{"report_id":"fd475f9b-9547-4ec4-941c-81aafd9c10a6","version":6,"status":"done","tags":[],"date":"2026-04-06T13:20:19Z","url":{"schema":"http","addr":"lbank.works","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"172.67.223.238","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"lbank.works/#/home","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"title":"Lbank Markets","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"lbank.works","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"172.67.223.238","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-11T13:20:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":12,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:02Z","timestamp":1775481602,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54144,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:02.870378+0000\",\"flow_id\":2217022171785612,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54144,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":753,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.338316+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:02Z","timestamp":1775481602,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54192,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:02.875476+0000\",\"flow_id\":1700758512899233,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54192,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.365729+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:02Z","timestamp":1775481602,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54184,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:02.902607+0000\",\"flow_id\":1143920297929367,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54184,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.354967+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:02Z","timestamp":1775481602,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54150,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:02.912681+0000\",\"flow_id\":950165733259438,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54150,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":753,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.342190+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:02Z","timestamp":1775481602,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54178,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:02.913234+0000\",\"flow_id\":599687811982909,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54178,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":753,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.353853+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:02Z","timestamp":1775481602,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54162,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:02.918776+0000\",\"flow_id\":788026422870510,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54162,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.344558+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:03Z","timestamp":1775481603,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54236,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:03.121699+0000\",\"flow_id\":1034042149585211,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54236,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.606523+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:03Z","timestamp":1775481603,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54230,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:03.127700+0000\",\"flow_id\":604627024352820,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54230,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.595508+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:03Z","timestamp":1775481603,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54208,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:03.131356+0000\",\"flow_id\":1392409925844111,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54208,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":753,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.588943+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:03Z","timestamp":1775481603,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54240,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:03.141993+0000\",\"flow_id\":322640946545100,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54240,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.606668+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:03Z","timestamp":1775481603,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54214,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:03.145670+0000\",\"flow_id\":299323569081930,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54214,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":6,\"bytes_toserver\":905,\"bytes_toclient\":6037,\"start\":\"2026-04-06T13:20:02.593482+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-06T13:20:03Z","timestamp":1775481603,"ip_dst":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"ip_src":{"addr":"Client IP","port":54250,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2026-04-06T13:20:03.177417+0000\",\"flow_id\":1799280767690398,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.25\",\"src_port\":54250,\"dest_ip\":\"47.79.64.168\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"order-ress.oss-cn-hongkong.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":905,\"bytes_toclient\":1634,\"start\":\"2026-04-06T13:20:02.616094+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"domain_registered":"2012-04-01","domain_rank":0,"first_seen":"2025-10-12T15:33:58.168765Z","last_seen":"2026-04-06T13:07:09.006028Z","alert_count":0,"request_count":7,"received_data":166324,"sent_data":3666,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"lbank.works","ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-06T13:20:24.077124Z","last_seen":"2026-04-06T13:20:24.077124Z","alert_count":19,"request_count":19,"received_data":5009217,"sent_data":8770,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"h5-api.lbank.works","ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-06T13:20:24.081846Z","last_seen":"2026-04-06T13:20:24.081846Z","alert_count":17,"request_count":17,"received_data":64878,"sent_data":9573,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"storage.googleapis.com","ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":880,"first_seen":"2012-08-06T06:33:30Z","last_seen":"2026-04-06T05:20:12.669095Z","alert_count":0,"request_count":11,"received_data":48974,"sent_data":5628,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"lbank.works/","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"97f8c8865f6951413ba92e4da9459ab7","sha1":"62ecbcd57dfe13b77d90e4a4fcf2f0f8e9c79e50","sha256":"b942b992940edf6f92a6f12d6ea536481b3cf9173e5839534d546c3501d6150b","sha512":"845618d372405c2d4f03bf174417a39068a62b69c27161f1df23d30e4347e21dba54957fb16fb79736aa15da0af35892dc3d58764f0a595a739b083a90a0bbfc","ssdeep":"","tlshash":"3d11c2fe251ab02d6303405f976b7411643250a9000a544277ccdf9dab9af7dd0cfb8d","size":1054,"data":"","first_seen":"2026-03-16T14:21:39.982209Z","last_seen":"2026-04-06T13:54:01.071355Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd7a34e714de94d5c29b8ac5acdde24b","sha1":"b722bccb435490630d97ef88cafeb02d92f70fd0","sha256":"312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71","sha512":"a724bc648a508c24e5bb1788e1f02b47030893bbb0b80a99e380d95480095983a35d8ec11193c53f0a67db47a289ab608fcbc9dbca846bfdd5d61a8832290f43","ssdeep":"","tlshash":"58e07d48ff28c7f316ce28ab516e770858d104d58c1b58024cebccc86935ed87291527","size":314,"data":"","first_seen":"2023-03-11T11:23:25Z","last_seen":"2026-04-06T20:23:45.637435Z","times_seen":30036,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"528dd01eb509d1fc3c68b48e165c9d77","sha1":"8d702f33d869eb8c53cf75c17014f96385322395","sha256":"b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a","sha512":"4c1edeec560f431005363ff5291acc80c1c42edf7c9a6d6e4fde2f7539b6a35a8e36f0bc228503263277bf5df4525dc579575faadca614c32e5dfa885a2d343b","ssdeep":"","tlshash":"78a012bb71b851710cd51ba7a40455e01c20123105052c101c8d5151c011c171d394c0","size":84,"data":"","first_seen":"2023-04-07T06:55:59Z","last_seen":"2026-04-06T20:23:45.640343Z","times_seen":33839,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/vendor-Wo8uHSvm.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"00efd3e11cdcac31158125582f816607","sha1":"2add9e9209d457998729ee03f944091b651c023c","sha256":"922c1d2e36f9bc17d33bcdf32c125f4af4e1d7358dce1c5ccc8cd58572ecf6fd","sha512":"ae4fa79299d1aa9bd10b9744ec6d6aa6b08c84999fcf070d9fd29e6f990902e67cb5ac151d95c0e1b7368ce7b15885dc78dba7d82d5f19d6dde53cef80e02192","ssdeep":"24576:keTJnFsjpYOB+9IcMDJ5FzqjCeAfjdMWqdxj64H+TVhhYVGa2f:keTJnFsjFB+9IcMDxzIwfjdMWqdx+4HW","tlshash":"0a452af47692b06607ab60e2007b1407ff396e17341e84a8f16998e73d79a49d673f38","size":1235258,"data":"","first_seen":"2025-10-12T15:34:03.493019Z","last_seen":"2026-04-06T13:54:01.072782Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/index-aWplLX2k.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb0102ca2d72543dc90feb8738f41335","sha1":"b873ccaa5dd650a2dbd9feb99d5871d032051e77","sha256":"2964b9d383066201a1c63ea9986ef1ca17c4122eb7ee8f512186ec5974b9fd79","sha512":"7fdfbf5fdee5f7b208820bdac612e2e2e8b2efba6d4a178bc8e327b3c91d8e8ef577f2b100d0ddb59e4e055a0d02b92c508fddcf9709b32f9004e21c7b93d52c","ssdeep":"6144:ayUq8+mnCyMDYtogmH3KCXn0GctOBCNBu6UJUZ:hUq8+iJMcto1EOBCNBuN+Z","tlshash":"26a40741f54adabddbb76454549d1400320c3fcae00888a6f6fdae062796df973aeb34","size":461014,"data":"","first_seen":"2026-03-16T14:21:39.977336Z","last_seen":"2026-04-06T13:54:01.060301Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/en-H3Onnz80.