{"report_id":"49ef6c29-0aa1-48a0-a0f0-64c316a98d3a","version":6,"status":"done","tags":[],"date":"2026-05-04T09:11:21Z","url":{"schema":"http","addr":"sc-he.cn","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":0,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"sc-he.cn/","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"title":"Coinbase - 安全加密钱包,购买和出售比特币、以太坊及其他可靠币种","dom":{"size":29866,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"2807de889d24c3c83b82126328afcd3f","sha1":"9f73fe5a9531ae04acdeb5ad79283a2cfba96c30","sha256":"9f67ef5600f8c717e23fb0937045eee0399307fc4990395a2a92365ef2543a67","sha512":"092691a8501e82ea5edc462c7223a30c44ec5b2839c751630a17f40dada44e1ff3cf80617133fd6a989cd3c4bc6c3f211391bcea4241f610dcfeb48fea024a7d","ssdeep":"384:XGhDL+j3hM6GVlQMTw4435OhacL/xHsDrv:Xki3RGVlHw443MnWDrv","tlshash":"f4d2542994f678aa11d381ea5971075fbe94fd13e8af120072ad4fcc4fd2e86ad0351e","dom_hash":"domhash0100c14c8599cc6141c758869f4ef2b5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"sc-he.cn","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":0,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-08T09:11:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"sc-he.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"hm.baidu.com","ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"domain_registered":"1999-10-11","domain_rank":54491,"first_seen":"2012-05-26T08:38:45Z","last_seen":"2026-05-04T04:58:03.569246Z","alert_count":0,"request_count":2,"received_data":30875,"sent_data":1299,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"sc-he.cn","ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-05-03","domain_rank":0,"first_seen":"2026-05-04T09:11:21.431687Z","last_seen":"2026-05-04T09:11:21.431687Z","alert_count":4,"request_count":4,"received_data":47097,"sent_data":1719,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"sc-he.cn/","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-04T13:55:56.300135Z","times_seen":110618,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"1c5c9160600df2d96d69a4ea16cec7ed","sha1":"3cf678c9135cc952ba6970ef545035bb757a443f","sha256":"a3520fe88e248d2b6c9c6db93309a037ef969fe297208e5bd7e49a55bb32c808","sha512":"2a298a8c2552c6a6c6f8d3f7327d2e9abfa87a0dbb27e9e528a8539b416155c0860f54f46464dfe7e5d49c7906a9eacdac7e5181b86ef15a83276a8f4fee0546","ssdeep":"","tlshash":"078004d531c35040475331d400571cd4503444f014444d544040d4511c55030d1154dc","size":37,"data":"","first_seen":"2023-04-11T21:49:14Z","last_seen":"2026-05-04T13:55:56.300135Z","times_seen":110618,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?044d696169ae7850cd2709b64d8307eb","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"71532b3cfbd6666f483fcd86f708c368","sha1":"c03f40b9f081e8e4cd478a21eb9ae4835db16eb9","sha256":"8edb42e2cec749598928054887b5abb1defa22f48d5b382fde39c5a31b1549d6","sha512":"0109d4b79ddb50289a9832204b9ae6c6a196bcdbbbe0fbaeef87fe84cd232404d865b63b1d47a482f1c7656a6a19123896442f288469ccf75efafd71338574e3","ssdeep":"384:FqJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:Fq4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"b0d2d9e9b282713293a324a5153f324af07b5a54bd4968a4f11894c07d38fbb027bfdd","size":29893,"data":"","first_seen":"2026-05-04T09:11:30.121885Z","last_seen":"2026-05-04T09:11:30.121885Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"dc293d861d78acfcaa1b14cc235bcb5b","sha1":"3b9c830f6f61dbe959857bf7aad816b2476a2a6a","sha256":"6c2b4d58a9251c7afed071a0ed83c1d3d2195945620f75dc17fb140af1af0878","sha512":"27361acea79e1fdc3e19afe198d17849e129845c2e7b5e52cf45703ef1a17e31e3df1363876f9d5129f43c472b5e040489b27308ced8bac5fc89dcc1e7428bb0","ssdeep":"","tlshash":"b9f052ed2396cc693da73eb9d227611851eb0d340c8888789e4029451cd4a3386d209f","size":504,"data":"","first_seen":"2026-05-04T09:11:30.130664Z","last_seen":"2026-05-04T09:11:30.130664Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