{"report_id":"5b9ac1d7-b34c-484c-9880-9debf729dd66","version":0,"status":"done","tags":[],"date":"2026-06-17T15:19:11Z","url":{"schema":"http","addr":"exchange16889.work","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":0,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"title":"Trust Exchange","dom":{"size":40934,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9694)","md5":"139fd556a54a9a081a1b7cb3268702c0","sha1":"132d3ce6412fdafc9300c8ca335002c60205cf5e","sha256":"d53b17b9f9d918f8a8c706c4e84d5ca5b9f655465a3e12f0376fcf3e6b8c2efa","sha512":"bbdca9e3129b93266056c5cdd6ba19899424fe185c89cf29fcfca23c04bb95b891d0d529d6d3733efc7b8262cda8e636aa5840ea63b9c77a981f5de8ad95c720","ssdeep":"768:WcE+BT4a7J3h2JJiOuCp9gahw0e/uzHvAVFw:e+BT2RSuzPAo","tlshash":"a20385c09cfc0897106251c6b4aa7f1abadbd972e31a404cb3ff0d566bcbd08591765b","dom_hash":"domhash6d2d8b169488b7d64aaef7817046db52","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"exchange16889.work","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":0,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-22T15:19:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"exchange16889.work","ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-15T11:55:19.728729Z","last_seen":"2026-06-15T11:55:19.728729Z","alert_count":110,"request_count":55,"received_data":1232332,"sent_data":34772,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}]},{"fqdn":"customer.cmksaletservices.work","ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-05-22","domain_rank":0,"first_seen":"2026-06-15T11:55:03.332517Z","last_seen":"2026-06-15T11:55:03.332517Z","alert_count":0,"request_count":24,"received_data":530820,"sent_data":16312,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-06-14T22:40:52.388947Z","alert_count":0,"request_count":1,"received_data":69677,"sent_data":504,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"trustedexchange188.com","ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-15T11:55:03.333626Z","last_seen":"2026-06-15T11:55:03.333626Z","alert_count":0,"request_count":1,"received_data":307,"sent_data":593,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3884b416b2f4a8e99ef30ec300dca877","sha1":"8e251cac006136afc8e6a1a0acd672bdeb22a25b","sha256":"a06e3a49dc82a7769b41dfb0f9e5825da6ddfbcfbced044b62718761db9eac77","sha512":"b8ecdbc7bc92d4e42362cf7e30444adfdf34e0900437a50abf618486fc5cc7437669408378ca77452fd6daf14d354906144ca9d4fe804d74418fcb020359b894","ssdeep":"","tlshash":"b2e0a704cad345aa7c8815c1279b212178848802e0d6d145fa5ee62baf0a04f64f97d9","size":430,"data":"","first_seen":"2026-06-15T11:55:09.779083Z","last_seen":"2026-06-17T18:01:05.965301Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37e9cccf26de97dcf275c3708f0b5206","sha1":"bb92cd6bbdadb0c1e533f36b119925b8eba6547f","sha256":"b2bf9a5358c2f563454e42a7cbb3438b01d5e07794dce377d15b93b4eb627504","sha512":"0dcb64a23e48c21e84caa1b9c745bb6665f2318cac4a700fb82aa125eca82b6dee7513debbb581cbf0f5eb6ea1a96625d24a3a521429d1995f45b8069d0a83e1","ssdeep":"","tlshash":"8321a2da80d5530999b728969b8b2a01312394b704cc9007be2cf2691f4a31f5acbfde","size":1247,"data":"","first_seen":"2026-06-15T11:55:09.779963Z","last_seen":"2026-06-17T18:01:05.965824Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"42cb60c6132fff48b24d4c9a3b8601a2","sha1":"7eb1227db54124d92802d8d17ee6aae7fe61535d","sha256":"4c69972c864964a0cdc6049e3042426395dbfcb359f30020041259f894ab9a5f","sha512":"c20f35c1fa07907af74e7680666891bd23573df96f05cf9007b9cbe7e56c3756b2f99f90ebe6c44dca2b9b6528547f3fa465a48e786adf51057959df0dcae258","ssdeep":"","tlshash":"c82110c8f34caa0e987216761aae10cb382c5437f958cc26fb2d78383f5b70c491996d","size":1433,"data":"","first_seen":"2026-06-15T11:55:09.781442Z","last_seen":"2026-06-17T18:01:05.967188Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"984c0912ff616360a371707be2914eeb","sha1":"9166ea5519626bada2255d890f5395b542b2b1c6","sha256":"cd0e70c97c5f036ad981e4207a702d77c756bd3f09eccffe03783632563f1e4d","sha512":"237c731c605fac9f626caeaa9bb200bd73d092bdfb715a4e4039627b5018aac57fccf1995a8121ba79a230413e1d272869685f7610a284f47df9cc00e958d955","ssdeep":"","tlshash":"05c001a551a62a3b001a21920a58a605041a09574a1abc3f3b5e13a46f5c21ef1b7959","size":137,"data":"","first_seen":"2026-06-15T11:55:09.782235Z","last_seen":"2026-06-17T18:01:05.96798Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/i5scroll.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"229ae241044a0a16861b8583b4435079","sha1":"8051376b7ff4f9eb4c40389985ceed910bd8a868","sha256":"00323fb404aa8d1151ba1d3842ace6e1b7dfd723faa7b0402c20bcbd7d93e59a","sha512":"edafd940bd292208de80d57343ef7dba5360bc21f5dd691f24b13d167b15b3f5529bae2735c1d2c67fb23de10ea4b907f7adf371db7d150724a2ee5d1ef82cc5","ssdeep":"","tlshash":"cc3167c47000b636859620b271ab56d9f3398ad7346d881174beb189bd1cdb50d2fda4","size":1779,"data":"","first_seen":"2025-02-26T18:00:22.707066Z","last_seen":"2026-06-20T16:22:07.780429Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/element.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"784379625afe1516f69075a78007e7bf","sha1":"4eca1e2bd313d46ddcf113095074da797b145aa6","sha256":"763c30063a00b2698ab3aa17948b5008a33d477fd7dfd45f11f3d4a49e29b73c","sha512":"f08d8e5c3c091ca2a0f00109cc55dcf9a7ce055996f1fd2d6cc2f7b414e533c0b8356fb5bd3ec7eea1692e5aa56d2be0465465f60479f3eb2afb783cec3ca87a","ssdeep":"192:nZKp8KKtRtwFC2q6IsTPJB91RGRtX9uEUn0Gs:nZltcF+6IsTP5ONN","tlshash":"bfe19518b05236f73197b5d143bfa21da03f4636e70246ac3066d4ba09bbd891673f9b","size":7264,"data":"","first_seen":"2023-03-07T13:00:48Z","last_seen":"2026-06-20T16:22:07.812098Z","times_seen":269,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3884b416b2f4a8e99ef30ec300dca877","sha1":"8e251cac006136afc8e6a1a0acd672bdeb22a25b","sha256":"a06e3a49dc82a7769b41dfb0f9e5825da6ddfbcfbced044b62718761db9eac77","sha512":"b8ecdbc7bc92d4e42362cf7e30444adfdf34e0900437a50abf618486fc5cc7437669408378ca77452fd6daf14d354906144ca9d4fe804d74418fcb020359b894","ssdeep":"","tlshash":"b2e0a704cad345aa7c8815c1279b212178848802e0d6d145fa5ee62baf0a04f64f97d9","size":430,"data":"","first_seen":"2026-06-15T11:55:09.779083Z","last_seen":"2026-06-17T18:01:05.965301Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37e9cccf26de97dcf275c3708f0b5206","sha1":"bb92cd6bbdadb0c1e533f36b119925b8eba6547f","sha256":"b2bf9a5358c2f563454e42a7cbb3438b01d5e07794dce377d15b93b4eb627504","sha512":"0dcb64a23e48c21e84caa1b9c745bb6665f2318cac4a700fb82aa125eca82b6dee7513debbb581cbf0f5eb6ea1a96625d24a3a521429d1995f45b8069d0a83e1","ssdeep":"","tlshash":"8321a2da80d5530999b728969b8b2a01312394b