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"37a4106f6afbfd8dd8570679787bb517","sha1":"44b2e6568d8863852fb654fbf545a165fbf36213","sha256":"f2297b39bbebcc96a9a59ef9bfd429a3c789ef3eb7fa284a28f5e373b112004b","sha512":"f0ff985c1d08919f0d083ff5512bc3f2adce410cc645181c9b03caa3abd13c5a6fbf56f2b0b1574a838657a90153bfc54385c40f17e329d996e133171fa2a4d2","ssdeep":"768:5ntZcEw/o7rDO25siqAMnIUGlg2PmPsPScH35xJnvunB:aponDOkuIUGlgLsP5H35xZmB","tlshash":"2423e68dbe164c9a05e7633a78ce2a6120f505c18355880f5fecc6fc43e2b6767a7639","size":46414,"data":"","first_seen":"2025-10-12T15:34:03.14518Z","last_seen":"2026-04-06T13:54:01.070458Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/4294bcdeb43a48839025d2914cd69f37.png?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/4294bcdeb43a48839025d2914cd69f37.png?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 34858\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B303E61358393845414C\r\nAccept-Ranges: bytes\r\nETag: \"BB27C369A3AA54D9C1F8E59E1706DA48\"\r\nLast-Modified: Wed, 18 Jun 2025 15:05:51 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2593469271640333430\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: uyfDaaOqVNnB+OWeFwbaSA==\r\nx-oss-server-time: 1\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":34858,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"bb27c369a3aa54d9c1f8e59e1706da48","sha1":"7e1b9677305cad40b686a5a1077da57c4f6cf07f","sha256":"e691621963c6de60c05c0e91cf7c65cba4191df054a3b1bd5becbef3a426f9ee","sha512":"4ff3058897ecbcee5464eb954955cc40bad7f411ee86f21dcbebe3d02ee45410b42f68c8e3a22537ef530c65c9bc9960fb36134aeced2dd36688a21c0cb02415","ssdeep":"768:FAbT/SSUokJQD9Wvnwoo2hzabJIqRw/VH3+WFxL1nHLy:G/RU4yni2kKl53+WbBLy","tlshash":"3df2f155ed69527406b90571846e302ca4669a7ebdceb11bffbd67302b3246f008e06e","first_seen":"2023-11-19T03:02:17Z","last_seen":"2026-04-06T13:54:01.057428Z","times_seen":369,"resource_available":false,"data":null}},"time_used":2007,"timings":{"blocked":837,"dns":0,"connect":287,"send":0,"wait":291,"receive":18,"ssl":572},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/svg/dark/notice.svg?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/svg/dark/notice.svg?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc52-76a\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xvmKRUPRBEwJsPkWP7Cy%2FBIRQEa%2FjMzksWntBra4hj6iYHEXS9XljYzhWomDeMyhZC0TCKRgUDH3iz8Ysta%2FKqBO37K3hZk7mtpG7iaXukXg%2F0kkGSce4IaCLjQpwg%3D%3D\"}]}\r\ncf-ray: 9e81166d89ed56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1898,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f262267496bf86de09b562db82a676d9","sha1":"a9163b950a68f56705da45159ba44533507505c5","sha256":"8c02636fda22906716b1b028e7dfde4a436cb95da0029bdeac8e201030f344a0","sha512":"c9bda0880dbea6da7260578858be5402c6a62d85cb8f8639f2313e02f7fda87ae24d05de9b87efb86dd1341dab2165b9d90524dd44d2d1938b25b63a2e1a6c6e","ssdeep":"","tlshash":"364175c659f952e4f2cdc320d6a731051e6a747730e1026cfeeea5656b308f90f8e049","first_seen":"2025-07-27T10:32:31.414438Z","last_seen":"2026-04-06T13:54:01.022031Z","times_seen":88,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":230,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/images/dark/next.png?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/images/dark/next.png?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: image/png\r\ncontent-length: 886\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\npriority: u=4,i=?0\r\netag: \"699fdc52-376\"\r\nexpires: Wed, 06 May 2026 13:20:02 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RXKISG5NjeqXUdfzYNjxq%2BDsBCdsoSP%2BpApGVXcYnrEX5Ejptr7zI0Px2IxrH%2BVWCVD%2FfRVy0%2BoYic01WOA7XNuJnT5hkYyYi%2B5Iwt6dvwECy3f4P5UJUas01gmazQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166dc9ef56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":886,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"f5568a4d34f29c24bc992d74242cd4bf","sha1":"926b70f89a9df1f1e14ca6abd61c443e5f482920","sha256":"9268da1531d49809823edf05521c3877e0b8918d26f6e87f87d1b52e8506107e","sha512":"4fdb4db334559cfc1edfe98652c7d2d726703d8b52c60e81170df794c365b72fa573ad977a09a5ebb2c451d12002420b566ab6a8946aac27cb9e353927d0654d","ssdeep":"","tlshash":"d511b7c0e38148a16d92fe2e460d5b51d3733e5a306c0f582016fc31ad4d0cb191ab15","first_seen":"2024-08-29T17:49:51.968983Z","last_seen":"2026-04-06T13:54:01.022766Z","times_seen":37,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/notice/list?key=POP_UPS_NOTICE\u0026modelKey=POP_UPS_NOTICE","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/notice/list?key=POP_UPS_NOTICE\u0026modelKey=POP_UPS_NOTICE HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlanguage: en\r\nlang: en\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lIG4DOoywDVJmxVTbBRWXZBU9gqssXHpdXX2T8nYcm6y0cLYl%2Bd5AUoKyvy7B3FNkmBSwPc8kb4jiyXG76GjqXYukirj6HpDLKkbr7iD6xlxQYTsgp%2FHI%2FfdXmQFRK8bdGZvSRo%3D\"}]}\r\ncf-ray: 9e8116709a1256a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"a3dd566ad4f4e2e766c8baf3fe846fd5","sha1":"cca3fba00b3c7b5f9dce1abbd1f810a569361cfd","sha256":"a545c8d3c2609a9aca98465a4cb08c0a0e93026f9555a621adbb31f682b30a59","sha512":"6706e7483722ad0cc8bc9c93a822979917b1174239490a76c92607799d5c6cb36bba68817baf92e336b9ab7e4cdc98bf92f6d3dd381eda48c6d3a4e45a924f09","ssdeep":"","tlshash":"94a02200ac0888822003008a8203020000f0208c22200a08fe8ee230c20023a3883808","first_seen":"2025-06-23T17:22:26.282591Z","last_seen":"2026-04-06T13:54:01.058772Z","times_seen":50,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlanguage: en\r\nlang: en\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rGnso61w68ZDOU41bJgtk%2BSKEC4F6PwJxTwm3nkvV7Ytrbqi5y2yoFrp1kTVRE4gVIS5ap7c24FdZnbZWwstfJFUL3I2nJVhKtSOZqp79oTYSO9xY6gZwmn4HbLiejsbQRaQwmM%3D\"}]}\r\ncf-ray: 9e8116709a1356a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1614,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"2f0a4ac9d237be00a6b1125234b71bd6","sha1":"b7d3894acaee0fe3ac1595f69d71f34e8139dfb8","sha256":"0ee11d23cfa0c983e360a9f58bb9c57ff0dffc751fc5b7560aeaef038ae40b9a","sha512":"b242a5f27f9fccc602fe10a20f05522cbb6622c2306f67b1078fd6d11d8da2eabe0045b0df5512081f2ee622bda68cdbe8ba5e7344882a9f1d69c3fc404ff735","ssdeep":"","tlshash":"8a31790a103c8e6a080d98c328c8bdc5da6e168bd621cd34a76bcf9d85f197a5f0f508","first_seen":"2025-10-12T15:34:03.367831Z","last_seen":"2026-04-06T13:54:01.025077Z","times_seen":20,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/47b23749312240eda5e699d778e2c0ba.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/47b23749312240eda5e699d778e2c0ba.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG2vCl6yYptUga5QOQWK7fs86FlJcoKGvj3rCWBuQ-scARXII-hCo0LfinT5Irs178Fa\r\nx-goog-generation: 1745020297149372\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 1188\r\nx-goog-hash: crc32c=CwkW/Q==, md5=lmqvQfTbhPbwMT92Tllfhw==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 1188\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:51:37 GMT\r\netag: \"966aaf41f4db84f6f0313f764e595f87\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":1188,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"966aaf41f4db84f6f0313f764e595f87","sha1":"ec31ebd55b615166aec1e4bff4a95366252f957d","sha256":"dbc3430ec06cacc10616c517f710085fd959912984173da9798bd95223efe816","sha512":"3bfbad89056f33eac8910a9d416780d6818aece383fce4b23f2a658b657a42e57a991a92c7ab958da140e3b293ff62b25771ccc0ce092c9d458d23e0ad646d9b","ssdeep":"","tlshash":"0921da29d5ed9095521586cecf0d4354d012ca70e4c42437bdd3b3f27651aa2405ad81","first_seen":"2024-12-03T23:58:43.681666Z","last_seen":"2026-04-06T13:54:01.030324Z","times_seen":89,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getAllSetting","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/common/getAllSetting HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlang: en-US\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PLF4dUabCZaXJH5lsw%2BxmhsxsQHGnVJ8xNc829ZCqgXmxiC9amivmV47BbMEY9xv9tvl7zk%2BFja72l71PPc2PpvXvWCah%2F40TFe5%2BQz2274P2ZfhcabEn58%2FCWwOvdku5DyFUEA%3D\"}]}\r\ncf-ray: 9e811666ff0456a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19718,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"065c506bd63a1ad2bf068720dde9175d","sha1":"dd5a503f7f3e373d748439d3b51371fb93d564b4","sha256":"7dc0c8b91b61155fe0c1d909b001bb23208d2a23058bc7cd1f5ac218bdc4640a","sha512":"5511cb77e49d4a31fee350a92c6b4f4ef19a22adc252b4022e3718c493bd650c7136bd94af8e7d80a4694a973c4312f55a2f98d56348c8be3205a3bdfd11d540","ssdeep":"384:YFTXphF7poM4uOSavGuFkGbf82kYkvD4dFIlM9zJCwvTSCS+O6Ro7LwyT/WXLjjy:YRXphF7poMNOSa+uFhT8f3vD4dFIizJQ","tlshash":"cb92458935dccc7e818bded220f73a91f99c64a7d489ac05a5faef5cc994130988b10f","first_seen":"2026-02-24T15:48:15.664295Z","last_seen":"2026-04-06T13:54:01.021037Z","times_seen":18,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getMt5Amount?coin=xag","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=xag HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlang: en-US\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jRJf2o6EmF0ihlecDKc%2FgsPW3%2F14e%2BvH4PRzVrq1tdOelSbBIg6NNvd%2FfmjEyF3vaaLLIdnn44ZBJ70v7FFDgWQRfqj9IIKptxjcsQx%2F4E6GdXI%2BIyvTfZPSN4AQDVt1x8ivRiQ%3D\"}]}\r\ncf-ray: 9e81166b69dc56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"36b6fa0fbea3aa876b1657941fbebab4","sha1":"934fedf776221026545e8e9f51a47c4413938add","sha256":"8a1c33919f4c1d1d73184c342370d8698684cdc892eae719bb078025ea48d5f7","sha512":"f0f971dc336c2a62bf95921dcc8f75b337d179ba162706b400ba10161cdcda9092818fefaba9c8c8eb606a2ba9baf0eb10247d172efcdf7b85b9bd9b1b5310ed","ssdeep":"","tlshash":"26a02200bc08c2c2200b0082020b030800f030ac22000a08fe8ee230c0002ba3083808","first_seen":"2026-04-06T13:20:32.830469Z","last_seen":"2026-04-06T13:20:32.830469Z","times_seen":1,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":225,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/images/dark/withdraw.png?