{"report_id":"0495c7f6-5594-4d6d-9885-dca1eaec6810","version":6,"status":"done","tags":[],"date":"2026-03-19T12:16:41Z","url":{"schema":"http","addr":"io.hbqxwl.cn","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":0,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"io.hbqxwl.cn/","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"title":"WhatsApp Web","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"io.hbqxwl.cn","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":0,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-23T12:16:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.xdgkg.net","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-22","domain_rank":0,"first_seen":"2026-02-26T11:40:52.336419Z","last_seen":"2026-03-19T12:15:32.003346Z","alert_count":0,"request_count":1,"received_data":3689,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"io.hbqxwl.cn","ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-12-11","domain_rank":0,"first_seen":"2026-03-19T12:16:42.269972Z","last_seen":"2026-03-19T12:16:42.269972Z","alert_count":28,"request_count":14,"received_data":3637857,"sent_data":6049,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-15T22:19:58.945817Z","alert_count":0,"request_count":1,"received_data":7280,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-03-15T22:30:49.343058Z","alert_count":0,"request_count":2,"received_data":30072,"sent_data":882,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"io.hbqxwl.cn/css/spinner_style.css","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /css/spinner_style.css HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-b58\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2904,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c856959f0ff5db6a8c801c1f289c55d9","sha1":"9872106f236ecf014ca112dffb1510bdc42b8bc1","sha256":"7e5acc796a6ae576eb44fb7d2814152896be8870767226c204dc246f5c90d025","sha512":"23c4d2474c3063d3043cee2ce5ba593d23f08a52caa51dd732c5e867019d8967f783c24df95c8c99d0a4573a8b19ad86ddab1da372d0ae911a0a8a2290b32ebb","ssdeep":"","tlshash":"2c516d1e094114f7813b93729b922c25fb379463434a21d539afa9784f326cc0276ff4","first_seen":"2025-10-21T13:04:17.748185Z","last_seen":"2026-06-04T12:20:47.289436Z","times_seen":35,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Josefin+Sans:100,300,400,700|Pacifico","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:01 GMT","end":"Mon, 27 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"AD:23:3E:9B:CF:2B:A1:EC:31:14:63:D1:58:73:BB:E7:C5:32:16:8C","sha256":"B1:5F:45:BF:00:8C:68:35:D3:42:B2:67:66:47:9D:BB:42:41:07:56:3A:C4:1C:D6:10:7B:B7:53:C2:71:81:33"}}},"request":{"raw":"GET /css?family=Josefin+Sans:100,300,400,700|Pacifico HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 19 Mar 2026 12:16:19 GMT\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6594,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f82d6a7e908d25d763e7b0a80d536dc7","sha1":"ee7db82aefd59cad74d3bab9803c18ae0edca05d","sha256":"902aaffa5db55ff5ea6622fbc81cf6d1715b2d200c933b035e286df7e9f4d546","sha512":"bc52410aea4a4e71dc233700f7ef7209ed472ddbeaa7c91ac31742645ea0f6b4e9a3a01f5efe75b306028f44b9480394870f867f728062a5218bb0273f1556d1","ssdeep":"192:cg747jn7zAIj1zpRj0zksj5EZQrZWYZJZ6RpZ1:cgEP/dYd0t","tlshash":"78d113d1042be690a7831dc223ce7d329e8fa15934418975affe18ccec56c3a6361b4d","first_seen":"2025-10-21T13:04:17.749691Z","last_seen":"2026-06-04T12:20:47.286326Z","times_seen":35,"resource_available":false,"data":null}},"time_used":369,"timings":{"blocked":163,"dns":1,"connect":22,"send":0,"wait":33,"receive":0,"ssl":147},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/static/css/main.70a4cba9.css","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /static/css/main.70a4cba9.css HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-bed1\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48849,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (48804)","md5":"77cc9786f613a5c5e066fe5c7b03ea27","sha1":"aaa304115426043fbba9058aafae72e0ba9f96bc","sha256":"c24ca2ad316ea0b4a3cf668f5c2c5cb472f37fe3abcce430ea71e30954d27193","sha512":"22553f86319d29245253de82f8229e86b7abc7c9b3e7a06716c91aa685a0f5befb81d43cbf15741a9f64f8d6b61c9e41f099a15e2bab083a01b84ec60c678f10","ssdeep":"768:JtS5VDrE2drkjGyXibfL3bH19TSowv7FONGBwApyS+tJOrYw:u/02Fkj74LbH19TSoGT5YS+tfw","tlshash":"262352181bc910eafd17dd72a0e467d0613ea208e4290bbc8459b5aff1c76dc477bda2","first_seen":"2025-10-21T13:04:17.731949Z","last_seen":"2026-06-04T12:20:47.299433Z","times_seen":34,"resource_available":false,"data":null}},"time_used":872,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":872,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/js/BootstrapStep.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /js/BootstrapStep.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-12e8f\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":77455,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f76c1d59b412927131d2bdd64cac8be4","sha1":"3311c13fa7175af40427a8af270c647ec6c6fed0","sha256":"c2ade901c6e6b1dfd488789d9d013f0094b084eb65f4caa39fc6c4507c0cb60f","sha512":"90f61851503490e9c270b32b66a7bd334636ba2df959f131ab6622eb97e78a2c40261c79dc38f5049b8150bbfd85d669bcbd212e52c1fdfbe2c3278e738bf3c4","ssdeep":"1536:EM52C9Y2mVGNl5CThrtQLxL5sYpfWFt/JBOyKAWEBTxOZ8GdRcjR+BvF+ShvZIIk:EY9Y2mVGNl5CThr2vsy+BBzKTEBTxO2p","tlshash":"df73838577c6b8c1124767b7b32ab1e5e82e5cdd3088088ff544bc98f5b9916fae0931","first_seen":"2025-10-19T01:16:14.611698Z","last_seen":"2026-06-04T12:20:47.296651Z","times_seen":109,"resource_available":false,"data":null}},"time_used":867,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":867,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/js/main.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Mar 2026 08:17:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69afd38d-55db8\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":351672,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"030ac3661ec54982375e3448a98df335","sha1":"dc73cf46cb6f04b2fa093b0ee27a97d583abe74f","sha256":"014c6387e19543944b0e9443cff7654ca72b790eaf63ab2d5e3db3f837f6d749","sha512":"e5fb22e126a1d985fcfdb12132b875f89dc4b6900b22b083812da03c16543e5ab9e2bc2a98f6cd34db96f01c6721f54e5454543463b7c45f8f164f689916df04","ssdeep":"6144:Z8x8IbzfmOYBkTNTt9gEnDFU1C3OwJKNtT0l/QlqzFYPoIpNyFu7L7DwGZtixtCK:Z+8Ibz+kxjbZHOwJ8tckqpYPoIpNyFGC","tlshash":"f974c785b7c27c4112434b77772bb5f5f92a8da8b0c9488ef544bc68f4eaa13ead0531","first_seen":"2026-03-19T12:15:36.1642Z","last_seen":"2026-03-20T00:18:17.9041Z","times_seen":11,"resource_available":false,"data":null}},"time_used":866,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":866,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/public/default_icon.png","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:21.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /public/default_icon.png HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:21 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-13T17:21:36.173117Z","times_seen":526316,"resource_available":true,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/js/UpdaterPromise.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /js/UpdaterPromise.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-12494\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74900,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b751955868ca22533228a0b00b202246","sha1":"d2009cf3ce2d3fb12801fd4904f0f1af0dbb4f90","sha256":"6f5ddd748ae17d89c950678f62d8583aa7fef592597a29305df5cf0af1a691a4","sha512":"846d9030528ee05e44bed9e63c2ab5e570df85a2638c6f052549f6b677647f5b763d6761c19707595c79ef2f46b6a87cf3d34a57cf98107010f341b0b7b14043","ssdeep":"1536:JMN3MzMq3sfeJGS6q1h7lF/af9l4V3aiJLMFUZGARy9:J43+GfAxvy1qqilMoy9","tlshash":"da73528077d1b8c102875bb6b72bb1e6f82a5ce9b1c5484ef500f898f8b9915fed1931","first_seen":"2025-10-19T01:16:14.590733Z","last_seen":"2026-06-04T12:20:47.283603Z","times_seen":109,"resource_available":false,"data":null}},"time_used":868,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":868,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/qrcodejs/1.0.0/qrcode.