704cc9007be2cf2691f4a31f5acbfde","size":1247,"data":"","first_seen":"2026-06-15T11:55:09.779963Z","last_seen":"2026-06-17T18:01:05.965824Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"42cb60c6132fff48b24d4c9a3b8601a2","sha1":"7eb1227db54124d92802d8d17ee6aae7fe61535d","sha256":"4c69972c864964a0cdc6049e3042426395dbfcb359f30020041259f894ab9a5f","sha512":"c20f35c1fa07907af74e7680666891bd23573df96f05cf9007b9cbe7e56c3756b2f99f90ebe6c44dca2b9b6528547f3fa465a48e786adf51057959df0dcae258","ssdeep":"","tlshash":"c82110c8f34caa0e987216761aae10cb382c5437f958cc26fb2d78383f5b70c491996d","size":1433,"data":"","first_seen":"2026-06-15T11:55:09.781442Z","last_seen":"2026-06-17T18:01:05.967188Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"984c0912ff616360a371707be2914eeb","sha1":"9166ea5519626bada2255d890f5395b542b2b1c6","sha256":"cd0e70c97c5f036ad981e4207a702d77c756bd3f09eccffe03783632563f1e4d","sha512":"237c731c605fac9f626caeaa9bb200bd73d092bdfb715a4e4039627b5018aac57fccf1995a8121ba79a230413e1d272869685f7610a284f47df9cc00e958d955","ssdeep":"","tlshash":"05c001a551a62a3b001a21920a58a605041a09574a1abc3f3b5e13a46f5c21ef1b7959","size":137,"data":"","first_seen":"2026-06-15T11:55:09.782235Z","last_seen":"2026-06-17T18:01:05.96798Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/index/index/chatBoxJs/u/5c6cbcb7d55ca","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9ca612daef9b6e996a1c5ad4d881009","sha1":"e6759b991c21ff1d0a708489c87c9bd32b6fbd4e","sha256":"445f32836ebfb3bbddaab3b10b51c10002f87697a6fae7e3c763971a64fe3c77","sha512":"3b332838698f69255a6a3a54aba91a5c768122d986afd1e5e3db72d5501c1482bd533f64263e91ada0cb91b37977e8e8de475cd14686375d7717b9e88b40cf6f","ssdeep":"192:nq4l+/PCFTZA1JZ1ldN+NGG6IEixCrpZ0izLU5SVimGs9KhfI0aZFzHRsdryTZrZ:LXFaJZ1ldNtG6DixmRjN7tHQ0T8Vsx","tlshash":"8662a6915ab70d6d111a935e3fdf76043f21c013c60ae829bedc86d99fc58f84161bae","size":15878,"data":"","first_seen":"2026-06-17T15:19:17.530876Z","last_seen":"2026-06-17T15:19:17.530876Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3884b416b2f4a8e99ef30ec300dca877","sha1":"8e251cac006136afc8e6a1a0acd672bdeb22a25b","sha256":"a06e3a49dc82a7769b41dfb0f9e5825da6ddfbcfbced044b62718761db9eac77","sha512":"b8ecdbc7bc92d4e42362cf7e30444adfdf34e0900437a50abf618486fc5cc7437669408378ca77452fd6daf14d354906144ca9d4fe804d74418fcb020359b894","ssdeep":"","tlshash":"b2e0a704cad345aa7c8815c1279b212178848802e0d6d145fa5ee62baf0a04f64f97d9","size":430,"data":"","first_seen":"2026-06-15T11:55:09.779083Z","last_seen":"2026-06-17T18:01:05.965301Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37e9cccf26de97dcf275c3708f0b5206","sha1":"bb92cd6bbdadb0c1e533f36b119925b8eba6547f","sha256":"b2bf9a5358c2f563454e42a7cbb3438b01d5e07794dce377d15b93b4eb627504","sha512":"0dcb64a23e48c21e84caa1b9c745bb6665f2318cac4a700fb82aa125eca82b6dee7513debbb581cbf0f5eb6ea1a96625d24a3a521429d1995f45b8069d0a83e1","ssdeep":"","tlshash":"8321a2da80d5530999b728969b8b2a01312394b704cc9007be2cf2691f4a31f5acbfde","size":1247,"data":"","first_seen":"2026-06-15T11:55:09.779963Z","last_seen":"2026-06-17T18:01:05.965824Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"42cb60c6132fff48b24d4c9a3b8601a2","sha1":"7eb1227db54124d92802d8d17ee6aae7fe61535d","sha256":"4c69972c864964a0cdc6049e3042426395dbfcb359f30020041259f894ab9a5f","sha512":"c20f35c1fa07907af74e7680666891bd23573df96f05cf9007b9cbe7e56c3756b2f99f90ebe6c44dca2b9b6528547f3fa465a48e786adf51057959df0dcae258","ssdeep":"","tlshash":"c82110c8f34caa0e987216761aae10cb382c5437f958cc26fb2d78383f5b70c491996d","size":1433,"data":"","first_seen":"2026-06-15T11:55:09.781442Z","last_seen":"2026-06-17T18:01:05.967188Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"984c0912ff616360a371707be2914eeb","sha1":"9166ea5519626bada2255d890f5395b542b2b1c6","sha256":"cd0e70c97c5f036ad981e4207a702d77c756bd3f09eccffe03783632563f1e4d","sha512":"237c731c605fac9f626caeaa9bb200bd73d092bdfb715a4e4039627b5018aac57fccf1995a8121ba79a230413e1d272869685f7610a284f47df9cc00e958d955","ssdeep":"","tlshash":"05c001a551a62a3b001a21920a58a605041a09574a1abc3f3b5e13a46f5c21ef1b7959","size":137,"data":"","first_seen":"2026-06-15T11:55:09.782235Z","last_seen":"2026-06-17T18:01:05.96798Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3884b416b2f4a8e99ef30ec300dca877","sha1":"8e251cac006136afc8e6a1a0acd672bdeb22a25b","sha256":"a06e3a49dc82a7769b41dfb0f9e5825da6ddfbcfbced044b62718761db9eac77","sha512":"b8ecdbc7bc92d4e42362cf7e30444adfdf34e0900437a50abf618486fc5cc7437669408378ca77452fd6daf14d354906144ca9d4fe804d74418fcb020359b894","ssdeep":"","tlshash":"b2e0a704cad345aa7c8815c1279b212178848802e0d6d145fa5ee62baf0a04f64f97d9","size":430,"data":"","first_seen":"2026-06-15T11:55:09.779083Z","last_seen":"2026-06-17T18:01:05.965301Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37e9cccf26de97dcf275c3708f0b5206","sha1":"bb92cd6bbdadb0c1e533f36b119925b8eba6547f","sha256":"b2bf9a5358c2f563454e42a7cbb3438b01d5e07794dce377d15b93b4eb627504","sha512":"0dcb64a23e48c21e84caa1b9c745bb6665f2318cac4a700fb82aa125eca82b6dee7513debbb581cbf0f5eb6ea1a96625d24a3a521429d1995f45b8069d0a83e1","ssdeep":"","tlshash":"8321a2da80d5530999b728969b8b2a01312394b704cc9007be2cf2691f4a31f5acbfde","size":1247,"data":"","first_seen":"2026-06-15T11:55:09.779963Z","last_seen":"2026-06-17T18:01:05.965824Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"42cb60c6132fff48b24d4c9a3b8601a2","sha1":"7eb1227db54124d92802d8d17ee6aae7fe61535d","sha256":"4c69972c864964a0cdc6049e3042426395dbfcb359f30020041259f894ab9a5f","sha512":"c20f35c1fa07907af74e7680666891bd23573df96f05cf9007b9cbe7e56c3756b2f99f90ebe6c44dca2b9b6528547f3fa465a48e786adf51057959df0dcae258","ssdeep":"","tlshash":"c82110c8f34caa0e987216761aae10cb382c5437f958cc26fb2d78383f5b70c491996d","size":1433,"data":"","first_seen":"2026-06-15T11:55:09.781442Z","last_seen":"2026-06-17T18:01:05.967188Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"984c0912ff616360a371707be2914eeb","sha1":"9166ea5519626bada2255d890f5395b542b2b1c6","sha256":"cd0e70c97c5f036ad981e4207a702d77c756bd3f09eccffe03783632563f1e4d","sha512":"237c731c605fac9f626caeaa9bb200bd73d092bdfb715a4e4039627b5018aac57fccf1995a8121ba79a230413e1d272869685f7610a284f47df9cc00e958d955","ssdeep":"","tlshash":"05c001a551a62a3b001a21920a58a605041a09574a1abc3f3b5e13a46f5c21ef1b7959","size":137,"data":"","first_seen":"2026-06-15T11:55:09.782235Z","last_seen":"2026-06-17T18:01:05.96798Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/slider.