.286701Z","last_seen":"2026-04-19T08:57:58.23369Z","times_seen":13,"resource_available":false,"data":null}},"time_used":3334,"timings":{"blocked":1551,"dns":962,"connect":26,"send":0,"wait":232,"receive":0,"ssl":558},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.orayimg.com/peanuthull/img/hold-sale-logo.png","fqdn":"static.orayimg.com","domain":"orayimg.com","tld":"com"},"ip":{"addr":"47.246.48.181","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://zjfeiyi.iok.la:38618/","date":"2026-04-19T08:57:18.984Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.orayimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Sun, 19 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2B:09:37:8F:62:E8:52:EF:DE:60:EC:5D:22:7A:76:07:5E:C2:2B:09","sha256":"8A:4E:19:D7:77:89:69:DA:67:E8:88:28:B9:41:E0:5A:A2:E1:55:F6:7B:0C:F9:95:BB:A6:15:F5:B8:12:3B:FE"}}},"request":{"raw":"GET /peanuthull/img/hold-sale-logo.png HTTP/1.1\r\nHost: static.orayimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://zjfeiyi.iok.la:38618/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: image/png\r\ncontent-length: 2734\r\ndate: Wed, 14 Jan 2026 00:52:37 GMT\r\nlast-modified: Fri, 15 Nov 2019 04:40:33 GMT\r\netag: \"5dce2c41-aae\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nvia: ens-cache17.l2de3[0,0,200-0,H], ens-cache17.l2de3[2,0], ens-cache7.nl3[0,156,200-0,H], ens-cache7.nl3[157,0]\r\nage: 8237083\r\nali-swift-global-savetime: 1768351957\r\nx-cache: HIT TCP_HIT dirn:8:1374985264\r\nx-swift-savetime: Sun, 15 Feb 2026 02:37:05 GMT\r\nx-swift-cachetime: 312588932\r\naccess-control-allow-methods: GET\r\ntiming-allow-origin: *\r\neagleid: 2ff6309b17765890405218109e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":2734,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 31, 8-bit/color RGBA, non-interlaced","md5":"4d0a9e3b177fa37fc68b3ea421d955ba","sha1":"d6618bf5adf3de553fb93fb274a3f1b1e253660d","sha256":"9d75ac06834e018f32a7cd63169827170fb885b26d1c1a7f5b2d09f58e981a94","sha512":"3693bc0bd8bb3f7b9acb32055461160cbf6236c6a62a7c0ff0920eb89657f2378828c277108959734c6d4522c4ec8e94f25c0a07ffe78c40317ac33b2e8e3f2a","ssdeep":"","tlshash":"bb512b08e841fcd1a50af9a17afa449a9e3219004569fef3b0d8c0629cd67a7451eada","first_seen":"2023-05-29T18:03:31Z","last_seen":"2026-04-19T08:57:58.234422Z","times_seen":19,"resource_available":false,"data":null}},"time_used":1774,"timings":{"blocked":1538,"dns":0,"connect":0,"send":0,"wait":236,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}