/js/main.js","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"bca8ec36bd03b47e00c4a3b5bc8078b2","sha1":"ec4fe993ccd7ac236f3936474b8f32f878aef001","sha256":"27c68a741f21a5055377409417abe8fd31c26813526d31a1a707cb4b60d479da","sha512":"5a9eea88e49cc2ec2b76cecc518e579ad242c7b0692a75d93092d13a798171ac3c298353909cd0b576424d0cff8b374a14e7ba51c3f5535bd8ec7e5774ac41c3","ssdeep":"","tlshash":"22218b1b626414714233b3b5d7bb9b49fb3b112b60015a463d5c49882fb18c69df3faa","size":1217,"data":"","first_seen":"2026-05-04T09:11:30.116836Z","last_seen":"2026-05-04T09:17:28.187286Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"8243937ebe22b67a0cf2efee355fb0d3","sha1":"95134c129f1266c49ad2f120b738c66e386d5c52","sha256":"a1f5c5d9b4d2abc22b48a6a9ba59118215a471a5340b53eae8a6da92d9f176bd","sha512":"197d76b1026593906e376240819c87f1c97ec8aa4d1723839aa004c04df6dbd9e8e9b7fd53adea02d787812b38c0fe2b474e654d330388ee2351006cf80a3aa4","ssdeep":"192:+1FaU3j3ysM6GVru4rpNMwn2W8MTOr4435OhtozYLiadGXoHqgsDJdq30kc:+i+j3hM6GVlQMTw4435OhacL/xHsDrl","tlshash":"72d2432994f678b611d381ea5a61075fbe94f913e8af120072bd4fcc4fd2e86ad0351e","size":28824,"data":"","first_seen":"2026-05-04T09:11:30.135658Z","last_seen":"2026-05-04T09:17:28.192149Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"hm.baidu.com/hm.gif?hca=334177BBE2F03CF6\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1402585584\u0026si=044d696169ae7850cd2709b64d8307eb\u0026v=1.3.2\u0026lv=1\u0026sn=52383\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fsc-he.cn%2F\u0026tt=Coinbase%20-%20%E5%AE%89%E5%85%A8%E5%8A%A0%E5%AF%86%E9%92%B1%E5%8C%85%2C%E8%B4%AD%E4%B9%B0%E5%92%8C%E5%87%BA%E5%94%AE%E6%AF%94%E7%89%B9%E5%B8%81%E3%80%81%E4%BB%A5%E5%A4%AA%E5%9D%8A%E5%8F%8A%E5%85%B6%E4%BB%96%E5%8F%AF%E9%9D%A0%E5%B8%81%E7%A7%8D","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sc-he.cn/","date":"2026-05-04T09:11:03.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.gif?hca=334177BBE2F03CF6\u0026cc=1\u0026ck=1\u0026cl=24-bit\u0026ds=1280x1024\u0026vl=1024\u0026et=0\u0026ja=0\u0026ln=en-us\u0026lo=0\u0026rnd=1402585584\u0026si=044d696169ae7850cd2709b64d8307eb\u0026v=1.3.2\u0026lv=1\u0026sn=52383\u0026r=0\u0026ww=1280\u0026u=https%3A%2F%2Fsc-he.cn%2F\u0026tt=Coinbase%20-%20%E5%AE%89%E5%85%A8%E5%8A%A0%E5%AF%86%E9%92%B1%E5%8C%85%2C%E8%B4%AD%E4%B9%B0%E5%92%8C%E5%87%BA%E5%94%AE%E6%AF%94%E7%89%B9%E5%B8%81%E3%80%81%E4%BB%A5%E5%A4%AA%E5%9D%8A%E5%8F%8A%E5%85%B6%E4%BB%96%E5%8F%AF%E9%9D%A0%E5%B8%81%E7%A7%8D HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sc-he.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: private, max-age=0, no-cache\r\nContent-Length: 43\r\nContent-Type: image/gif\r\nDate: Mon, 04 May 2026 09:11:03 GMT\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nPragma: no-cache\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=22D16422816D80B2; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\nX-Content-Type-Options: nosniff\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"ad4b0f606e0f8465bc4c4c170b37e1a3","sha1":"50b30fd5f87c85fe5cba2635cb83316ca71250d7","sha256":"cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda","sha512":"ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910","ssdeep":"","tlshash":"15900003fbc08002c2b2e0300b3b0380238ce2200aa8030b80aeb0acecaa3a20c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-05-04T13:57:51.958127Z","times_seen":346428,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T09:10:59.805Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.sc-he.cn","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 03 May 2026 13:00:00 GMT","end":"Sat, 01 Aug 2026 12:59:59 GMT"},"fingerprint":{"sha1":"A1:E9:3E:C7:89:8D:08:BB:BE:4E:17:C0:3C:0E:E4:82:2A:E8:D1:FB","sha256":"77:C9:4B:D7:04:F5:26:E1:17:90:A4:6A:74:57:48:73:51:C4:0F:47:19:59:59:E1:07:50:ED:2F:30:7E:0D:7B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: sc-he.