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c35742db2e72cd4f30cefa23690ecf5","sha1":"b50d4268f547cefd984c069d276c956feef395e8","sha256":"2fdaaa9935b2d19fb54e0798e6e42fc3528d1b2772b46b9aa8731b1ab6947609","sha512":"44d0ab3649b35cec891738e6eb4f28d1857fcb900e2369b9395ea54854717108268c8ce729591923fb094cfe1b34dc0f9b2e9bf35b17b77f34c479ef80deb391","ssdeep":"192:z8Syuw2bmz0DLKypMjYXVp5D8IlM/eq9zwtyd4UduKN:z1yuw2UOPSBMj8/","tlshash":"53e19615314ab5732172c263b59fc84eb2f20779b303c564a6a540a51ebece82b37f63","size":7091,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.771646Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/carousel.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f4b94959b4b5ad34cdc1dd2c12a6bd1c","sha1":"303a72c6380c4277062e85eac689d1dc5ebc60df","sha256":"ec7b67ac49f660eae790c97c9e47fd86973a01478947c603f458667fb322351c","sha512":"b4d24dd32769ad42ed0d4e7b61b80c0ef9f41e9d001a48f5bfd3a328e58e715724a2df8bb97e8078e6b1fc44be5ede4b53233f987578eaf9f3d6e0a3ec936831","ssdeep":"","tlshash":"d7811181775f386741972453935f4c0896b719ba9b06d054f2a264fa6dfbc88223eb0f","size":3862,"data":"","first_seen":"2023-03-10T09:41:51Z","last_seen":"2026-06-20T16:22:07.837271Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/whisper.io.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd3f07764a4c22802d8f1239712aa0a0","sha1":"e2f406fd6868f6f63005ff001df966d61bc32d51","sha256":"f21a092cbe2a6b5a4a9a8730c810b00d5de492f1c69fa3bdd8600b65b00ffad8","sha512":"c9cf119e4a2be75201f922bb7022247965ec2cac8683e261401f009ce29c4454eeb8c043382e941022f24bf8ddcd1f1b18f5ebbd7347e8c922e99eb688508d65","ssdeep":"192:TgvI3y5lyVf1PGQ4vIcf+901E1Mc2bFIUp1jnyEhjxNpA6Q9iUQe:XCr1F+21E1r2JvvjnFNxNpA5","tlshash":"523241287de71857c21370aa9b9b70286174d147958ace007d2cd7ae2ff8730539afad","size":11464,"data":"","first_seen":"2026-06-15T11:55:09.765011Z","last_seen":"2026-06-17T18:01:05.954943Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/index/d3.v4.min.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e899651bcf1a3591032d7213daeab171","sha1":"607e02087446eb2efadcbee253db3aca3d794a7b","sha256":"8585db4092b8a9d26201e0d58e343d1b40fa034c4b9c343878923d7649bb1699","sha512":"44927534d0bcf1084deddc29098f2b9bfe8ec48f987503f8f03acb19efde48077e9feb353d7c10924a73cc082825ee1c6455b61802d0a31a31eb5812636c907e","ssdeep":"1536:wJdNAq50g6ds5VIG2pUfpgBU3gPDSb7+CmeoA08h6Vh5Lbg5ECfmDoo5rfIrTGE9:wrN3F2pHSYlyLG1sVAupFmuFyiI7R6","tlshash":"092494ccb682b096936320b0417f244bf33b2d59684f4568e029e9d97c7895e51bbfbc","size":221957,"data":"","first_seen":"2023-03-07T21:28:45Z","last_seen":"2026-06-19T13:36:10.06024Z","times_seen":433,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/jqueryWeui/jquery-weui.min.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c7bcbbeb838eabe8801befbb54f177c","sha1":"2c486e904bebe49b0bcea8e5d0b019533699a7a2","sha256":"e07b9a34158e94ba73df9e89768dce0e2846c984635a6fd4c4d7539c822b6bce","sha512":"dc5a2a219f4f7b3a29da600600c4666c18d0a9c3f77e256e3222387976b779cae0adaba0adfc72fb3991730c7a34b3f390fcbcf47977ca316fc5d94ca6de1f16","ssdeep":"1536:beyBPd2XiZAazT8DOCOB/j2kNleVRrI5CVam9P:beyBFTZZzfNleVRrI5C1","tlshash":"2d83f68e7651b63253f7217881af02052233a926644754a8b96ce8d51efcc4da3bff7c","size":84329,"data":"","first_seen":"2023-06-17T21:56:24Z","last_seen":"2026-06-17T18:01:05.958822Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/customer/js/whisper.cli.io.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d7c4e246b0c9be4ebc6eb8bf68d95362","sha1":"585de1b523016dfa50dac830de72926b31fe4f3e","sha256":"f6caa0a9dd763cd2ebaa79f09b291c5281e0eccf998bc0c27408fd0860aac635","sha512":"7404acff6c778a376af7048b5a6dcbbd26219b6acad7b4b5803cbb105e09c1f68c89a709cabea9e2f47b7b30de3cbe05fbb2269b53e60077c65cc1e2828c3f14","ssdeep":"768:W/SI3zn26FYeDQ8iajwVy0w6VZaRhZRIpW:W/Ssn3FYeDQ8iajOt2hnqW","tlshash":"79f2530ca5f72420517330b96f9fa414ad26902b150dee14be5c9bc4afd89bca2e1fd9","size":36054,"data":"","first_seen":"2026-06-15T11:55:09.713716Z","last_seen":"2026-06-17T18:01:05.913675Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/layui.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9328fba9720a5a8444146e458ec6d1a","sha1":"c70b26c4fbaaf89c8ceed3df16baa2aadc1a26e3","sha256":"a25d71fd2f5fc0c05e62dbdabd1a1fe3191ec0a90a03d546a9527355fc8e2ac6","sha512":"65271016f1a6cf6fef6d42940399aa6155d67cd4e46789f3b2e18655dbe72bad69ff41a59f8b8f2cade733e2c6f832ca5a2fa4b6a56f9ccde1174bcdf2938d31","ssdeep":"96:s3y+aD48Dsp21ORbCkShS60OGeRr7UHL+XsqUuN8x70Acgc:yytDXo6VRKKXjU+8x7SR","tlshash":"5ad1c69cfab27092477f3165766f801ea7bb40ad285c4490e1cad8e52c72cad4377f58","size":6667,"data":"","first_seen":"2023-03-07T12:58:51Z","last_seen":"2026-06-17T18:01:05.912448Z","times_seen":383,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/layui.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"055cb5361d0dadf75de67f6875def943","sha1":"97ddce827fedb8869a9d0248a16b70c14da2a8ec","sha256":"91ffac1a9d64f3dae4e8091b4feea25981e750d279cb71491b25dc24b33ecaf2","sha512":"3c074594a667484aa78b2227f834c4bebab07a6b4bd795f94570d3e3da911aa48275e13c54e1c6848cd2ec1fbb2bad5cb104e9a6bc1f71c967e93dfde62aa9b2","ssdeep":"192:TDTGeNtb7/j9Eg3JMunJYJjdlrr1+p8XqlPBOTXLLRUweK:TDTGeNtHj9Eg3JMunOJjdlP1+K6Pw7Lz","tlshash":"c7e1a898b5b27452473b306572af901ea67b44ad284c8090d1ced9e63cb6cbe4377f9c","size":7395,"data":"","first_seen":"2023-03-07T01:06:15Z","last_seen":"2026-06-20T16:22:07.769482Z","times_seen":542,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/iosapp.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c2f59781d7868eff1bed99be0478af8","sha1":"d8bd7c15428c99cdbb38795df05438471953ba6e","sha256":"b16d7795b265d380540612bfed9739a90fb46aade4228c670fc8d17abce9adaf","sha512":"2e979baf0d2f94e91eef9665df48555ab4dcf4e7b8bc149465ec25d9e09a07dd625edf0750a6f9d7e47f64162f8099663c7986c4a4840948b177237581b4ff6b","ssdeep":"","tlshash":"c94132999a9d683919d3b42d1a3fb15c72333aa5a4428110bc0fbf943b34a4a162db98","size":2054,"data":"","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.767243Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/jquery.cookies.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"de952eda41b0edc0b5c416ee48f7028e","sha1":"dc07de882ab68370534fbf9440ac7b8c068695a7","sha256":"631ea2bc942c1791920270ba02eef37774aa10db3994b4936a2b5f891a970ff7","sha512":"674fd3c9db480ecf8680822131fc80f904ddfb3907a1033ae9ce06019a87ac6f9eb6d6535e6aba0ee0b601d039d55da7e7cd247a67db5cf7bbcb8408116a03d1","ssdeep":"","tlshash":"1b516554b6cc375f07ab22416b6f50aca63cbf72255808dc885965f82c60c37db9bd2a","size":3139,"data":"","first_seen":"2023-03-07T12:09:28Z","last_seen":"2026-06-20T16:22:07.834925Z","times_seen":2853,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/form.