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/images/dark/withdraw.png?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc52-3360\"\r\nexpires: Wed, 06 May 2026 13:20:02 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vS5OQC8FJxKBWbisTjI64r0jLXJKMocVYybR1SjPozVvoaOeRTMPE88PM1pKOesOmi3MezOt73XJJkK8Zi7TzUbwjS4e4RBpdKkE1ua76y%2BIFqt%2FBke5n0hyqsQmOg%3D%3D\"}]}\r\ncf-ray: 9e81166dc9f056a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13152,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 98 x 94, 8-bit/color RGBA, non-interlaced","md5":"7ac828d002e7a42dbc688ade365cb774","sha1":"72cbdbae7a865429a02ef404873b38b35051a168","sha256":"d9f70ae5f23910f88f2fd00b88d9eb5985deb7e436dbe2f323e1017304936609","sha512":"779bd430b46825981257b34916f1acd1960767483e47a5e162350510183a40d1fb5e30f283e90dd9babaae788916cbbafea34ee19da63b7330ff9a4f65a75d60","ssdeep":"192:4Xj5cTKrbG18PAMguF2L9V8lwVhBA5ey1+lA80Ss0lS1WBjUQSbyZ9HpVtTIf4YT:4Xprbc1n8lshBJZ3XBjlfHJrIRmN4","tlshash":"6d42bf8653963ba1cb562732e62ba5c733c99477054022e1d070cbf68b2e30ad37c90b","first_seen":"2024-12-03T23:58:43.66395Z","last_seen":"2026-04-06T13:54:01.053659Z","times_seen":32,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/68fffe9ad4cc4a3b89b6935e46fbe4d5.png?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/68fffe9ad4cc4a3b89b6935e46fbe4d5.png?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 2691\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B303AB4B8135380C876E\r\nAccept-Ranges: bytes\r\nETag: \"2EDF1EF8B333C40979976D1A49BC234C\"\r\nLast-Modified: Wed, 18 Jun 2025 15:05:31 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 1939274224005843766\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: Lt8e+LMzxAl5l20aSbwjTA==\r\nx-oss-server-time: 2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"2edf1ef8b333c40979976d1a49bc234c","sha1":"d75ac12795b4a9575c874e1b190712cd62a87afc","sha256":"50a1901684f223bf26594dd3415b1e50f184820a16daa810cc5452911e9117a9","sha512":"f697a1fa0786316fc01003f72621920932e2657e4acf5a471e35d02717c42c9db5a12df311895a776a563dcae9b8fc0b6721833529a054b9dbfff4c52fc564d3","ssdeep":"","tlshash":"2b515ee60252267980d32438616db1e178beabb2c3021ded6c1444954acc4b62555cfa","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-04-06T13:54:46.106637Z","times_seen":19943,"resource_available":false,"data":null}},"time_used":1856,"timings":{"blocked":789,"dns":1,"connect":265,"send":0,"wait":267,"receive":0,"ssl":532},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-06T13:19:56.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 13:19:57 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zKoZBMVYgnn1ntbQz5QzVd%2BRHAaM2mh21u7K8vlhr1VCj%2BGJTOuDyYdpHD%2BWLyUCtiHUA84z4vtcUHobPx%2BV1IJSOMgg1XSNhsqs%2Fv2yMcp6eJfVc9bcGbUAZCYNvA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9e81164c485ab503-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6644,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1100)","md5":"7577f34b4dae3a173919a56d1b5f41f5","sha1":"a34c696d7c4c02e6ab711cf3c2b9ec594cba27b6","sha256":"0e74e03082c28fd0f9c4881d5673e04982a9a1d70b7856d321357cebd74f7451","sha512":"8d9c48f1b87b46469adcb6b5b53466a960dfdb11c1516a317166499196e822a6741d8475a333a78a6ccbfe2c205ef3003b54148b96f3f62b0f92c9b1c5582d4e","ssdeep":"192:T4ZY0UNUqRGKYCIVRMVZCxf+2nftZbOuB1Xibiifo:iYUVSZCxW2nSWiA","tlshash":"6fd1c5b76db0d45a2362462aefd7b4045e71a243820e9c64b4dc54ec8fc1fe984c7bb5","first_seen":"2026-03-16T14:21:39.961857Z","last_seen":"2026-04-06T13:54:01.056383Z","times_seen":10,"resource_available":true,"data":null}},"time_used":536,"timings":{"blocked":28,"dns":13,"connect":1,"send":0,"wait":480,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/b590494435e840efb3a83d5c28be1c93.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/b590494435e840efb3a83d5c28be1c93.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG2yfsKhyXMV9wy-C0E1HC3kecpsiQwr46RTyxp7Iv6DqtKgANA3PrwUumRg9x3KazEj2UC8Jrs\r\nx-goog-generation: 1745020499887843\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 4645\r\nx-goog-hash: crc32c=k7eN/A==, md5=1JUmbOvuOHySP5w1t6dQBA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 4645\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:54:59 GMT\r\netag: \"d495266cebee387c923f9c35b7a75004\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":4645,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced","md5":"d495266cebee387c923f9c35b7a75004","sha1":"d3f85952e625fc4c5fe9bdb3733a9d589d0c658f","sha256":"4488825ffc7f5ae1a7d6a517b4c0a01d8a04d6d21ff595a0c77af68444d4ff4e","sha512":"c08c85a60a40a3be62902b6b7be8e16130cf5716d8acdde8fd90fb5e11413ad2bfdb70518e51e2cf021f19df146edcafdd090185fb0e12c4395ad2fc72a304c2","ssdeep":"96:A4BTR3Hu4Fv5sYCHq7n/8++i4bnl7a1lh6FqEnPCc4XU+oFq:A4D3PFv5s75957JqEn6/","tlshash":"52a17d987f1437a0e9a011b3be17ae618a4c5c180f993557e1ebd4b249344f0eaaec60","first_seen":"2024-12-03T23:58:43.612755Z","last_seen":"2026-04-06T13:54:01.019504Z","times_seen":32,"resource_available":false,"data":null}},"time_used":564,"timings":{"blocked":266,"dns":1,"connect":29,"send":0,"wait":29,"receive":1,"ssl":231},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/6975424d477b47b0931dbfa3311d96c1.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/6975424d477b47b0931dbfa3311d96c1.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG0h2tz5Iu7nqjZ1ZzvqqqcgsSsIlzX6Wse6pDfyB1mXNR8BHkBf0NDD5xl99pouGZM\r\nx-goog-generation: 1745020606386310\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 3479\r\nx-goog-hash: crc32c=57TTNg==, md5=SN7N3TJIfLQlWt5z2YUcSg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 3479\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:56:46 GMT\r\netag: \"48decddd32487cb4255ade73d9851c4a\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":3479,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced","md5":"48decddd32487cb4255ade73d9851c4a","sha1":"b8b756a4c0939ec61bc43be85f33fa812c931fb5","sha256":"c44f67a7fce9160b64a5e5735c99a71e1c607a6a944d1851086cc82ab3bbbce7","sha512":"c0b2a77390356925e8a17e1aa7d632e17c73ea8cc2174674f44a728f2c69eaa87711085b500f2ea9183b89f27a8c7f6a8be2049be6fe4aeeda37ae4494e50158","ssdeep":"","tlshash":"8e717e4bbcef5a82d1cc93b606dafe22333fd3e5a609de2447d024147d854a598ecb11","first_seen":"2024-12-03T23:58:43.609936Z","last_seen":"2026-04-06T13:54:01.018521Z","times_seen":39,"resource_available":false,"data":null}},"time_used":345,"timings":{"blocked":146,"dns":1,"connect":29,"send":0,"wait":48,"receive":1,"ssl":108},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/index-d004Qfnb.css","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://lbank.works/","date":"2026-04-06T13:19:57.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /assets/index-d004Qfnb.css HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:19:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc60-879cb\"\r\nexpires: Tue, 07 Apr 2026 01:19:57 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6uPSPzVfzCYncTPxfSLViLkjpuhz%2FIBeDMNH%2B00CzLOf5TdOzCrvCDwUSnNgaksWfyzgPQlshgwZcekOKvUa83q7PlQ2Y3QWR%2Bl5LFWbtq0AcH%2FxSb6FdCPOt5JrXA%3D%3D\"}]}\r\ncf-ray: 9e811650889b56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":555467,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65022), with no line terminators","md5":"c465978191b4c0270be81253a4dff9a3","sha1":"68d4c4f8517bf9f292382fbe6ff277cf813d6dd9","sha256":"fc1819864c7a422e4938715a8e74506a298365a581dc660c35d5f7a10ba9cd8f","sha512":"0421482089f9dfb4d090320fa3c13e90e6d50397f5ed7dc9c71f311888f8fe3861a743e90d7a705ec35e04c7f46677cd63f32e48fc0e21acafdcaa5b10d56b5a","ssdeep":"12288:WB/NJNZ8w71ZACkFDS3vyf58rBeV05T7L4WK4dm5zIBE:WB1JNZ8w71ZACkFDS3vyf58rBeV05T7G","tlshash":"91c4f969b194113d6e37d5a96bc89acce12cfe21cc029ee4f243551a0ec7bf7236161b","first_seen":"2026-03-16T14:21:39.953756Z","last_seen":"2026-04-06T13:54:01.008346Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":459,"receive":658,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getCoinList","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/common/getCoinList HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlang: en-US\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Prkq0SjKDYLlBKAlyWrFZgptHeAnXFRrPVIzW0K9DPNp64z%2BrX9jdD606PvEux8huTNpiE%2FcdLaqZpiAiYPKVkkK0npYPtM9k0Qzavj6kT9xOuuu264FiQkbrm8C6a9ZYYgXvks%3D\"}]}\r\ncf-ray: 9e811666cec556a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25086,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"2464f115153ee542859dc12c35010818","sha1":"dd17d05bfb9d0b465534350ef9ed6ff75fed004d","sha256":"90e2b27b75e522da752ffcbf4a270ccae970d74e2ebcafe67c7d3246b3717c72","sha512":"9482406f398d00043e0fed0cb55566f8e2132a7cc936a8f5ff635cd673c11b83c8758a77cddd1e3a19569f93ec66a6776e12508f3379acadd5513760e428affa","ssdeep":"192:6Ssl4yfsci7sbEDu1kWXAZ2H4wnqXeIZEwwhGYduXKhNejkA6FR7QxGJJtG+smFF:uxHKIukbtUEygojtDN4PotN3qQgf1n","tlshash":"81b23355523c55bec579d0e12ebf3a12509c35afecc58d1b82de8c8c8ed4eb16a0af06","first_seen":"2026-04-06T13:20:32.83462Z","last_seen":"2026-04-06T13:20:47.870581Z","times_seen":2,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/svg/dark/news.svg?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/svg/dark/news.svg?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc52-d95\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UShsORfsJYQfWzxCRL2KmrFfKdqqxu4QfhvYGI2CW5XqJhNF8VNYoHxRaj1J1CUk7SRJy2EHMA0bRE89tV1x%2BkkgXSGzJvqqc3YUM%2Bt4TfhC8G3Np5%2FvLGkttdNNYQ%3D%3D\"}]}\r\ncf-ray: 9e81166d79ec56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3477,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7fb17d9dbce63d1c2af62ef5259a2ae1","sha1":"be10daf7b8bbaa6418403f9df5fa6f862f8b9e73","sha256":"c342d750b3a6822a4ec4ce675d7feb9c846797175a610fd9364ab54b90587163","sha512":"be9f20a33df58c934ba2e2a8f85f139eed53427d46b4f69c84731ca2c5476a05753985e9257ce8cab71faea0b000c5b536ff02dccff92ad2f0a6deb53c500177","ssdeep":"","tlshash":"2971a7e362f807edf68ae325c27108256fa7b5bb2986c18cf1ac5a5e1f211c41d8c5e5","first_seen":"2024-08-29T17:49:51.972033Z","last_seen":"2026-04-06T13:54:01.05139Z","times_seen":30,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":479,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/42d7d93625c842a6a0b8c054ff8e7395.png?