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 04 May 2026 09:11:00 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 03 May 2026 12:46:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69f743b6-776a\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30570,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with CRLF line terminators","md5":"799b02ae7244028dcc1b2dc250dc0ca6","sha1":"d5b0ec97e2ce4991efa0ecac2a45e93869589845","sha256":"e26ddf3204a214a17254a637cf9541040900cd4bca3257903d856e6ad9c95135","sha512":"77844baeaa41b8ca1767f6e2e1e3d00068f2760c72f1ba138b8eb57977ab4a6b2ae36258d1592aa57b712857056f222f440a66905d904c68012ede2781f15163","ssdeep":"384:3GYAOd0cUks1jHW2+gh89qukM8E+uqYD1g:3uJcC1jHWIh89qUIqD1g","tlshash":"24d2523990d2786a10b3c1ee4a61179ffd94e543e5ee524072ee5bcb4ff2e44ad0341a","first_seen":"2026-05-04T09:11:30.106869Z","last_seen":"2026-05-04T09:17:28.190602Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2351,"timings":{"blocked":1052,"dns":550,"connect":247,"send":0,"wait":247,"receive":0,"ssl":252},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"sc-he.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/css/style.css","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sc-he.cn/","date":"2026-05-04T09:11:01.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.sc-he.cn","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 03 May 2026 13:00:00 GMT","end":"Sat, 01 Aug 2026 12:59:59 GMT"},"fingerprint":{"sha1":"A1:E9:3E:C7:89:8D:08:BB:BE:4E:17:C0:3C:0E:E4:82:2A:E8:D1:FB","sha256":"77:C9:4B:D7:04:F5:26:E1:17:90:A4:6A:74:57:48:73:51:C4:0F:47:19:59:59:E1:07:50:ED:2F:30:7E:0D:7B"}}},"request":{"raw":"GET /css/style.css HTTP/1.1\r\nHost: sc-he.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sc-he.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 04 May 2026 09:11:01 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 03 May 2026 12:47:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69f743fa-36d8\"\r\nexpires: Mon, 04 May 2026 21:11:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14040,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c520ad86ccd44dc5e53534edbfd37a9a","sha1":"65b8f0dd451f433f07a19d61289f9875200f0e98","sha256":"0d0f4dec98d32ec51d6c8e1a0f403d79a99205495f0ece990bc39113d31b25da","sha512":"f2be4568c22f92f88b49a92d9f220feb65260d9dfce875aeb014cea02d330cfb5addfbd8557481481f55d86a7df968998ac7348d9354ceedaa1a703076803cbb","ssdeep":"192:x/C5jtnaYIEUYgQEqqDjXo+WVd1q1Z0eKGwt3jAZpOLOIaj+9QJd10Vj/CiHd8bq:x6RHd2d+B","tlshash":"f952205ce62251a7b137eb7997f66705fb58a0238e0503b97eec62444ff01bc8261e8d","first_seen":"2026-05-04T09:11:30.109392Z","last_seen":"2026-05-04T09:17:28.19141Z","times_seen":2,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"sc-he.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/js/main.js","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sc-he.cn/","date":"2026-05-04T09:11:01.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.sc-he.cn","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 03 May 2026 13:00:00 GMT","end":"Sat, 01 Aug 2026 12:59:59 GMT"},"fingerprint":{"sha1":"A1:E9:3E:C7:89:8D:08:BB:BE:4E:17:C0:3C:0E:E4:82:2A:E8:D1:FB","sha256":"77:C9:4B:D7:04:F5:26:E1:17:90:A4:6A:74:57:48:73:51:C4:0F:47:19:59:59:E1:07:50:ED:2F:30:7E:0D:7B"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: sc-he.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sc-he.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 04 May 2026 09:11:01 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 03 May 2026 12:48:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69f74408-4c1\"\r\nexpires: Mon, 04 May 2026 21:11:01 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1217,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"bca8ec36bd03b47e00c4a3b5bc8078b2","sha1":"ec4fe993ccd7ac236f3936474b8f32f878aef001","sha256":"27c68a741f21a5055377409417abe8fd31c26813526d31a1a707cb4b60d479da","sha512":"5a9eea88e49cc2ec2b76cecc518e579ad242c7b0692a75d93092d13a798171ac3c298353909cd0b576424d0cff8b374a14e7ba51c3f5535bd8ec7e5774ac41c3","ssdeep":"","tlshash":"22218b1b626414714233b3b5d7bb9b49fb3b112b60015a463d5c49882fb18c69df3faa","first_seen":"2026-05-04T09:11:30.116836Z","last_seen":"2026-05-04T09:17:28.187286Z","times_seen":2,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"sc-he.