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a55a0aaf3d84264e3373f58f347a18fb","sha1":"921760fdababb5639192c73866c1b3b5f2ca0644","sha256":"03315f4a8fa90d66f3115d686bcb50d9356136607f92edbc9c59d4f27090a0f3","sha512":"7295dd0874606a2605b16a49ca696bfe305e16d769a7d037cfba0e074591e4def8dea94e4157cbd7c52e85e8de4ae496155c0af6d21b00943ba04ab6164edc13","ssdeep":"192:7U7m+EjWnSTmyANS4B7R6EoHv9w5iaHe16GL:7U7msqmHBV6LP9yiaH6n","tlshash":"1312a319715135e2367b60a1405f981ba0bf4635ab09c8947093d4f92ebec9493f3faf","size":9591,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.802748Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/jquery.min.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"f9c7afd05729f10f55b689f36bb20172","sha1":"43dc554608df885a59ddeece1598c6ace434d747","sha256":"f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c","sha512":"3dcae1ff6e98c64e3586be3eb14dd486c51f7d4e9fa1b8f9a628be4fbb6a9ab562f31f9b50e16d2e0c72b942bdbe84eee8e0ef87fa730db1428b199a59d88232","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrJ:++414Jiz6fh6lTqya98HrJ","tlshash":"ca83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84345,"data":"","first_seen":"2023-03-07T01:06:48Z","last_seen":"2026-06-20T11:43:37.203378Z","times_seen":25306,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/lay/modules/upload.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8b670942bffbc1a655a2f7c8756a5e07","sha1":"e7d280a54e16ef6a20e24c5b07d741990fd1fcee","sha256":"6d3798f3329ff1ed18a541200a93d70c593877b0be9c17de760078495fab9f18","sha512":"5d77c10d92421f529b460faf5ea0bec6fb3896100c4795623d285c78695bb29f2b9854414ffa1053d5b434613e028d6c5a30653227310c07dac535b2f6c77021","ssdeep":"96:yjcpeth5uITLksYbox16qpR40xBggngZXgx9ugHFS36ZuCM3ga+jhSzZ5IOg:yV51NPxs84cgRgTdkyi3gP42","tlshash":"dee1a59ab908b82361b330e5014f420d257f055f550ac6c8b193d5caaebed1a11a3ffd","size":6971,"data":"","first_seen":"2023-03-09T22:19:33Z","last_seen":"2026-06-17T18:01:05.914328Z","times_seen":47,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3884b416b2f4a8e99ef30ec300dca877","sha1":"8e251cac006136afc8e6a1a0acd672bdeb22a25b","sha256":"a06e3a49dc82a7769b41dfb0f9e5825da6ddfbcfbced044b62718761db9eac77","sha512":"b8ecdbc7bc92d4e42362cf7e30444adfdf34e0900437a50abf618486fc5cc7437669408378ca77452fd6daf14d354906144ca9d4fe804d74418fcb020359b894","ssdeep":"","tlshash":"b2e0a704cad345aa7c8815c1279b212178848802e0d6d145fa5ee62baf0a04f64f97d9","size":430,"data":"","first_seen":"2026-06-15T11:55:09.779083Z","last_seen":"2026-06-17T18:01:05.965301Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37e9cccf26de97dcf275c3708f0b5206","sha1":"bb92cd6bbdadb0c1e533f36b119925b8eba6547f","sha256":"b2bf9a5358c2f563454e42a7cbb3438b01d5e07794dce377d15b93b4eb627504","sha512":"0dcb64a23e48c21e84caa1b9c745bb6665f2318cac4a700fb82aa125eca82b6dee7513debbb581cbf0f5eb6ea1a96625d24a3a521429d1995f45b8069d0a83e1","ssdeep":"","tlshash":"8321a2da80d5530999b728969b8b2a01312394b704cc9007be2cf2691f4a31f5acbfde","size":1247,"data":"","first_seen":"2026-06-15T11:55:09.779963Z","last_seen":"2026-06-17T18:01:05.965824Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"42cb60c6132fff48b24d4c9a3b8601a2","sha1":"7eb1227db54124d92802d8d17ee6aae7fe61535d","sha256":"4c69972c864964a0cdc6049e3042426395dbfcb359f30020041259f894ab9a5f","sha512":"c20f35c1fa07907af74e7680666891bd23573df96f05cf9007b9cbe7e56c3756b2f99f90ebe6c44dca2b9b6528547f3fa465a48e786adf51057959df0dcae258","ssdeep":"","tlshash":"c82110c8f34caa0e987216761aae10cb382c5437f958cc26fb2d78383f5b70c491996d","size":1433,"data":"","first_seen":"2026-06-15T11:55:09.781442Z","last_seen":"2026-06-17T18:01:05.967188Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"984c0912ff616360a371707be2914eeb","sha1":"9166ea5519626bada2255d890f5395b542b2b1c6","sha256":"cd0e70c97c5f036ad981e4207a702d77c756bd3f09eccffe03783632563f1e4d","sha512":"237c731c605fac9f626caeaa9bb200bd73d092bdfb715a4e4039627b5018aac57fccf1995a8121ba79a230413e1d272869685f7610a284f47df9cc00e958d955","ssdeep":"","tlshash":"05c001a551a62a3b001a21920a58a605041a09574a1abc3f3b5e13a46f5c21ef1b7959","size":137,"data":"","first_seen":"2026-06-15T11:55:09.782235Z","last_seen":"2026-06-17T18:01:05.96798Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/lang/en-us.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"26fd80f238136ab70ac2545308240972","sha1":"9c53209dece13d2ea508801018e17a48ab20ec52","sha256":"4bc90ecaf4541f9f71e04744f90b02ec404ddb22aab1dac753d96e171e1c1185","sha512":"efb3db97c63e2cd7d447f8337e3b29c7cf369b261eadab75aa887d196feb57c4e44d0f1f2a96fb82190673acddb1c8735221617f1d6d1e4c119dbf4b5c0cd10d","ssdeep":"","tlshash":"87115c55520c9494050694cb76a716c5df8540770981768ab7dd81dc7f8bc2be2f7189","size":970,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.838233Z","times_seen":116,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/clipboard.min.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa7c9d74f567a8877522f816d7c387cc","sha1":"d79bfe29e732477cb27598dedff9495ddc05f390","sha256":"6717dbf025d81f537cc639903fb560e01912c0467e8da579fcdf92c6f58f7a65","sha512":"da4a20fae935b42cb957a322479c0e779835b37291c6ac8cb41f300dde796847897f788e849ff6153a32004cff087615d37f9f2cb8aa5751cdb1b8bab2534b16","ssdeep":"192:q0Z14dOk1XSHkKpI/230xlH3G4Ly9+vxo53CoD87JxKllkvc363Pw/3JyUZu5MpL:HZCQfI/wsXCz3rbllC3P83JVu5/Gz","tlshash":"6122a68cb29071b156eb50ba802f420fb271c42db06e40a8b21de8f56c7de9d4627f3d","size":10111,"data":"","first_seen":"2023-04-08T01:19:22Z","last_seen":"2026-06-20T16:22:07.787084Z","times_seen":2204,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/websocket.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a89fe0ff2c76d604b4d0bd1eb1557e36","sha1":"77c1355bc7ad8dba444484d341ae32716760712c","sha256":"53a8d029476aafcb243cec953e522204b1af1231339ae75822dc63274877f8d9","sha512":"be671e254800bcdc163945abe3203d59e47637721e40b3f6d16e06223ffcd5e527ccd3de59f6283539261ca9311081a04fda89059307946cd7bf6255fc7866a0","ssdeep":"192:EHjrXg7hWXwwQbdUFdMea3JiMF0Cl3Loa5fFwy4HrwIIgUdjAN:EDrQ0XXQKMxiMF0Cl3LoaILEWNN","tlshash":"237262a0f7ac151f40f6142d849c55c46bec8572cba849e7babca6d00748f1e146bdbf","size":16053,"data":"","first_seen":"2026-06-15T11:55:09.763973Z","last_seen":"2026-06-17T18:01:05.896266Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/layer.