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/42d7d93625c842a6a0b8c054ff8e7395.png?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 55728\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B303C78BAF38316703B0\r\nAccept-Ranges: bytes\r\nETag: \"48384A67185DBDFEEF3AA43C99D3319C\"\r\nLast-Modified: Wed, 18 Jun 2025 15:06:05 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 3192987439189544564\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: SDhKZxhdvf7vOqQ8mdMxnA==\r\nx-oss-server-time: 2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":55728,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"48384a67185dbdfeef3aa43c99d3319c","sha1":"23e15189bebafbbec8b23e8ed0f3392a9b7979ee","sha256":"1ceba4efa6a645fbe532e520385f37001922e14b6aa7b4ebeb19e755014feb39","sha512":"2f7a13f56ff64b874a76994d00f198c5fc2b7424181935e641eb81bcf171db54fa50b711502c0c4a7e8f5c934ed5747233d87ae0602916244947d3724eb3ce10","ssdeep":"1536:5ko5w6RHlzxqElMwBI6M3iD+oLKTn6EPwhk6g9p6uP5I:x5fR9xjlMGnMSDYLPJ6bOq","tlshash":"0d430247c0529ed2c68853aa0e3de48a84779d12358f80577ce6525a82e2df29bd770f","first_seen":"2023-05-22T05:59:44Z","last_seen":"2026-04-06T13:54:01.067693Z","times_seen":383,"resource_available":false,"data":null}},"time_used":1951,"timings":{"blocked":821,"dns":1,"connect":277,"send":0,"wait":281,"receive":7,"ssl":558},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/cc73371a98b648e1a06468426f654cb7.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/cc73371a98b648e1a06468426f654cb7.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG1UbtIig3Rj_QVo15C3Pmq0ql2rrTXA4gQw_NTxyeMm3vPECiBp5DOV3nF82yKolyAL\r\nx-goog-generation: 1745020446239953\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 3479\r\nx-goog-hash: crc32c=57TTNg==, md5=SN7N3TJIfLQlWt5z2YUcSg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 3479\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:54:06 GMT\r\netag: \"48decddd32487cb4255ade73d9851c4a\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":3479,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced","md5":"48decddd32487cb4255ade73d9851c4a","sha1":"b8b756a4c0939ec61bc43be85f33fa812c931fb5","sha256":"c44f67a7fce9160b64a5e5735c99a71e1c607a6a944d1851086cc82ab3bbbce7","sha512":"c0b2a77390356925e8a17e1aa7d632e17c73ea8cc2174674f44a728f2c69eaa87711085b500f2ea9183b89f27a8c7f6a8be2049be6fe4aeeda37ae4494e50158","ssdeep":"","tlshash":"8e717e4bbcef5a82d1cc93b606dafe22333fd3e5a609de2447d024147d854a598ecb11","first_seen":"2024-12-03T23:58:43.609936Z","last_seen":"2026-04-06T13:54:01.018521Z","times_seen":39,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":140,"dns":1,"connect":27,"send":0,"wait":29,"receive":1,"ssl":111},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getMt5Amount?coin=xag","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=xag HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U20zld992VMsT1bItWVKDzTcUOymv9lxivjP%2B1%2FxRfuG6O6KCL0euo6BasIh6qX3CcPMcPubUhNsUZnGvVFBqBP6d6skw00CoILVUoktpChbqRbgYMhNKZMUsAGW5zRLqruTVdQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166859c956a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":488,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/en-H3Onnz80.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /assets/en-H3Onnz80.js HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/assets/index-aWplLX2k.js\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc60-b550\"\r\nexpires: Tue, 07 Apr 2026 01:20:01 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L0jAjW9DOOJkLA1Sk4JDdSh30KXvG%2BJgZRIf6Qi7XsSB%2BbQCWMQ3x2XkVOmCNO95TeYK0k6p0LkwbaE3sWsqz1uQ1d3H1uo8u8w%2F0Q3aWsbHRmmNUwId59xLM0qR1g%3D%3D\"}]}\r\ncf-ray: 9e811668b9ca56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46416,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (46385)","md5":"37a4106f6afbfd8dd8570679787bb517","sha1":"44b2e6568d8863852fb654fbf545a165fbf36213","sha256":"f2297b39bbebcc96a9a59ef9bfd429a3c789ef3eb7fa284a28f5e373b112004b","sha512":"f0ff985c1d08919f0d083ff5512bc3f2adce410cc645181c9b03caa3abd13c5a6fbf56f2b0b1574a838657a90153bfc54385c40f17e329d996e133171fa2a4d2","ssdeep":"768:5ntZcEw/o7rDO25siqAMnIUGlg2PmPsPScH35xJnvunB:aponDOkuIUGlgLsP5H35xZmB","tlshash":"2423e68dbe164c9a05e7633a78ce2a6120f505c18355880f5fecc6fc43e2b6767a7639","first_seen":"2025-10-12T15:34:03.14518Z","last_seen":"2026-04-06T13:54:01.070458Z","times_seen":22,"resource_available":true,"data":null}},"time_used":711,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":482,"receive":229,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/fonts/Arial.ttf","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://lbank.works/","date":"2026-04-06T13:19:58.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/fonts/Arial.ttf HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lbank.works/assets/index-d004Qfnb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:19:59 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 1047012\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\npriority: u=4,i=?0\r\netag: \"699fdc52-ff9e4\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ixkbl9VZM3BK%2BmWBMMOLiDb2OoWm9for2kVqm93iNeDG%2FCKWkBBvCMCmsDJl2Ql7D7rsydAqqzp9nq39XPeRYl4QGto5fYCPSi9tXs9804Lntg6yBNGlC%2BP7CKRe7Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81165838fd56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1047012,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, digitally signed, 25 tables, 1st \"DSIG\", 58 names, Unicode, � 2017 The Monotype Corporation. All Rights Reserved. ","md5":"ffe66dbfc4b07f36ef38dd621ad2c7cc","sha1":"e032b102cfc37c3226d17e1b462edea5fbf8fe1c","sha256":"c1216a01b3cc4e94df72577a6f618154058a1d8999ed58fa31ab7e54c7e4be4b","sha512":"3c7952b71c8117938c5284efca0e0b3e8c20d7b84c74a4890f76a72af3b26295786b0f7c33d9b6c980527b4c4c8dad628d1f5e7e5f202d11076367f082349bb3","ssdeep":"24576:NoQIQRjo/Y7wjgTmKJ4WxA7EAD4OBfDamXKE6AMra:NHIQJo/Y7wjgTm0PxAwJHE6hG","tlshash":"f125be0bf3929f0fe3902b38c9a5d761939b76189b2743b73d8c5858ecc85a45e487d2","first_seen":"2023-07-29T15:16:45Z","last_seen":"2026-04-06T13:54:01.043069Z","times_seen":856,"resource_available":false,"data":null}},"time_used":1877,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":473,"receive":1404,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/platform/daidai/config.js?1775481600553","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /platform/daidai/config.js?1775481600553 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L3A1Al9V1lu54RfmaplEWpbPjkbDYaXpkx0mhnPENovGxcfgXq4gcSF9HhqwC1fR5%2F3ZzkR5xl3Y5t1bA81baW88Z4nRpy48aHiC1l6%2B0Q1Mxz9tG47BiZJC2sm7zQ%3D%3D\"}]}\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\npriority: u=3,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nexpires: Tue, 07 Apr 2026 01:20:00 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"699fdc52-112\"\r\ncf-ray: 9e81166389ad56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":274,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"dec0eb9e75f67888d25107f44c89ff0a","sha1":"592e790fd844f78e4fa9df4a39ecdf5f5301dbb7","sha256":"470370341d4a4a7fb1c473ff49bc8ea64470b73727a15bd9f53aeb514e37102e","sha512":"2a9fe5ead7d98a8e3db69b5382fb3ddbc9c4db1444d13c307213f9aeff7997541dd0bdcf5faa07c361bd560a263525ee3434a9f4f8c478877a924ac037a321ec","ssdeep":"","tlshash":"8ad05ee915b48a0a28304629addc8b21f4c21273894d061fb87c4c00afb750015a4e78","first_seen":"2025-10-12T15:34:03.426834Z","last_seen":"2026-04-06T13:54:01.052057Z","times_seen":20,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":476,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/notice/getAllNoticeList","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/notice/getAllNoticeList HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlanguage: en\r\nlang: en\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7EXXd4UsWcm0GG%2BHzxojK4fEtw15W%2Fg24738s9RXP5%2FEmBVZClbjAXVoI11Dbq3XNtVbAbGQ3Zr44%2BG0%2F%2FiYx9NiB0LrbMkUE%2FcM3rxN58C3NTBpJvTVzQhq3U4XL1gf4NiBfXg%3D\"}]}\r\ncf-ray: 9e8116709a1456a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2180,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"7649c231c96aef3a1babc3576d6dfd1a","sha1":"bfcfddbee1a7ae50056332bc5dfd2b48384aeda6","sha256":"e864be80bd26a8fe48146f180497f7f020245767ae2e2ee02fb237d411ffad4c","sha512":"abbb67a4baa006f094542902203de44a0c6838eb7b19362d2646cd2aadb80576393ba05eba6b5825be9306cb6fb56c4703bd768221a232f70ea6366eed3793d0","ssdeep":"","tlshash":"9c419d0e107c8e6a080998c318c8bdc9da6f1787d661cd34576bcf9d85f59ba5f1f508","first_seen":"2025-10-12T15:34:03.22187Z","last_seen":"2026-04-06T13:54:01.06458Z","times_seen":20,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/88728f47fce24ffc9b058781d5511127.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/88728f47fce24ffc9b058781d5511127.