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"hm.baidu.com/hm.js?044d696169ae7850cd2709b64d8307eb","fqdn":"hm.baidu.com","domain":"baidu.com","tld":"com"},"ip":{"addr":"111.45.11.83","port":443,"asn":9808,"as":"China Mobile Communications Group Co., Ltd.","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sc-he.cn/","date":"2026-05-04T09:11:01.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"baidu.com","organization":"Beijing Baidu Netcom Science Technology Co., Ltd"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 09 Jul 2025 07:01:02 GMT","end":"Mon, 10 Aug 2026 07:01:01 GMT"},"fingerprint":{"sha1":"21:BF:66:0D:67:BE:7A:7F:49:48:05:30:F4:7F:09:F2:30:36:CA:63","sha256":"0D:82:2C:9A:90:5A:EF:E9:8F:37:12:C0:E0:26:30:EE:95:33:2C:45:5F:E7:74:5D:F0:8D:BC:79:F4:B0:A1:49"}}},"request":{"raw":"GET /hm.js?044d696169ae7850cd2709b64d8307eb HTTP/1.1\r\nHost: hm.baidu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sc-he.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nCache-Control: max-age=0, must-revalidate\r\nContent-Encoding: gzip\r\nContent-Length: 11287\r\nContent-Type: application/javascript\r\nDate: Mon, 04 May 2026 09:11:02 GMT\r\nEtag: bd360387112201b4ad026725b2995f42\r\nP3p: CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"\r\nServer: apache\r\nSet-Cookie: HMACCOUNT=334177BBE2F03CF6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT\r\nStrict-Transport-Security: max-age=172800\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":29893,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (617)","md5":"71532b3cfbd6666f483fcd86f708c368","sha1":"c03f40b9f081e8e4cd478a21eb9ae4835db16eb9","sha256":"8edb42e2cec749598928054887b5abb1defa22f48d5b382fde39c5a31b1549d6","sha512":"0109d4b79ddb50289a9832204b9ae6c6a196bcdbbbe0fbaeef87fe84cd232404d865b63b1d47a482f1c7656a6a19123896442f288469ccf75efafd71338574e3","ssdeep":"384:FqJSoLMJJTRl6s1JXFVCFI/TayvuodsZPIGm8XaR1JRwvutq1tGdc7M04gRw6:Fq4VJfHgMdvussZPIx82Rwvutcto07v","tlshash":"b0d2d9e9b282713293a324a5153f324af07b5a54bd4968a4f11894c07d38fbb027bfdd","first_seen":"2026-05-04T09:11:30.121885Z","last_seen":"2026-05-04T09:11:30.121885Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2488,"timings":{"blocked":1099,"dns":412,"connect":225,"send":0,"wait":288,"receive":2,"ssl":459},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sc-he.cn/favicon.ico","fqdn":"sc-he.cn","domain":"sc-he.cn","tld":"cn"},"ip":{"addr":"160.202.47.5","port":443,"asn":400619,"as":"AROSS-AS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sc-he.cn/","date":"2026-05-04T09:11:01.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"m.sc-he.cn","organization":""},"issuer":{"commonName":"LiteSSL RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 03 May 2026 13:00:00 GMT","end":"Sat, 01 Aug 2026 12:59:59 GMT"},"fingerprint":{"sha1":"A1:E9:3E:C7:89:8D:08:BB:BE:4E:17:C0:3C:0E:E4:82:2A:E8:D1:FB","sha256":"77:C9:4B:D7:04:F5:26:E1:17:90:A4:6A:74:57:48:73:51:C4:0F:47:19:59:59:E1:07:50:ED:2F:30:7E:0D:7B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: sc-he.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sc-he.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 04 May 2026 09:11:01 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-05-04T14:05:07.66239Z","times_seen":503070,"resource_available":true,"data":null}},"time_used":246,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"sc-he.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}