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ffd5603784dbfeef189498c1a705c15","sha1":"983f2308aab1a1addad5be4f1c49099f5dd589cc","sha256":"2aa83aee413f9b91a2dcc536cfd6acd6e44b3fcdb59c26586e32d083396a8db5","sha512":"76d0b3952e17783ab3b597d0db1f734bf7b933ef8ff316c8107f5192f1ecf318c3f11c9ba10a4d15063b26cbb32133af7581070d7c782ebbbcd6580cfd21545a","ssdeep":"384:619Cih92A3igTLXSt/SdMrXqE6K+LxzAOTElH0jjhtjfs8:614iV3iaWtXIKiF13k8","tlshash":"b4a2b66a754034976323906ad11fba0b31f21d24d7078128f22ba4be1dbcd95a2b7f5f","size":22041,"data":"","first_seen":"2023-03-07T01:06:17Z","last_seen":"2026-06-20T16:22:07.807463Z","times_seen":435,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/jquery-3.4.1/jquery-3.4.1.min.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"220afd743d9e9643852e31a135a9f3ae","sha1":"88523924351bac0b5d560fe0c5781e2556e7693d","sha256":"0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a","sha512":"6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"338319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","size":88145,"data":"","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-06-20T16:22:07.774055Z","times_seen":134317,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/script.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"99b78165e73f08d1d0cfe114c0b4e7ad","sha1":"9f86c5f286135ac0bd6cf41eea0665e9846d0299","sha256":"d75bfccbf03a6192177e4fbe194370f0353b54034f1f3f92c7c77644a6988adb","sha512":"03b5565199a5e351f87092647db5f130d086635d785a4dcf6a9cb1bc79203b1c406dbde9f917515d85b37bb603e4ae83547f3574147da1dcdf7eea34143be53d","ssdeep":"96:kZFU4qA8jt8jpTbso663tYoxNkwhqGuLK9jtnnt5/Avx3CB0QPiU1QzGwfg3:kZNijujN0uYoxNkwwGuLK9jtnnt6vpCP","tlshash":"a0c19318f01c361a927931394c8f4069a03d89691b0f8495f47daea42f3473f4eafeda","size":5985,"data":"","first_seen":"2026-06-15T11:55:09.742084Z","last_seen":"2026-06-17T18:01:05.899059Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/lay/modules/layer.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"68ff582d8490c48ccb5576ea27a35c8d","sha1":"14fd59adc3cc3708330498bba5263ea92bda9e61","sha256":"1d1f8f74389d9906bef9d17514d9a44f8c650a9ed9246df3222311770dc3976c","sha512":"a42cab904d035d75ff590778070c423ec3d5126dc41a74673a0cacf60da943a523c969f15fa4f9822b4442aa7279f60b0b1a404222d2199738d20d14438b7765","ssdeep":"384:o19Cih92A3igTLXSt/SdMrXqE6K+LxzAOTElH0jjhtjfs8:o14iV3iaWtXIKiF13k8","tlshash":"00a2b66a754034976323906ad11fba0b31f21d24d7078128f22ba4be1dbcd95a2b7f5f","size":22041,"data":"","first_seen":"2023-03-07T12:58:51Z","last_seen":"2026-06-17T18:01:05.919378Z","times_seen":259,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/index/index.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0dcd53515a6992b2222ee4d9f4a3e682","sha1":"0aa981db906694ccb7650bd5defc855bf01a2f18","sha256":"4cf6b72d4faa38b5a6d0500c798cdabeb6a4f241d34d0612bbc6c328773cdca0","sha512":"795e3c8e0b69f8875b02c8ab820c1eadea220864ae64192e419ef354898b01684fbc71b54a49bbbd344e5bb090c96999459eb5df90e5be998791a2072b5509f9","ssdeep":"48:4NHsJYS7AEGyUjmHAuEZBnZBJOt9dxGiKsu5RtpmJpZzPDvuli+hIg:mHsJ/oQARZJZTADoPtpI3v4ikIg","tlshash":"88915606e4e314536e23909a8feb4005a1adc033d20acc4dbb9ed69e2f5c9ac5555ede","size":4625,"data":"","first_seen":"2025-02-26T18:00:22.704148Z","last_seen":"2026-06-20T16:22:07.840115Z","times_seen":38,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"403cca2b2f8330bdb133e5dd3426abc9","sha1":"a525aa567e8f07235b3222e0b7d506bed6928334","sha256":"b9c3136768e11c3f9f81bfbe14c38bd67b638e9fa3182bdf454e74d10a9a28f2","sha512":"552e80dfc6ce9a5df0dbed7158dc430e46d80f1a5abdd7fbdabbf917e8fe7bf3aaf04c80376b4ab485231373fd09c2121df51820186d9a9bd4afc701f88cd1ae","ssdeep":"","tlshash":"6ee0209480474052075509154b4ff291310388770781c400b74c92f59fe1bbf9286ed9","size":355,"data":"","first_seen":"2026-06-15T11:55:05.889084Z","last_seen":"2026-06-20T16:22:07.841589Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3884b416b2f4a8e99ef30ec300dca877","sha1":"8e251cac006136afc8e6a1a0acd672bdeb22a25b","sha256":"a06e3a49dc82a7769b41dfb0f9e5825da6ddfbcfbced044b62718761db9eac77","sha512":"b8ecdbc7bc92d4e42362cf7e30444adfdf34e0900437a50abf618486fc5cc7437669408378ca77452fd6daf14d354906144ca9d4fe804d74418fcb020359b894","ssdeep":"","tlshash":"b2e0a704cad345aa7c8815c1279b212178848802e0d6d145fa5ee62baf0a04f64f97d9","size":430,"data":"","first_seen":"2026-06-15T11:55:09.779083Z","last_seen":"2026-06-17T18:01:05.965301Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"37e9cccf26de97dcf275c3708f0b5206","sha1":"bb92cd6bbdadb0c1e533f36b119925b8eba6547f","sha256":"b2bf9a5358c2f563454e42a7cbb3438b01d5e07794dce377d15b93b4eb627504","sha512":"0dcb64a23e48c21e84caa1b9c745bb6665f2318cac4a700fb82aa125eca82b6dee7513debbb581cbf0f5eb6ea1a96625d24a3a521429d1995f45b8069d0a83e1","ssdeep":"","tlshash":"8321a2da80d5530999b728969b8b2a01312394b704cc9007be2cf2691f4a31f5acbfde","size":1247,"data":"","first_seen":"2026-06-15T11:55:09.779963Z","last_seen":"2026-06-17T18:01:05.965824Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b079015879110e8d38fbde163d145292","sha1":"c38f410062f607117a5cb1de8cbc1d6673aa9210","sha256":"acd5895bd78407e9ea93750a80a9c12ae0d5d0609809a4861dab028f128597a4","sha512":"a0006071d2bb6658c336f092a73160f967a13f74d75f07bbd0269b218e7f4fa24dc76a602377f1747cdc0908f035f99ee85a16ea7dec4e7cb63b920dd11eba64","ssdeep":"","tlshash":"a470000c8f2a8000a00a8cc0208082000ca8200222200000a80a0e0030802a0802a0a8","size":20,"data":"","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.844114Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"42cb60c6132fff48b24d4c9a3b8601a2","sha1":"7eb1227db54124d92802d8d17ee6aae7fe61535d","sha256":"4c69972c864964a0cdc6049e3042426395dbfcb359f30020041259f894ab9a5f","sha512":"c20f35c1fa07907af74e7680666891bd23573df96f05cf9007b9cbe7e56c3756b2f99f90ebe6c44dca2b9b6528547f3fa465a48e786adf51057959df0dcae258","ssdeep":"","tlshash":"c82110c8f34caa0e987216761aae10cb382c5437f958cc26fb2d78383f5b70c491996d","size":1433,"data":"","first_seen":"2026-06-15T11:55:09.781442Z","last_seen":"2026-06-17T18:01:05.967188Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"984c0912ff616360a371707be2914eeb","sha1":"9166ea5519626bada2255d890f5395b542b2b1c6","sha256":"cd0e70c97c5f036ad981e4207a702d77c756bd3f09eccffe03783632563f1e4d","sha512":"237c731c605fac9f626caeaa9bb200bd73d092bdfb715a4e4039627b5018aac57fccf1995a8121ba79a230413e1d272869685f7610a284f47df9cc00e958d955","ssdeep":"","tlshash":"05c001a551a62a3b001a21920a58a605041a09574a1abc3f3b5e13a46f5c21ef1b7959","size":137,"data":"","first_seen":"2026-06-15T11:55:09.782235Z","last_seen":"2026-06-17T18:01:05.96798Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2515b8a6bf29b6da6c6f178c3ee3c56f","sha1":"787128704be6acec4e1639cbe86755b98fbca261","sha256":"0ce412fb94acdb208cf8dc3f2cd0ca3851fef29cd360f06a9a681f833aa4d7e0","sha512":"0d78d2cd0a43ec7e6e9bc2825989811f51f232e7a788e9878b340fa27694d23480c80c6171bc19c18dd23a6d79a2b7d6ec4489891fb4aa1f460602cafe884cc1","ssdeep":"","tlshash":"ccf02432dc73e8e63d6a2146577ca5542cc81c3312ced90ef905fa009fc380ae00c6c1","size":550,"data":"","first_seen":"2026-06-17T15:19:17.614079Z","last_seen":"2026-06-17T15:19:17.614079Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/socket.io/2.3.0/socket.io.