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG01bzd0Fc1SC1UOoTvwqjF7bsaRToSAfQK2yXIn32p3rcAXG1lh9NPYlKvb8FQtXBF5RTiMNKk\r\nx-goog-generation: 1745020334043985\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 1717\r\nx-goog-hash: crc32c=Nlh/mQ==, md5=wDYR9+ijfd9z5qYqQ+rRlg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 1717\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:52:14 GMT\r\netag: \"c03611f7e8a37ddf73e6a62a43ead196\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":1717,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"c03611f7e8a37ddf73e6a62a43ead196","sha1":"f5d6f08be3d751747f618cd7af90f4ec8dc3d97c","sha256":"a19e79dd72b71fadceabd2a6cfcc04b18738157e104b54cf960eb17ccd1cd6ee","sha512":"968346372809cade34940284062a06ad5811a15ff481584675cdea3d77addda5b6da00562479f7ac4a98a8a289d70cde9d409d024048039f354cbc5b200edb08","ssdeep":"","tlshash":"39313a46b4497a5e02e204ff815da62b0f99ee43f0f89308ae60d04c3d718cfc91a0de","first_seen":"2024-12-03T23:58:43.643729Z","last_seen":"2026-04-06T13:54:01.036271Z","times_seen":96,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/type/defi_activity_type","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/common/type/defi_activity_type HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang,language\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fPL9jBYyBjxEiG8xsCeS7KEDkTN28HcFARxhYt6PcwbJjlEcLxxcY%2B%2FXoRMidpqb6L9aC8y90WeUuxztwIioPHIFdbEHyru%2FAWSD%2FqaeBB1uWFYuBSGrOgb54mRPTTquaZAJGdQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166e89fb56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":451,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":451,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getMt5Amount?coin=xau","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=xau HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P7yK4dJbvGONJ8wn%2Bo5QZ%2Fk1E1f2VwmPBnzTdkwA4waFVCtT4uwG11Vh%2FFg5pB6L5V4UhzLoJeRrvpqKC0zEZv0HMehSydUL1HhbFJYLn6j9JzH9162oDiMV%2FGMCdQ4BI9Un8Ys%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166859c856a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/images/dark/recharge.png?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/images/dark/recharge.png?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc52-3cac\"\r\nexpires: Wed, 06 May 2026 13:20:02 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=02Zah%2F1qJdS0g9Kkyr%2Bl27Un5Q0n5e2KLXXG7RJgCnRWaG7qHpa6sgT5TE4eowD5t1VTNgiVVq68e4JBLow9YMWTPXNi4mPsxjWRHxKKhzehTFemeLLF5EGxjhdEYQ%3D%3D\"}]}\r\ncf-ray: 9e81166dc9ee56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15532,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 94 x 106, 8-bit/color RGBA, non-interlaced","md5":"1eb5562268f70f381bc951d99105e60e","sha1":"111709c4e1c8e7c0861ffaff6f96c9d1e2f09b4a","sha256":"5b286557c5752c916f63844866437b681e613279daae1a3dd6515f48e3254a7c","sha512":"00c13b4a5488fb6dfebfab1a2264fc5071e6da7d6c95ff5a5ecad2b7b82637e4a27e983551b5cf860af83bcb684ca430ad8d936dcc818a32ee0afb56db741504","ssdeep":"384:fv659vBB5h9qD4Lx815k2PYMKTPMvRZoi3GPeUh:q5hf9mnXm0zGPeG","tlshash":"0362d054027ae89937489069cd37ec8df776ee65881fe5c2f78450fd2166ed084da40d","first_seen":"2024-12-03T23:58:43.676059Z","last_seen":"2026-04-06T13:54:01.04759Z","times_seen":32,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":219,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/95fbb973959046e49662d48f114487bd.png?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/95fbb973959046e49662d48f114487bd.png?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 28273\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B303BC6A5B3239836D0D\r\nAccept-Ranges: bytes\r\nETag: \"D5CA5F90C7A46CB88E5F57B2D3046BA8\"\r\nLast-Modified: Wed, 18 Jun 2025 15:06:25 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 651333452456791640\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: 1cpfkMekbLiOX1ey0wRrqA==\r\nx-oss-server-time: 3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":28273,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"d5ca5f90c7a46cb88e5f57b2d3046ba8","sha1":"4a46fba9e1f7e0419539519e1936e6002f99b3a8","sha256":"a584af003890eeb5d527e91031218b66fc8d429ce7d8ddc5f5ceb9efaf627a40","sha512":"60e2cb71c7155b2f51159c37f53d85c567698b9baec7ffc34ec898df057fb64e2528909f68df9e901bf5243a4ee451f0ff432e210db1635ca0c448073e7811e2","ssdeep":"768:CXuoEFXvWj4CBn04bX73fOlLiRO2lFIVmfSD:9FXvWj4CueDGlLmOuIcqD","tlshash":"b2c2d005f8f592ca744cc6104925cd97f273a15b30a53eda3ddcca6f7f9c9e916a0282","first_seen":"2023-11-19T03:02:16Z","last_seen":"2026-04-06T13:54:01.063366Z","times_seen":338,"resource_available":false,"data":null}},"time_used":1324,"timings":{"blocked":1047,"dns":0,"connect":0,"send":0,"wait":267,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/vendor-Wo8uHSvm.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /assets/vendor-Wo8uHSvm.js HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:00 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc60-12d93a\"\r\nexpires: Tue, 07 Apr 2026 01:19:59 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\nage: 1\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eib8jd%2F%2FjbLRYL8vk3pRCb8hCklXTJJJwAII1uBwQC%2FEIEceOxrhU9TBaLc1UPAx8oA%2BDzDu7%2FH7dfD2ZwtD0k3jVrSgoebAey3PZHkujZpcmvOMIsdNdrpuITxc9Q%3D%3D\"}]}\r\ncf-ray: 9e81166209a156a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1235258,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1b85ec90abaf60e146474ee87ab0a30e","sha1":"cd6383c2271babc6685ec31d7774c4fea081bc5d","sha256":"3fe018c9c68a85227e22530906a38120206a67cdb8df180000a5b9b7ec17e1b8","sha512":"4399317b7fe142d0a743606c326853c91d094842326c62398656ac702737df8b89f01a13126628247f600f27081420570a6f6d3757ec64ebf70bdefd2c904ec7","ssdeep":"24576:keTJnFsjpYOB+9IcMDJ5FzqjCeAfjdMWqdxj64H+TVq:keTJnFsjFB+9IcMDxzIwfjdMWqdx+4Hf","tlshash":"bf252af47692b06647ab60e6003b1403fe395e17341e84a8f169d8e63d79e49d6b3f38","first_seen":"2025-10-12T15:34:03.360486Z","last_seen":"2026-04-06T13:54:01.049369Z","times_seen":23,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/platform/daidai/logo_144.png?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /platform/daidai/logo_144.png?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc52-ea61\"\r\nexpires: Wed, 06 May 2026 13:20:01 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6RXGa270YvA%2FoPthG4x74gMPUy2Q3nXOC15VjuE7tevnS0sWwQjUonC5FU7Q4xFFfPz9HDkrnr%2BOSO7CiqrVoFlGBkR4c7VY8y9jxvTXtjNXkxjclIuH2zpI%2Bm0R5Q%3D%3D\"}]}\r\ncf-ray: 9e811665d9be56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60001,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"b1f9361f655c161f5fff2ea19442fb2f","sha1":"e26bd48c2c810e956ac221980caefdb4e35fea27","sha256":"0021008e47e5d9d00d9e1b71d5282edd8737b53a78b9a052024beb79f97b6ee8","sha512":"c2ca1b39521bd752be31f6c24f9fb85730336e894552aff268ef8a04f86f489c1bcb83e980de9e27ee7fd682c77942400ea7ae61bd48a2e703b9112dc51022c3","ssdeep":"1536:1Bix01i0j5O7my5P0X5hjuqOY88gFQ09EYmpO:+OIOxy5KhKBtQ0ONpO","tlshash":"0e43025847ff50af5db19e71b6a5a2acbdf8ff9791357f285c4144c00e2868a317101b","first_seen":"2025-10-12T15:34:03.401376Z","last_seen":"2026-04-06T13:54:01.046171Z","times_seen":20,"resource_available":false,"data":null}},"time_used":898,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":459,"receive":439,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/platform/daidai/logo.png?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /platform/daidai/logo.png?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc52-ea61\"\r\nexpires: Wed, 06 May 2026 13:20:02 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DamBGhhlAVSc5XyULYAcNVml4BceIJ3CDYE%2BZtm7zgJBElCiW1mIfLW6AkdO2JoIS8s9iN%2BnzPFh43GDb5qq0O5BlOYrHgJ46dO5HjPRtK3hhTprRlk9G7NZLAcb5w%3D%3D\"}]}\r\ncf-ray: 9e81166d79e956a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60001,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGB, non-interlaced","md5":"b1f9361f655c161f5fff2ea19442fb2f","sha1":"e26bd48c2c810e956ac221980caefdb4e35fea27","sha256":"0021008e47e5d9d00d9e1b71d5282edd8737b53a78b9a052024beb79f97b6ee8","sha512":"c2ca1b39521bd752be31f6c24f9fb85730336e894552aff268ef8a04f86f489c1bcb83e980de9e27ee7fd682c77942400ea7ae61bd48a2e703b9112dc51022c3","ssdeep":"1536:1Bix01i0j5O7my5P0X5hjuqOY88gFQ09EYmpO:+OIOxy5KhKBtQ0ONpO","tlshash":"0e43025847ff50af5db19e71b6a5a2acbdf8ff9791357f285c4144c00e2868a317101b","first_seen":"2025-10-12T15:34:03.401376Z","last_seen":"2026-04-06T13:54:01.046171Z","times_seen":20,"resource_available":false,"data":null}},"time_used":695,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":239,"receive":454,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/notice/getAllNoticeList","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/notice/getAllNoticeList HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang,language\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qi774MtzX0tyIGCtEVaYklSW6BnfUWz3A61VpFwv5vUpyu90zBVuzAxH6Nbn5Zyc1X%2BznPT9Pg4U2cVshF9%2BhtKEL3XMCKq38DCFW8I79GQc8Ej2UJOvVbmSOdKL%2BWoAe8qzMdY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166e89f956a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/db65338ea5a9491984c940ec9e9cfe79.png?2.2.1750264722663?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/db65338ea5a9491984c940ec9e9cfe79.png?2.2.1750264722663?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 2274\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B30393A7E935375C5F21\r\nAccept-Ranges: bytes\r\nETag: \"674B0999F6083084A2A4B1D8B20F3BC1\"\r\nLast-Modified: Wed, 18 Jun 2025 15:08:58 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 2919851811578833622\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: Z0sJmfYIMISipLHYsg87wQ==\r\nx-oss-server-time: 1\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":2274,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"674b0999f6083084a2a4b1d8b20f3bc1","sha1":"8d14a526e83604e323723b4d25f8f8066f1ede70","sha256":"632f9cacb6b3fbedece774a8d27c436f37dc359de3bb0872ea19603b70347708","sha512":"4c04d137c2448c0d52a4298c858f95c58116c1d77e75899f5acdf6bb61ed839dbdc99fd5556eb63793b81258de40e515540acaeab007da76664476c9be2e514f","ssdeep":"","tlshash":"cd414bd7c53300ed9128e735b8c3ee819c00628d183bb46b89f5ec60b2346d31a53a98","first_seen":"2024-01-05T03:21:29Z","last_seen":"2026-04-06T13:54:01.068283Z","times_seen":389,"resource_available":false,"data":null}},"time_used":1915,"timings":{"blocked":815,"dns":0,"connect":274,"send":0,"wait":275,"receive":0,"ssl":549},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/c3814e70d39e45f49ea590f4c4e37d3c.