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6083\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fad-4dd7\"\r\nlast-modified: Mon, 04 May 2020 16:15:41 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 21925\r\nexpires: Tue, 09 Mar 2027 12:16:19 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0GAmLf1BrgrUh86EvWBzSB11NsnYe1fI%2FQUSQ3bhPVdYYKqoUdQOiRP1RnL7HZrYHw0HAztJbgbs72qkIVYoYhFw6Nn%2FOPcfA%2FoD1hRTAPmkrMU%3D\"}]}\r\ncf-ray: 9dec6856dc0876ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (19927), with no line terminators","md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-06-13T17:11:18.990653Z","times_seen":62010,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":18,"dns":0,"connect":1,"send":0,"wait":9,"receive":1,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/uuid/8.3.2/uuid.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/uuid/8.3.2/uuid.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2933\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5fe06b73-1fe0\"\r\nlast-modified: Mon, 21 Dec 2020 09:31:31 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 469388\r\nexpires: Tue, 09 Mar 2027 12:16:19 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bpT5mfdRjP2LvqaDADyjjCKY8gkfV%2FQPSDZ1ggwxopeN4I%2F8rYBCyPSfkRzMPsdjHUqscPPeH6l1%2FkB3d1Bvr5%2BZnOd%2BqW5%2BfcIbUxH4CZzDKzc%3D\"}]}\r\ncf-ray: 9dec6856dbfa76ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8160,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8160), with no line terminators","md5":"50fecb6517141ce734bdc903aeb7aa6d","sha1":"ffce0e94a0a6f3b661942c5f9344e709773ec44a","sha256":"c5df6d9704bdada96df0770523058f395192ee9d1fe13880eb1d57dfe6417533","sha512":"50d3359e302038551aef86746c00f002af206d372a642f048f8c4f4b3a6787497a28c7afc2f901bdb95d17db91fbea8a789f8c3991d18d5d47663a11be30df35","ssdeep":"192:NT/XsoaxLo7L1AsLVllMA5/VYZncbsPYxb2g9n/m5iCyK08l9l4E+kghMnf4W5Qe:VX9aNo7LWsLPnYZncbs5UeiCyK0Q9l4W","tlshash":"d7f193ac6c8960afc3ef1e5d18aa304b72f07511244d8415f2a5b9fa1490eff9b36e1d","first_seen":"2023-03-29T21:08:33Z","last_seen":"2026-06-13T04:56:38.717088Z","times_seen":762,"resource_available":true,"data":null}},"time_used":66,"timings":{"blocked":15,"dns":1,"connect":3,"send":0,"wait":20,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.xdgkg.net/script.js","fqdn":"www.xdgkg.net","domain":"xdgkg.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xdgkg.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:51:57 GMT","end":"Mon, 25 May 2026 05:51:56 GMT"},"fingerprint":{"sha1":"1B:84:01:5D:10:77:07:3A:89:54:DD:AD:CE:84:02:7B:C4:9C:03:E7","sha256":"32:22:27:EE:C9:69:94:50:A6:E1:EC:8E:2F:B6:2A:0F:14:FD:03:4F:E0:B9:29:22:B9:2B:6B:2D:45:50:06:11"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: www.xdgkg.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-dns-prefetch-control: on\r\ncontent-security-policy: default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' ;\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\naccept-ranges: bytes\r\nlast-modified: Thu, 12 Mar 2026 06:04:21 GMT\r\netag: W/\"a80-19ce0a56633\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 13463\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8JRGSUxwPlEEvrml4nH6m7YLmyM7acYEpVFmDD0MhFeAPuEnqSKH4wdQZdMItJ9vTP55556q5z%2Fhh%2FQ5sDh6rlpnhguAXN4pzpnSz0U%3D\"}]}\r\ncf-ray: 9dec6856d84de9c1-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2687)","md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-13T14:18:56.85874Z","times_seen":4376,"resource_available":true,"data":null}},"time_used":86,"timings":{"blocked":28,"dns":1,"connect":10,"send":0,"wait":17,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/lib/jquery/js/jquery-3.2.1.min.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /lib/jquery/js/jquery-3.2.1.min.