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2316d5f067a1f861d2565a592376fea3","sha1":"a6560c8aed6fc7350e2ca96fcd98211bc18fc235","sha256":"6d09ab65ee323e742b2d363ed6063295f34c06e19f9d3fc72ac0865fef57baaa","sha512":"bfc9e0fee1b19207b7775209b84a3a7493fc2558b2be6b34725cbda676df4714faff7d5cddd456c488b01a73125b06631ca3ae6371159a28ecee4d63cfff5b2c","ssdeep":"1536:ronrZdZLIkYsOH+1+kN4gcUu9n+wkiKYfsD2:reVrLIk7OH+1+kN40inxA2","tlshash":"6263d8c4b6a1209543e721b1416f020b723aa82d250d81acb654d9f63cfcdde762bfbd","size":68686,"data":"","first_seen":"2023-03-07T12:12:41Z","last_seen":"2026-06-19T22:41:39.058614Z","times_seen":709,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"log","text":"本系统由whisper客服提供服务，官网地址: https://whisper.baiyf.com","filename":"https://customer.cmksaletservices.work/static/common/js/whisper.io.js","line_number":0,"column_number":0},{"level":"log","text":"链接成功","filename":"https://customer.cmksaletservices.work/static/customer/js/whisper.cli.io.js","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/layui.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.400Z","timestamp":1781709525400,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/layui.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-1ce3\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7395,"size_decoded":3653,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7324)","md5":"055cb5361d0dadf75de67f6875def943","sha1":"97ddce827fedb8869a9d0248a16b70c14da2a8ec","sha256":"91ffac1a9d64f3dae4e8091b4feea25981e750d279cb71491b25dc24b33ecaf2","sha512":"3c074594a667484aa78b2227f834c4bebab07a6b4bd795f94570d3e3da911aa48275e13c54e1c6848cd2ec1fbb2bad5cb104e9a6bc1f71c967e93dfde62aa9b2","ssdeep":"192:TDTGeNtb7/j9Eg3JMunJYJjdlrr1+p8XqlPBOTXLLRUweK:TDTGeNtHj9Eg3JMunOJjdlP1+K6Pw7Lz","tlshash":"c7e1a898b5b27452473b306572af901ea67b44ad284c8090d1ced9e63cb6cbe4377f9c","first_seen":"2023-03-07T01:06:15Z","last_seen":"2026-06-20T16:22:07.769482Z","times_seen":542,"resource_available":true,"data":null}},"time_used":706,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":706,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/websocket.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.646Z","timestamp":1781709525646,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/websocket.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 27 May 2024 14:19:39 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6654967b-3fdd\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16349,"size_decoded":4653,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"a89fe0ff2c76d604b4d0bd1eb1557e36","sha1":"77c1355bc7ad8dba444484d341ae32716760712c","sha256":"53a8d029476aafcb243cec953e522204b1af1231339ae75822dc63274877f8d9","sha512":"be671e254800bcdc163945abe3203d59e47637721e40b3f6d16e06223ffcd5e527ccd3de59f6283539261ca9311081a04fda89059307946cd7bf6255fc7866a0","ssdeep":"192:EHjrXg7hWXwwQbdUFdMea3JiMF0Cl3Loa5fFwy4HrwIIgUdjAN:EDrQ0XXQKMxiMF0Cl3LoaILEWNN","tlshash":"237262a0f7ac151f40f6142d849c55c46bec8572cba849e7babca6d00748f1e146bdbf","first_seen":"2026-06-15T11:55:09.763973Z","last_seen":"2026-06-17T18:01:05.896266Z","times_seen":6,"resource_available":true,"data":null}},"time_used":703,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":703,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/ko.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.661Z","timestamp":1781709525661,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/ko.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-fc3\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4035,"size_decoded":4444,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 200x133, components 3","md5":"08db97ed0363573d61eaa015088a2559","sha1":"ef309a9c508819cad0ff80619210513f9671c441","sha256":"386bb37ce7c7097716e95618a789d011a08ff3dbc519d34a5642c5dd0c398eca","sha512":"8ac9d23f79a5c7aaa8e52a84c68f63857fb4bd93860c42d0b12364f19f169e83292bb765f22af092242b29ec61901f56e01daba863acc433998d58e9b3798685","ssdeep":"","tlshash":"f9815d937a97ce83ff28da7540a3106027da405262d787755aaeb47fb1acfb59812420","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.809319Z","times_seen":214,"resource_available":false,"data":null}},"time_used":689,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":689,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/es.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.665Z","timestamp":1781709525665,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/es.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-3c67\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15463,"size_decoded":13338,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 268x179, components 3","md5":"35de101110393991d1486fb365dca772","sha1":"e0036c50986cbe02fb5ae8bd22c0ea07ec07f239","sha256":"4f334804d147596fff52198529e6c088a691ed2c1b9eb38fef5d04df7d26f888","sha512":"d5a2f8587acc18d8e046abae2afdb2013f969917bbe04e6b2c6c561fb0c4c6afd13e181e292ea2e22710a673bff6863f5564ab982595ae8f047a4541e869bc70","ssdeep":"384:n7777/9iiHCAVqqiY1+BW59m2lqhZluhJNycIxCKk1T:n7777/9lIe1kublelu/Icl1x","tlshash":"ed62ae658f7e093afb012b7897fb681d8c46adde4d0ad84c246704fdcc25941e8d6bb2","first_seen":"2023-12-07T04:32:25Z","last_seen":"2026-06-20T16:22:07.806615Z","times_seen":16,"resource_available":false,"data":null}},"time_used":685,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":685,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/layer.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.152Z","timestamp":1781709526152,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/layer.