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/c3814e70d39e45f49ea590f4c4e37d3c.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG1tHRR7SHWP0aNNWde-4pj2ykrI0DfONdHAfiM9ucME9zKUT60bkFDHDLiCvKXREfjI\r\nx-goog-generation: 1745020290975795\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 1936\r\nx-goog-hash: crc32c=aCP/tA==, md5=gGHrhAihO0V2VKsTlTGY+w==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 1936\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:51:31 GMT\r\netag: \"8061eb8408a13b457654ab13953198fb\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":1936,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"8061eb8408a13b457654ab13953198fb","sha1":"b3c6ec63544ec3bfdce48b8595c1d0776b9a373c","sha256":"24694648b0f76973506d291e2206c941e5d55be5ea85ed6c11fc408a0d518894","sha512":"ee8c844a1d8ac78116b89df7ea1e2880e8425f7c5ff8ebbc59dc0bbb1aa963d2c49a8db92337c3709bc1c412606d88c5a3f3c5005d5c6c05b7e002aaea4f3a29","ssdeep":"","tlshash":"f2412c4b12016e699ab1060d5ae1134c54fec8b4d496ac907d30ff98eb87f588ec934a","first_seen":"2024-12-03T23:58:43.639463Z","last_seen":"2026-04-06T13:54:01.009931Z","times_seen":89,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":138,"dns":0,"connect":0,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/9669976d5d024b4f9ae92d2f01118bfa.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/9669976d5d024b4f9ae92d2f01118bfa.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG0pTMqhgOCsYHfmpIFlSI522778tH8yLiEyQMNKo2zDEl0RCRBAE3bOCvxB_jQdGoRmaFqmmxs\r\nx-goog-generation: 1745020353527348\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 1265\r\nx-goog-hash: crc32c=gdb0vQ==, md5=6FywUDRdYn4/40KqFOuhxQ==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 1265\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:52:33 GMT\r\netag: \"e85cb050345d627e3fe342aa14eba1c5\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":1265,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced","md5":"e85cb050345d627e3fe342aa14eba1c5","sha1":"966c36a1be038fd0bb9673e455ff3b6188f47453","sha256":"e9a792d1a596130e30d7b945e466f2691a563090f1ef06fe06fec57d7193e0e8","sha512":"3c97550a30076a06c1c785192fae5a5fcdc73aef866a69df4c5c4c891f35add2e58f895c7d671faec539ec3836898283385311e7479c7f4ef9ba7a6dd65893a7","ssdeep":"","tlshash":"0521b717faffd94437722d83839a85aeb07726082e004809345e49c5ec2a8885ceef44","first_seen":"2024-12-03T23:58:43.646323Z","last_seen":"2026-04-06T13:54:01.010904Z","times_seen":101,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/441231b01aa04de3a285d7508dc2d13c.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/441231b01aa04de3a285d7508dc2d13c.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG3RJ83YY5QoDo5p9-RVndX-Z4MwKYHXd6Hu30JGkxCKCKGYZvc8SbrJjiWirPWGCyqQ2pYGG6Q\r\nx-goog-generation: 1745020438974095\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 4705\r\nx-goog-hash: crc32c=6huIEA==, md5=s5p8tWApKDHG+Tu9aiXaDA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 4705\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:34 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:34 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:53:59 GMT\r\netag: \"b39a7cb560292831c6f93bbd6a25da0c\"\r\ncontent-type: image/png\r\nage: 29\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":4705,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced","md5":"b39a7cb560292831c6f93bbd6a25da0c","sha1":"551d9149f970a19714fd5312f6fd564fb54cf672","sha256":"78688c041613cb11a877167acb871bcc8d3a88a34a2ddd8138d269603321c275","sha512":"efb29f017bfa387d6cb9938f7682c291a295394922a557015c7aecf223ed5ca466f63eff1f3eb08204713a17b5c78a25b8ccd9a454d3032372bdc7a418742013","ssdeep":"96:A4BTCefpP3ofM/U5Oe9PUfDuzgmw3GCVcXn82NHyrrgoSYNZQi:A4gefpP3ofeU59PUfCkmw2C882NHyrrj","tlshash":"77a17de1bb58026596cd23144f13ea701f37d82b1c928d7e79446a928ccbeb94dcd26e","first_seen":"2024-12-03T23:58:43.691694Z","last_seen":"2026-04-06T13:54:01.069496Z","times_seen":32,"resource_available":false,"data":null}},"time_used":569,"timings":{"blocked":268,"dns":2,"connect":14,"send":0,"wait":29,"receive":2,"ssl":248},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/index-aWplLX2k.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lbank.works/","date":"2026-04-06T13:19:57.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /assets/index-aWplLX2k.js HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:19:57 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc60-708d6\"\r\nexpires: Tue, 07 Apr 2026 01:19:57 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7fybO0%2BHcfLU%2FoPDnc3twQdXaesWFY6iR0bD8%2FMC3MOQrkuANevwu6eA2WaIMIfhaz9vT61dgWzs1Ln6d9xixZS89HG5ZYvwAPgO4MZN7EjePr7EKBLi7avH6Xu8lQ%3D%3D\"}]}\r\ncf-ray: 9e811650889956a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":461014,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65512), with no line terminators","md5":"cb0102ca2d72543dc90feb8738f41335","sha1":"b873ccaa5dd650a2dbd9feb99d5871d032051e77","sha256":"2964b9d383066201a1c63ea9986ef1ca17c4122eb7ee8f512186ec5974b9fd79","sha512":"7fdfbf5fdee5f7b208820bdac612e2e2e8b2efba6d4a178bc8e327b3c91d8e8ef577f2b100d0ddb59e4e055a0d02b92c508fddcf9709b32f9004e21c7b93d52c","ssdeep":"6144:ayUq8+mnCyMDYtogmH3KCXn0GctOBCNBu6UJUZ:hUq8+iJMcto1EOBCNBuN+Z","tlshash":"26a40741f54adabddbb76454549d1400320c3fcae00888a6f6fdae062796df973aeb34","first_seen":"2026-03-16T14:21:39.977336Z","last_seen":"2026-04-06T13:54:01.060301Z","times_seen":10,"resource_available":true,"data":null}},"time_used":1114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":460,"receive":654,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/fonts/DINOT-Medium.otf","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/fonts/DINOT-Medium.otf HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lbank.works/assets/index-d004Qfnb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:03 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 73096\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\npriority: u=4,i=?0\r\netag: \"699fdc52-11d88\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EZa5Rq6ykpbSCfDRvAcvHNExfr%2BoDP3YwQEvSydQAm1kdUvmd71r%2FrIg3QCQrekhEawu8NXW3QZoiOpxbxcfAK7%2B%2BFRvrbXuVU9c1jhGaPD0%2B%2BjLiZ1BJkQWE6bZ8A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e8116708a1156a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73096,"size_decoded":0,"mime_type":"application/octet-stream","magic":"OpenType font data","md5":"ab876400560626fbe045633dc44f0748","sha1":"85bbfb1729e86f40ddc9af7197b5f54ed6136226","sha256":"5888b24f6b65ff7c989b4a258dbeb5d997320d61417371210da0258be21d854d","sha512":"82e96ade51b0570c1f691ba45d1a3c0802015dad7598954675c4abe2fa8a9fc705adbe6eb5e677aa5cc03b6704e594cfe99279c678855ebbbcbade6d5028dbd6","ssdeep":"1536:TlK/cP2D2oV7otQjBG1+acfZZHHDEdom1hvd5JItkB7k3Z:TKQQtG1yZSdomrvpIqcZ","tlshash":"0b636f031d4fb9548de4513a52de4ea34bb39ecc1ca493c30ae12d938fece6657152ae","first_seen":"2023-08-16T00:37:20Z","last_seen":"2026-04-06T20:00:07.044826Z","times_seen":594,"resource_available":false,"data":null}},"time_used":862,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":439,"receive":423,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/35312847a61d4db7904ad31e4f9d1d94.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/35312847a61d4db7904ad31e4f9d1d94.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG3DXhLWrwJirhIeJc41NCLxTh9YzGHFLLLb-VSDep7GmhSyCcblRV_GqC7KNXxbVcHZGr6jE8s\r\nx-goog-generation: 1745020514975317\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 4038\r\nx-goog-hash: crc32c=Jm0tVg==, md5=ySH99aJu8MmTdTSQFqKWBA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 4038\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:55:15 GMT\r\netag: \"c921fdf5a26ef0c99375349016a29604\"\r\ncontent-type: image/png\r\nage: 29\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":4038,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced","md5":"c921fdf5a26ef0c99375349016a29604","sha1":"59f1789d13480332e111408c46a0d7ea7e6b2276","sha256":"03022e7ca4bb6d1f9ee43462c8f210861bf085783328e30f0c44ebd3e894eada","sha512":"7456eaf0bd8d6477a50b3a7bc9e5a073d141726242e3ceec7f8e6788c6440ebdc1601e7cb795ae47d61e9c720f554885ec672429b50dc3261ad2b72d1eb71cce","ssdeep":"","tlshash":"fb816e5cf7c1e629d4153b3e4852ec16aeb493292b0ca3450adcf42baf05daa153bf16","first_seen":"2024-12-03T23:58:43.61418Z","last_seen":"2026-04-06T13:54:01.059449Z","times_seen":36,"resource_available":false,"data":null}},"time_used":620,"timings":{"blocked":294,"dns":1,"connect":30,"send":0,"wait":28,"receive":1,"ssl":257},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/vendor-Wo8uHSvm.js","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lbank.works/","date":"2026-04-06T13:19:58.