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-15283\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":86659,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32058)","md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-13T17:23:21.484528Z","times_seen":93849,"resource_available":true,"data":null}},"time_used":871,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":871,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/lib/bootstrap/js/bootstrap-3.3.7.min.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /lib/bootstrap/js/bootstrap-3.3.7.min.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-90b5\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-13T16:39:16.843406Z","times_seen":91213,"resource_available":true,"data":null}},"time_used":870,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":870,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/static/js/main.c5971098.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /static/js/main.c5971098.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-f042d\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":984109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"f14fc7eed6309044bdeda3e1aca89266","sha1":"e27143a7a327701aadfb6b47be812336531f4108","sha256":"667cdeff96b0201dc11142a7e77727024e36e1cfec3258be9e31a411e6a1078e","sha512":"4eccbf0e21985c797bc8adf0d6ff799dee2bf1055d10b68922a2a611794a871cde04fb32699c47a11cc0731d311cc3e09f3f1913faf3676343d6c143c13711a7","ssdeep":"12288:dtaHIiaOr9ntZ8HGGzpL+PTwC22vqahQbqzfTBifFo4FXJrNh+bbOIAgmp5t0:dtaIK9FTw4","tlshash":"b42509d9f63ca73561e56375589fb38e2a2c3857c80c867876d3f88e22799d4316af00","first_seen":"2025-10-21T13:04:17.74638Z","last_seen":"2026-06-04T12:20:47.292218Z","times_seen":34,"resource_available":false,"data":null}},"time_used":865,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":865,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/default_icon.png","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:21.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /default_icon.png HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-7fb\"\r\nexpires: Sat, 18 Apr 2026 12:16:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2043,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 194 x 194, 8-bit colormap, non-interlaced","md5":"6bb288b8ba772471f23cee4f99b54c08","sha1":"f72bf6750892a25cc40b590bafb2038109bd77ad","sha256":"3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27","sha512":"f63a442fd8a131c6b22d0a2a398d195dbc2a9c5a08a4d88c4959739df1be0df9aefa2605b11633d5ff58f40f8b8afdcc5a7b1caec31bf188a110691ec43c5350","ssdeep":"","tlshash":"26411825c7cdec6570e62c388961a3d4cc1481ed1601348a4d03d5168363e477ae82c7","first_seen":"2023-05-01T22:02:17Z","last_seen":"2026-06-04T12:20:47.297158Z","times_seen":3086,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/custom.css","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /custom.css HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-1b074d\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1771341,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ce642eda343217291148c86f1a22df1f","sha1":"e4ad2dad7b3051cf928e07c08a4f0a468cf8f10a","sha256":"fc0686b1f018677c959008e38affb7067bc98c93ec54a26cba996e9132b2d9e0","sha512":"177242629ddd2c7851b0b8df8416eb03ddceff4696644b2aaac3646512e2b264cf5de12faaf0c346d7ca75b86e4b36e39b690725de4260b786f4dafc5cc4b2be","ssdeep":"12288:/KreiDm6jGDDBUAK6iHQBJj3nnIxt+nM5vvQFTQ/lrhzmY3Z9c1oDCujHc3/Q9eo:yCn8x","tlshash":"d9253022b5f11dadec2fd25946ed5648739be7c3aa0f1fe6ba8c31548f842f80451e84","first_seen":"2025-10-21T13:04:17.7412Z","last_seen":"2026-06-04T12:20:47.290363Z","times_seen":34,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":549,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/lib/moment/js/moment-2.20.1.min.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /lib/moment/js/moment-2.20.1.min.