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-5619\"\r\nexpires: Thu, 18 Jun 2026 03:18:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22041,"size_decoded":8098,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21984)","md5":"3ffd5603784dbfeef189498c1a705c15","sha1":"983f2308aab1a1addad5be4f1c49099f5dd589cc","sha256":"2aa83aee413f9b91a2dcc536cfd6acd6e44b3fcdb59c26586e32d083396a8db5","sha512":"76d0b3952e17783ab3b597d0db1f734bf7b933ef8ff316c8107f5192f1ecf318c3f11c9ba10a4d15063b26cbb32133af7581070d7c782ebbbcd6580cfd21545a","ssdeep":"384:619Cih92A3igTLXSt/SdMrXqE6K+LxzAOTElH0jjhtjfs8:614iV3iaWtXIKiF13k8","tlshash":"b4a2b66a754034976323906ad11fba0b31f21d24d7078128f22ba4be1dbcd95a2b7f5f","first_seen":"2023-03-07T01:06:17Z","last_seen":"2026-06-20T16:22:07.807463Z","times_seen":435,"resource_available":true,"data":null}},"time_used":690,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":690,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/layui/font/iconfont.woff2?v=256","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.190Z","timestamp":1781709526190,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/layui/font/iconfont.woff2?v=256 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/static/mobile/layui/css/layui.css?v=1.1.1.6\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 25964\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-656c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25964,"size_decoded":26404,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 25964, version 1.0","md5":"d8c214c89e33a7bea93d656bd865e869","sha1":"c188dbfc6951b7c305940ac3a279227aeb5617f4","sha256":"bef73f87b8a3972427dcece922ed8f59d1d01c4a3fd572316efa70de9aec9c09","sha512":"0e5897c1b874a714fbab221e97717c5bd8b6c525b539a24eca76391206f931abf5cad2441743c441239ca2830f3fb33c34d207e13ee4d1eb3eeba806763f8405","ssdeep":"768:4kZIXl8feK5HavVh7VQB+l9yDbzKu1eNxECo:4kZIV8fqxQB+l03zdeNq3","tlshash":"fbc2e1c340bb8ab8b077783c6a9e96b9d51134261dde919427cc096043feb49eace701","first_seen":"2023-04-14T13:17:16Z","last_seen":"2026-06-20T16:22:07.766008Z","times_seen":1007,"resource_available":false,"data":null}},"time_used":654,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":653,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/css/iconfont.css","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.955Z","timestamp":1781709526955,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/css/iconfont.css HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-794\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1940,"size_decoded":1830,"mime_type":"text/css","magic":"ASCII text, with very long lines (1245)","md5":"cfd403fe22d90d4858fd76c352bc3894","sha1":"93ba9c459bb2529d258556e38c37ec1984bf99fa","sha256":"89621b7f8a3e4d3d36780420b18e7a94e17afdd35b8a8faa0701f24d1bc47b53","sha512":"0476226979cf90c8774f4c3a13d07090b97f483918ff2b1d6fd533bb51640db589c85d30ad34f701c36963eec214d600924828479de11b840f18e83e66ee1f8e","ssdeep":"","tlshash":"e841c87249dd7cb217c03c66b18b7d524e44318f4a0a889fe2781a395cf7fa0d20974c","first_seen":"2023-06-17T21:56:25Z","last_seen":"2026-06-17T18:01:05.903315Z","times_seen":30,"resource_available":false,"data":null}},"time_used":471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":471,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/socket.io/?EIO=3\u0026transport=polling\u0026t=PxMATv9","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:48.651Z","timestamp":1781709528651,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=polling\u0026t=PxMATv9 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:48 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 106\r\nx-xss-protection: 0\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":106,"size_decoded":520,"mime_type":"application/octet-stream","magic":"data","md5":"06931506d3277ba6f3df80cff1cbb7b5","sha1":"73f9aa4e8829507e57d00c40a7b07a201cd2c245","sha256":"aa9475ea08bda2a51510634da4f15a46d6d211bab950aa43391b804b712ab199","sha512":"548cfcfa551b680519996b3e65fc5a97461f3cb7a210309c32a851cdd69d6f71b404ac242d093bde995194fd905af0d6e4f258147c3b28c85e29e131769b68ee","ssdeep":"","tlshash":"e6b0924491adb289ea307a4569f79e0a0818b85d968a248c66a804dc09ca120a21266a","first_seen":"2026-06-17T15:19:17.496327Z","last_seen":"2026-06-17T15:19:17.496327Z","times_seen":1,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/layui/css/layui.css?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.381Z","timestamp":1781709525381,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/layui/css/layui.css?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-1224e\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74318,"size_decoded":14239,"mime_type":"text/css","magic":"ASCII text, with very long lines (65504)","md5":"6490be49e910a3e2ccac0cd63ac5be57","sha1":"bc1b9e3070e5e051a9132a27f9a5ac494d4ded1e","sha256":"4d891687db5cd12b3f5fb777a151efcdc0a94bae9e4231d719d0b3f7716f8f2b","sha512":"09083b4fd7802d880b94aa6fe674f8c5ec5b7fb63b550251fa2ae04b622d6164e1551998e4d7c8aaa152e303da70b9dce2c94747655a32b7000fbad8c11efc9b","ssdeep":"768:4/nEWwcY/8zYbRzycl81JpZlwyQaIYKsR3zdVhlu9Tr1BpRBtfKa6G6nr4wdV7np:tWwcY/8fG68wjHmavq8","tlshash":"59739632e6012ca5762bd215b1dcbdfda0789512ea634e6df3823b1b87848471077f6b","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.766643Z","times_seen":44,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/user_recharge.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.666Z","timestamp":1781709525666,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/user_recharge.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-120e\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4622,"size_decoded":5165,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"c1645e63417642ae734dfd79ed70834d","sha1":"f58a0bc66a71aaf8ea10a03a6811b6cad0a008c7","sha256":"78584b8c03bf2cce0622fabe8c8aff60c87aa5dd945e6805ebf8b1abddd8382a","sha512":"3d46abd7e24f5e804d8a3cc18456639d5e1ffbd58b3c32fa60e7dd4de3316cd9fe837b720e8d61bd9a4270e816fe6bec166f03361358be52c86b8fa562b68710","ssdeep":"96:AHIoRhyCC/4/mrlHG5kEmZqMLWa1hLn2nDVB80beJV5CrMZ6GasUM8nz:S7RhKAyZqMTFwVVbeJPCcUjz","tlshash":"cf918e85f2e7f85117788fdaafc59db35970467b82b1ced3808010b5a68c54ed81fa93","first_seen":"2026-06-15T11:55:09.767508Z","last_seen":"2026-06-17T18:01:05.89709Z","times_seen":6,"resource_available":false,"data":null}},"time_used":684,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":684,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/css/modules/layer/default/layer.css?v=3.1.1","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.873Z","timestamp":1781709526873,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/css/modules/layer/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-3859\"\r\nexpires: Thu, 18 Jun 2026 03:18:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14425,"size_decoded":3394,"mime_type":"text/css","magic":"ASCII text, with very long lines (14368)","md5":"cdf467c11d77287b09cec22297aa06b2","sha1":"57e147ee3cf8a1ea2194bdfbad5e69083fa578bd","sha256":"ba2baf1bb08b0bff57cce75934bab7768c52567bf389479bed787004ae6e653b","sha512":"9c24a7c4d5d151652e246375c42f4ef2eb29a33dd9b4bad8c19ac2dd52086db91988d0f87c5d547f377499649f02e6ac4dbe4ee7a06d8a65cb2b445482104ab5","ssdeep":"96:Jp+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:KWmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"f55231e144811299b0278721d6dc7eba32f88d43e5630daef2573c1f874c6dba2b6647","first_seen":"2023-04-16T09:58:27Z","last_seen":"2026-06-20T16:22:07.801695Z","times_seen":593,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/element.