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /assets/vendor-Wo8uHSvm.js HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/assets/index-aWplLX2k.js\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:19:59 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc60-12d93a\"\r\nexpires: Tue, 07 Apr 2026 01:19:59 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NjKbRLEzZvdTEI%2BUjcmLHnsHVUQo%2BtPgohmaYm5mOK7HL3ADfGosvuGAooiG%2B3A81KYAHQjIKg65zCnrAFw8hOnTEaSzdSC7qw6DF4n6y%2B58JrKTECxPkQYNw13BfA%3D%3D\"}]}\r\ncf-ray: 9e81165818f956a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1235258,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"1b85ec90abaf60e146474ee87ab0a30e","sha1":"cd6383c2271babc6685ec31d7774c4fea081bc5d","sha256":"3fe018c9c68a85227e22530906a38120206a67cdb8df180000a5b9b7ec17e1b8","sha512":"4399317b7fe142d0a743606c326853c91d094842326c62398656ac702737df8b89f01a13126628247f600f27081420570a6f6d3757ec64ebf70bdefd2c904ec7","ssdeep":"24576:keTJnFsjpYOB+9IcMDJ5FzqjCeAfjdMWqdxj64H+TVq:keTJnFsjFB+9IcMDxzIwfjdMWqdx+4Hf","tlshash":"bf252af47692b06647ab60e6003b1403fe395e17341e84a8f169d8e63d79e49d6b3f38","first_seen":"2025-10-12T15:34:03.360486Z","last_seen":"2026-04-06T13:54:01.049369Z","times_seen":23,"resource_available":false,"data":null}},"time_used":1391,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":469,"receive":922,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"h5-api.lbank.works/ws/8e53d810-a967-4633-a227-24ca319ec931","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /ws/8e53d810-a967-4633-a227-24ca319ec931 HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://lbank.works\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: WzEUAWJZ6BycKNLpPVmvHQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 \r\nDate: Mon, 06 Apr 2026 13:20:00 GMT\r\nContent-Type: application/octet-stream\r\nConnection: upgrade\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://lbank.works\r\nAccess-Control-Allow-Credentials: true\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: th4tM5c+TT4psFO/LdTjTN5YVtc=\r\nSec-WebSocket-Extensions: permessage-deflate\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yahkxo0uQwuurs%2FUOn3ZPNcElBXwDc07R67k1QcBvGmZMNCyzCQvVPrL73eTnH2XhmB3EqdDS8IkRj17TaWNr8Aqrir15ZUizS8WBWrF%2Bpa8EI%2B2Ii7Q5amk7odWWgPcaLX9mg0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nServer: cloudflare\r\nCF-RAY: 9e8116630ad41a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=490\u0026min_rtt=477\u0026rtt_var=158\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2344\u0026recv_bytes=1194\u0026delivery_rate=5218018\u0026cwnd=52\u0026unsent_bytes=0\u0026cid=7cb4ef8ea3d43106\u0026ts=256\u0026x=0\"\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":0,"dns":19,"connect":20,"send":0,"wait":245,"receive":1,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getAllSetting","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/common/getAllSetting HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f8G7G%2BMZQsIn6gJPX%2FalRETI3F1wmWQhYvgRd%2BpmlQOx%2FLObjPNy%2FrukfL%2BrNPmV0W6jv3LdcdT7FMW6cg47BadwwlYvGEM6SNhD6uTKmU2Xo%2FBZrGwNvEl2yd7dahcShxAkDt4%3D\"}]}\r\ncf-ray: 9e811663fbd156a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":603,"timings":{"blocked":56,"dns":1,"connect":2,"send":0,"wait":483,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/36bbb9bbf87e4bcdb3fcf15cb0baf0f1.png?2.2.1750264722663?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/36bbb9bbf87e4bcdb3fcf15cb0baf0f1.png?2.2.1750264722663?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 12869\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B303ACF6C5383709B3F3\r\nAccept-Ranges: bytes\r\nETag: \"A533EECDEE5A789E7D94F8F79F95D588\"\r\nLast-Modified: Wed, 18 Jun 2025 15:09:20 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 18158548296662870332\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: pTPuze5aeJ59lPj3n5XViA==\r\nx-oss-server-time: 4\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":12869,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"a533eecdee5a789e7d94f8f79f95d588","sha1":"f1ae6df3a9baf6dbec969c6d1ab622850a282895","sha256":"ea257fac91d01858b7dfd0361f8b480caeb3d57b080570ef4b4f41d5d7e68c90","sha512":"e46ca5c2239c89c783805b1f4e17664118e57e95dff6513b8ff917aaaa763b922c6286b48d0e6daca644ae30c3e821674dade74a056837865353b451c50d074b","ssdeep":"192:3GSu8nGgOCcrSaheqQThcTrOcOAasSqXzcxfuZWfWOKJ6mVgCd7mOOwRB0IG:5/POzrSTThcTaPAaFqXzcqG6ekvP0IG","tlshash":"1442bfd83898c3e455233e69d56e4c138122251a66588517f22a2b7dbf03af27fcf1e6","first_seen":"2023-11-19T03:02:17Z","last_seen":"2026-04-06T13:54:01.035508Z","times_seen":414,"resource_available":false,"data":null}},"time_used":1997,"timings":{"blocked":841,"dns":1,"connect":283,"send":0,"wait":298,"receive":1,"ssl":570},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/93c80fa5b62c4d3a9b7f062872216759.png?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/93c80fa5b62c4d3a9b7f062872216759.png?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG3g3kRBmp_R8XyIBDMDC6mtt8T-M3GvJXr6CGjNkv2NRALxkHDqo_gAnlVPPC2RkMM\r\nx-goog-generation: 1745020468615657\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 4700\r\nx-goog-hash: crc32c=b2wVhw==, md5=q+yjq/yb1+k4zgP/5DNoRg==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 4700\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:54:28 GMT\r\netag: \"abeca3abfc9bd7e938ce03ffe4336846\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]}],"data":{"size":4700,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced","md5":"abeca3abfc9bd7e938ce03ffe4336846","sha1":"14da412e77a271a07ecedce2ae59bf9ec3e82d7e","sha256":"ef98e502113bd47d0cd313a36cb869c901b0098d422ab945e145dc6f85023cd9","sha512":"f1ad211c48a84c19f4fe27095bf9440f862c904a27bd6119afe1b01c0f7fe2f09f19b4b43c750722f9eb02f50e7e792faee7c2519df673d872bb1c0602d85a8e","ssdeep":"96:A4BTb4irVgrOkLvZp93nYXEIMGWknNUl2BofAfo9pByRzBYJ:A49Vgr1RMXEIFg2ifJ93UBYJ","tlshash":"43a19dd5b07772a4d047ab3a3517b39afe75b0e841c98bccb71c1138992508af0fe205","first_seen":"2024-12-03T23:58:43.611351Z","last_seen":"2026-04-06T13:54:01.032325Z","times_seen":33,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":158,"dns":1,"connect":30,"send":0,"wait":40,"receive":2,"ssl":125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"storage.googleapis.com/order-ress/order/dotdigital/17f4d30c988b469ab8f5d77f70541fb7.png?2.2.1750264722663?2.2.1772080721246","fqdn":"storage.googleapis.com","domain":"storage.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.91","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:03.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"storage.googleapis.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Mar 2026 08:43:22 GMT","end":"Mon, 08 Jun 2026 08:43:21 GMT"},"fingerprint":{"sha1":"EA:FD:AE:C3:4D:55:AA:2B:98:9C:8A:7F:76:1F:EF:A7:2C:01:20:D8","sha256":"DB:64:BF:0A:A9:6D:C7:B9:C6:03:CD:F3:CF:BA:A4:D7:2E:04:D7:30:AE:7A:E0:2B:6D:3F:E5:9E:AF:61:FE:70"}}},"request":{"raw":"GET /order-ress/order/dotdigital/17f4d30c988b469ab8f5d77f70541fb7.png?2.2.1750264722663?2.2.1772080721246 HTTP/1.1\r\nHost: storage.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-guploader-uploadid: AMNfjG0DSdSfPEW8FgMhCP47JZ_8OpGvFV8STdNJRy_WjFjSok-r4rDG78xFTXa3I5dl1RZ4uskSKgE\r\nx-goog-generation: 1745019318140028\r\nx-goog-metageneration: 1\r\nx-goog-stored-content-encoding: identity\r\nx-goog-stored-content-length: 9807\r\nx-goog-hash: crc32c=bTyaFQ==, md5=EtlyJGF1nO//AtkHaj0nGA==\r\nx-goog-storage-class: STANDARD\r\naccept-ranges: bytes\r\ncontent-length: 9807\r\nserver: UploadServer\r\ndate: Mon, 06 Apr 2026 13:19:35 GMT\r\nexpires: Mon, 06 Apr 2026 14:19:35 GMT\r\ncache-control: public, max-age=3600\r\nlast-modified: Fri, 18 Apr 2025 23:35:18 GMT\r\netag: \"12d9722461759cefff02d9076a3d2718\"\r\ncontent-type: image/png\r\nage: 28\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud Storage","description":"Google Cloud Storage allows world-wide storage and retrieval of any amount of data at any time.","website":"https://cloud.google.com/storage","common_platform_enumeration":"","icon":"google-cloud-storage.svg","categories":["Miscellaneous"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":9807,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"12d9722461759cefff02d9076a3d2718","sha1":"6b763fea0b17257a36b90c465593e1629aee0564","sha256":"af89450e1873196692af0d9d4d0c03218b4be8091171b9d8f7349298d4e82586","sha512":"8eb0f616162be914a3945fb383250796e1134da22e8ae612f403f28804ac04b7fd0f607e132403dc28505d80377c9281601cb23ef1f0814e08584428f3efa05f","ssdeep":"192:4V3ZO9Gxo9H+wp5qh6BKfMPaB2kXTfwoVqO2Rzhj7TfhBcHEhaI9yLKKD:4V4GxoYwp5wQKfMP6LXT7V+RzhzncpLb","tlshash":"7112bf66ab39a301d66d2bbe5cc59302db15ad10dfe14a3fcb840980370c6f9de5a6c4","first_seen":"2023-11-19T03:02:16Z","last_seen":"2026-04-06T13:54:01.030936Z","times_seen":363,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":31,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/assets/vendor-x9cjFMb5.css","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://lbank.works/","date":"2026-04-06T13:19:57.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /assets/vendor-x9cjFMb5.css HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:19:57 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 26 Feb 2026 05:38:40 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"699fdc60-1f7d3\"\r\nexpires: Tue, 07 Apr 2026 01:19:57 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7g8rXm%2FJbguyXI1BEk0ATpAY7nlsdBY3%2BdT0R69TTsFf9%2FrwH7N9mhELRkmiWkeVasEhFszugXZXt7Y92VP6Ky%2B2T6gXyWpRbh7TYXm6E9oUjY%2F8mwu0t2m8%2FotOJw%3D%3D\"}]}\r\ncf-ray: 9e811650889a56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":128979,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65022), with no line terminators","md5":"8aae6495cc32f9cfc33ffadc8f196469","sha1":"0b65772fadd18e147f35b8c4da97f06ed3b5216f","sha256":"f97391798602059cc9c709719543cef6eb99ce969e15732773c62a77380a53cc","sha512":"a91858f85b71cc9ad90e0c09527f9c9821fe2dc98c757baa7becb8af608589ba3ee01540f7b01d34e54e53f17c38e3305b806daf5a98c419f84b93b2deb8ec6f","ssdeep":"1536:ZTIyNBi3MFYaQj73rx3WqyrtpqoSWEDZEnTt1Im1Ah5aIzs:ZdN0rxmNH9yDWTkNu","tlshash":"85c3b4a5e6c491bc6f2bf2659b87a6d8f23cf621dd01caa4f105511c4fc7bf50223a29","first_seen":"2025-04-17T23:40:08.97449Z","last_seen":"2026-04-06T13:54:01.066133Z","times_seen":24,"resource_available":false,"data":null}},"time_used":928,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":475,"receive":453,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang,language\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FczAeiUOmEk8kNUCfsRjQUWtHEEab4P%2F%2Fv9ExKDkiIzeUIA982WJQFVfXNggkqlTK52brUGtQ4kMIh31W5lhgAsUAV6f1hsqmWpIaYGosX%2BUxX5uUHEKiAMqvgh2dlT8l%2B7tzsI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166e79f856a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/resource/fonts/DINOT-Regular.ttf","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /resource/fonts/DINOT-Regular.ttf HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lbank.works/assets/index-d004Qfnb.