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-c98f\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51599,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (51599), with no line terminators","md5":"5ff1de69e6fd137a6dd511205ea7c49e","sha1":"91a29a02cca99f32598f7b5764c610ab3cc89fba","sha256":"001564a706fd2bd3f1b9bbd1ac732493ac2659c207504f5e0713592d7610f389","sha512":"419fa651f350826ebb4ef5f375352a504886638e1d1394ef5d18197ba45d8e48d12fc99596da7fbc7530ec23f6f46c81706c2743971724200da8f3f43c9af0a4","ssdeep":"768:RmEj5IyZrV7dmUJ8/HhbmINN3vhg+XVspjiCumS5vcAKR1DC:wKxrV7d3g8ixXVspCmcti1+","tlshash":"cc3393ca3646b112176622b5083f490bf33d5959680f0d1df508e9e93979c6e827bfbc","first_seen":"2023-03-07T01:07:40Z","last_seen":"2026-06-12T00:39:30.366879Z","times_seen":850,"resource_available":true,"data":null}},"time_used":868,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":868,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/js/WebSocketClient.js","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://io.hbqxwl.cn/","date":"2026-03-19T12:16:18.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET /js/WebSocketClient.js HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://io.hbqxwl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:19 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 06 Nov 2025 10:41:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"690c7b45-220b3\"\r\nexpires: Fri, 20 Mar 2026 00:16:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139443,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d26219a6baeda6762dccb88c3cd692a8","sha1":"c3e5f409115d29e117607cc2eca6ef5317af210b","sha256":"e597eb5fcb211106d53ea3940d0bde89b178b093c12ada9de57f81169302ffca","sha512":"6db1170ab0c4571fc3aeed48e785dbf62bc3d03564d1c9b0dee993134db75bf85dea93e345ef801bbb7bc384446c1894705da2725900e2937303b207358962f8","ssdeep":"3072:NLnP1eVKU+ytfF6DyIA7kvo1kis3hQdhnNFn:99VytfL7kA1U3ydhnNFn","tlshash":"6ad3938177c6b88122471bb7772bb1e9f92e4dd870c9088bf154bc98f5b9911fae4930","first_seen":"2025-10-19T01:16:14.653859Z","last_seen":"2026-06-04T12:20:47.287498Z","times_seen":109,"resource_available":false,"data":null}},"time_used":867,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":867,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"io.hbqxwl.cn/","fqdn":"io.hbqxwl.cn","domain":"hbqxwl.cn","tld":"cn"},"ip":{"addr":"43.226.17.28","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-19T12:16:17.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ws.hbqxwl.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Mar 2026 03:12:33 GMT","end":"Tue, 16 Jun 2026 03:12:32 GMT"},"fingerprint":{"sha1":"8B:45:A5:0D:E7:5A:F3:9B:33:04:35:30:D4:CA:26:08:8A:2C:33:44","sha256":"A5:11:19:DF:D2:F2:D0:B6:B4:D7:52:4B:40:C5:1B:94:0E:ED:0D:9F:D6:86:51:89:77:89:60:CF:DB:BB:93:33"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: io.hbqxwl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 19 Mar 2026 12:16:18 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 26 Feb 2026 03:10:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699fb9b0-1388\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":5000,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (494)","md5":"77136a5a5744e81027fd99c549c48bea","sha1":"61a069a9e0dc8362fec45464aaa5edc12c48ff92","sha256":"b87978ca7de69604861da8468bdeed3ce323a679eb6e2a9983cb653c30df4d58","sha512":"51315b23361f34732cf75cc19bb1505292e2b019cf7b73d3b95af47cdee08ac6ad4b0d9301f4f765f34b30fda8aa35964b134fc789a349c9401be5a14d3a494b","ssdeep":"96:pdXRKkyUXFUUHyMUAxnD5v7rTXJAD1KDE8MvvBavBtjxRwjVe:pXM2FUAyMzxD5DrjORKEezjxRwjw","tlshash":"e0a196af8dd4ba28323e5d56f0e4f74b8bb44a0be011ac57b86d40bd6fc378584a3915","first_seen":"2026-03-19T12:15:36.125041Z","last_seen":"2026-03-20T00:18:17.918032Z","times_seen":11,"resource_available":false,"data":null}},"time_used":1561,"timings":{"blocked":645,"dns":94,"connect":271,"send":0,"wait":271,"receive":0,"ssl":276},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-19","alert":"Sinkholed","trigger":"io.hbqxwl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-19","alert":"Phishing Block","trigger":"io.hbqxwl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}