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 46828\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\npriority: u=4,i=?0\r\netag: \"699fdc52-b6ec\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PxeFuAZzGX4Wj3TZWrEn5qB%2BVxXUrzyVyddfv0HMgpK9zKStqbWcKjLx8Q5gvl9j25t%2B5Qn8Q7cCVCgqkfUP%2BA16kNpaLm4QcikObLB2gO0%2Br5rtCDLo7d48Cc68BQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166f3a0356a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46828,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 15 tables, 1st \"FFTM\", 32 names, Macintosh","md5":"3117fb8bc58475ec7dcf97fc721e5034","sha1":"db9717e9d42e4b84a2851447bfbae69d9e966455","sha256":"c87211b0403e88bfd50c1cd22fe930b294ecb35dca3c3e27bf62180244452d69","sha512":"38d3494e2a4178e9bf543a66d0b4caf5f975dbbf6719ca2b0854653299a80515d06a48a4c96ada4e5d89be0247723027347ba0e8a0a20362c545e1de3187b8bb","ssdeep":"768:SYCwdlARps23lxBus0JEg9vr5aZKSRSW9kzSJDr1LNu1E8c:y8mjxB90JEg9vr5eKEFLNEc","tlshash":"1b234a81b3154f8ec2a2ba3699171392e624be3977e647c7d8b981ff705c1c34d64a83","first_seen":"2023-08-16T00:37:20Z","last_seen":"2026-04-06T13:54:01.017761Z","times_seen":191,"resource_available":false,"data":null}},"time_used":893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":452,"receive":441,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getCoinList","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/common/getCoinList HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=soIj%2FUkQ76VcvVmvv4NQaKLKmm1xq5XXT53%2F2WoQHkNs43BImcyVaYm06%2BQZ8jrbHVsd2iG5i3xCmCiAdGryGjQtQqHxXBzhAdABECxb5cXpnPbCUp2KLqeZ%2B%2FfPUqtUXhOqdOg%3D\"}]}\r\ncf-ray: 9e811663fbd256a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":561,"timings":{"blocked":56,"dns":3,"connect":4,"send":0,"wait":446,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/getMt5Amount?coin=xau","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:01.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=xau HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlang: en-US\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AeBSfFgdwVJI3rNovfiyLL3rYuWXph0sh%2FTQnlMoJDUq4ELf07IZpP47xEQLvDXLV2Bzm532F%2BnvalJF0bmZH8iQ7Ew8nBimqAzazA07Sqoy0NXPvzl4bIiEHLX%2BWlOtXzg0Swc%3D\"}]}\r\ncf-ray: 9e811669d9d056a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"ae1debd1a5d39e4ea6e2f7a1197521fd","sha1":"1fe94f535776c07e0d1ac8e390dbfa9ee3842f07","sha256":"3e7535b5295c36f5d11daaacdf87e67742ce9eb935c19724b0d3a1184b6175ca","sha512":"986c4901119d5307402c665488bd3efba4edbbb0afe13479e798d4d47f4a9b6a1d52683a3ce439863394b6505cfa46c1436f67b7384f184e7d0f1427f6ffd175","ssdeep":"","tlshash":"51a02200fc088882200300820233020000f0208e23000a08feaee230e2082ba3083808","first_seen":"2026-04-06T13:20:32.851578Z","last_seen":"2026-04-06T13:20:32.851578Z","times_seen":1,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/common/type/defi_activity_type","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"POST /api/common/type/defi_activity_type HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nContent-Type: application/json\r\nlanguage: en\r\nlang: en\r\nContent-Length: 2\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:03 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Imd31whwNOz%2FrXQACm%2F5ZoZuBWEjXpJT81pJjT9EAG1DHOsJh4Wp3Zjx1tn%2FdKLkCx2MhMu7iaxbhHYGwVvT38Ddz2rMVoA%2BI0xefdlf%2B4imgZdE6BiW3Hd8%2BkMUGgagMd5GNTg%3D\"}]}\r\ncf-ray: 9e8116715a2456a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":656,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"377547c8f767a60f400a02dae63eb33a","sha1":"90cd91d3318010114e6daa8f9e160beb4b0ac382","sha256":"3236498fcb921e4ac10b93fef88ecfda5469b4e2a3be7512090865a46e87d800","sha512":"a0116018b798349f620642b15c673ebf74df3b2a7eac2c1e0afc994b91ac5333b2301804efeff7f64544fd95553001b4d4b19a17c8b8ce7eef63218a74ea14c8","ssdeep":"","tlshash":"01f02814393dcebf095f65d745ec78183adc152b94e0bc60a8ab4f3c6be4171188a21c","first_seen":"2025-07-27T10:32:01.636668Z","last_seen":"2026-04-06T13:54:01.054463Z","times_seen":148,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":229,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h5-api.lbank.works/api/notice/list?key=POP_UPS_NOTICE\u0026modelKey=POP_UPS_NOTICE","fqdn":"h5-api.lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"OPTIONS /api/notice/list?key=POP_UPS_NOTICE\u0026modelKey=POP_UPS_NOTICE HTTP/1.1\r\nHost: h5-api.lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,lang,language\r\nReferer: https://lbank.works/\r\nOrigin: https://lbank.works\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:02 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://lbank.works\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type, lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6UKBkLbZdpIhHIYA2YabWHFUIvNgh3IVQPWCeOEy5I%2FVwZZf6KJmrGhDRhwDwm%2BMcp1mB%2FcgdplR5HkfnpkPe3rndbnv5VbTHUX0iK7Aj1l4YLmGbFOlH%2B70IFx7VsvrJaJw9hY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e81166e89fa56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T20:11:48.938958Z","times_seen":13435734,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":222,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"h5-api.lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lbank.works/platform/daidai/favicon.ico?2.2.1772080721246","fqdn":"lbank.works","domain":"lbank.works","tld":"works"},"ip":{"addr":"104.21.32.187","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:00.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lbank.works","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 04 Apr 2026 17:12:52 GMT","end":"Fri, 03 Jul 2026 17:12:51 GMT"},"fingerprint":{"sha1":"D3:D9:08:34:84:BB:48:06:11:34:DB:FD:9A:2B:70:30:AC:CA:23:8A","sha256":"F2:80:E0:CD:30:A6:28:0B:DB:3E:D5:2A:ED:99:81:11:51:50:42:74:B9:1A:EC:B9:2F:74:DD:C2:50:E6:CF:6A"}}},"request":{"raw":"GET /platform/daidai/favicon.ico?2.2.1772080721246 HTTP/1.1\r\nHost: lbank.works\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 06 Apr 2026 13:20:01 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kxqxz%2F8Gxmaywx9urdJaLmufxQw%2FA4XCnf%2Br%2FertvtsksDborvh%2Fj7yk%2BH4XaXpUPQVXtLEmAmEZfaTz5Mkj9LGv6%2Fsbjf3LqV8W3jn5k80Ys%2Bc3%2FJ0iJO7E9ZROSg%3D%3D\"}]}\r\nlast-modified: Thu, 26 Feb 2026 05:38:26 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\netag: W/\"699fdc52-10be\"\r\ncf-ray: 9e811665d9bf56a4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"bf805e47b1b53c75d7ac9617d14257eb","sha1":"822988bac94d1522cd6bd96cb2efbde2b6b87195","sha256":"cf32c1ef3dea89fd503b4dcc9b0fdfdaefba29a92917f892aef28f04c5ba5b38","sha512":"aef4be69f3fd3b8928f61801fd3855d3f0aa4504bbee996a95219bca850b1df9d582d7756104e56e6efb6cb228efa7ce2780945d8105e7a4cea2b81e1c10b0e4","ssdeep":"48:sCUKrLKfyO5S90rVZoRNC2NNyszjvWNkURN5bCZQyO57s0qc/O:2KAy6hwbl6JtO","tlshash":"a29165aa1056a92fc392c9375e836f390d62de93d9368d0fe317b101c76c059b813aec","first_seen":"2025-10-12T15:34:03.396155Z","last_seen":"2026-04-06T13:54:01.034494Z","times_seen":20,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":472,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"lbank.works","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"order-ress.oss-cn-hongkong.aliyuncs.com/order/dotdigital/4b71330721464eca92b6c26d30ebfeac.png?2.2.1750264722663?2.2.1772080721246","fqdn":"order-ress.oss-cn-hongkong.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"47.79.64.168","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lbank.works/","date":"2026-04-06T13:20:02.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oss-cn-hongkong.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 04 Feb 2026 11:46:56 GMT","end":"Mon, 08 Mar 2027 11:46:55 GMT"},"fingerprint":{"sha1":"07:DD:45:99:F9:D3:55:D6:EB:41:00:22:C7:FA:B0:8F:DB:0B:E9:4C","sha256":"F5:2E:3B:65:89:04:A9:28:79:6A:C1:49:B6:17:06:AB:A8:09:30:D8:2A:1F:43:B7:BB:27:72:92:C0:3C:54:F8"}}},"request":{"raw":"GET /order/dotdigital/4b71330721464eca92b6c26d30ebfeac.png?2.2.1750264722663?2.2.1772080721246 HTTP/1.1\r\nHost: order-ress.oss-cn-hongkong.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://lbank.works/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: AliyunOSS\r\nDate: Mon, 06 Apr 2026 13:20:03 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 25649\r\nConnection: keep-alive\r\nx-oss-request-id: 69D3B303BC6A5B32391F6D0D\r\nAccept-Ranges: bytes\r\nETag: \"670C723ABC22056BC5368CA2A97DD6A2\"\r\nLast-Modified: Wed, 18 Jun 2025 15:08:41 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10769821075161595358\r\nx-oss-storage-class: IA\r\nCache-Control: no-cache\r\nx-oss-ec: 0048-00000113\r\nContent-Disposition: attachment\r\nx-oss-force-download: true\r\nContent-MD5: ZwxyOrwiBWvFNoyiqX3Wog==\r\nx-oss-server-time: 3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":25649,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 250 x 201, 8-bit/color RGBA, non-interlaced","md5":"670c723abc22056bc5368ca2a97dd6a2","sha1":"5ba69b915180c31e4d35a524a9de7b3409ef80a8","sha256":"11192935f626fdb37ddfd8418d754feee326fc6f0a3ce7aa6e61283a820d8b09","sha512":"546901ff0dd66b4768e7560c2ccdceedc3bdac577eea114e600613d98319bde07a84d4fd8a303f4c34c05b3a26c73f03602ba38aaa5436dfcdac6712e0868652","ssdeep":"768:9SDR4lelsfdJTM1JiB+mP9LsYKPlAgezlYWXu23fgiqs:9Alsfd9MqBZ1L5MGgQuW+2vLqs","tlshash":"feb2d076137254ea4442115b97364e812c39f4e3adea6e2c7507a40c7d4a33b30db6bf","first_seen":"2023-11-19T03:02:16Z","last_seen":"2026-04-06T13:54:01.020275Z","times_seen":402,"resource_available":false,"data":null}},"time_used":1827,"timings":{"blocked":777,"dns":16,"connect":253,"send":0,"wait":261,"receive":7,"ssl":510},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}