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.875Z","timestamp":1781709526875,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/element.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-1c60\"\r\nexpires: Thu, 18 Jun 2026 03:18:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7264,"size_decoded":3081,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7203)","md5":"784379625afe1516f69075a78007e7bf","sha1":"4eca1e2bd313d46ddcf113095074da797b145aa6","sha256":"763c30063a00b2698ab3aa17948b5008a33d477fd7dfd45f11f3d4a49e29b73c","sha512":"f08d8e5c3c091ca2a0f00109cc55dcf9a7ce055996f1fd2d6cc2f7b414e533c0b8356fb5bd3ec7eea1692e5aa56d2be0465465f60479f3eb2afb783cec3ca87a","ssdeep":"192:nZKp8KKtRtwFC2q6IsTPJB91RGRtX9uEUn0Gs:nZltcF+6IsTP5ONN","tlshash":"bfe19518b05236f73197b5d143bfa21da03f4636e70246ac3066d4ba09bbd891673f9b","first_seen":"2023-03-07T13:00:48Z","last_seen":"2026-06-20T16:22:07.812098Z","times_seen":269,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":238,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/script.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.409Z","timestamp":1781709525409,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/script.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 20 Jul 2024 06:23:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"669b57cc-1761\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5985,"size_decoded":2755,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"99b78165e73f08d1d0cfe114c0b4e7ad","sha1":"9f86c5f286135ac0bd6cf41eea0665e9846d0299","sha256":"d75bfccbf03a6192177e4fbe194370f0353b54034f1f3f92c7c77644a6988adb","sha512":"03b5565199a5e351f87092647db5f130d086635d785a4dcf6a9cb1bc79203b1c406dbde9f917515d85b37bb603e4ae83547f3574147da1dcdf7eea34143be53d","ssdeep":"96:kZFU4qA8jt8jpTbso663tYoxNkwhqGuLK9jtnnt5/Avx3CB0QPiU1QzGwfg3:kZNijujN0uYoxNkwwGuLK9jtnnt6vpCP","tlshash":"a0c19318f01c361a927931394c8f4069a03d89691b0f8495f47daea42f3473f4eafeda","first_seen":"2026-06-15T11:55:09.742084Z","last_seen":"2026-06-17T18:01:05.899059Z","times_seen":6,"resource_available":true,"data":null}},"time_used":698,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":698,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/de.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.663Z","timestamp":1781709525663,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/de.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 154\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\netag: \"66248880-9a\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":154,"size_decoded":661,"mime_type":"image/png","magic":"PNG image data, 92 x 92, 8-bit colormap, non-interlaced","md5":"72a365a37b672f5a20da4f8f0880e857","sha1":"1d395668bd5404aa8b26e4d9586d1129798e5f21","sha256":"3da97ff56eb98940e046126ce7c727856df8722c833128141d15c640013675e6","sha512":"7b828444c21dcb95b151bca6b8d30a8466dee73019ec8096d04f85ebcacd6131480c2cf83885559d251be96da019f74a84260109760d3dc57643624281eea934","ssdeep":"","tlshash":"f1c08caeea8928a4c34aa1b21b781c349907a17ac1a49222a085981c1d1a1281486aa3","first_seen":"2024-08-20T10:15:14.338399Z","last_seen":"2026-06-20T16:22:07.788051Z","times_seen":56,"resource_available":false,"data":null}},"time_used":688,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":688,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/seconds_ico.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.673Z","timestamp":1781709525673,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/seconds_ico.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-4a9\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1193,"size_decoded":1735,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"4978d26df496f44cb95c8da6632fef0a","sha1":"fa633216e827c1f101161cf9e59c94545ca893f5","sha256":"f1ee9fe0da5fbd944e3f32441cbad4313ac01bedb4dad064e90287347156ea3c","sha512":"a7f0880e13b05e096d5e105c8da38dcd5c004837ad1a7ab2a0cf69971490fe75954ef8fd7d7e469e7b603d30f8d3263f85ba55ea94f78437690631a7100b92c4","ssdeep":"","tlshash":"ce210ab7da9a6b8ffa8812f7feb77741e1e6ee825116814c184d75204fd2130cdd2048","first_seen":"2026-06-15T11:55:09.76843Z","last_seen":"2026-06-17T18:01:05.930262Z","times_seen":6,"resource_available":false,"data":null}},"time_used":678,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":678,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/form.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.876Z","timestamp":1781709526876,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/form.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-2577\"\r\nexpires: Thu, 18 Jun 2026 03:18:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9591,"size_decoded":4434,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9284)","md5":"a55a0aaf3d84264e3373f58f347a18fb","sha1":"921760fdababb5639192c73866c1b3b5f2ca0644","sha256":"03315f4a8fa90d66f3115d686bcb50d9356136607f92edbc9c59d4f27090a0f3","sha512":"7295dd0874606a2605b16a49ca696bfe305e16d769a7d037cfba0e074591e4def8dea94e4157cbd7c52e85e8de4ae496155c0af6d21b00943ba04ab6164edc13","ssdeep":"192:7U7m+EjWnSTmyANS4B7R6EoHv9w5iaHe16GL:7U7msqmHBV6LP9yiaH6n","tlshash":"1312a319715135e2367b60a1405f981ba0bf4635ab09c8947093d4f92ebec9493f3faf","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.802748Z","times_seen":113,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/font/iconfont.woff?v=240","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:47.894Z","timestamp":1781709527894,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/layui/font/iconfont.woff?v=240 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/static/layui/css/layui.css\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: font/woff\r\ncontent-length: 26744\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\netag: \"5ed215fc-6878\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26744,"size_decoded":27183,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 26744, version 1.0","md5":"e9caaa0617fa61c01f765960d10da0ef","sha1":"f116555d117ded6e97229847ba3c8e8ca12e2f2b","sha256":"6e9dac35a993a17830b37c400415142906634d2b0a7af0b2418a92ed959ae201","sha512":"ce8e8f966da41ca268c9ebb33c6f48d94dd571f28861c32693bcd9ec14e436ac74e5ae63fc870412c73c918904af116449d6fa087cdc070d765d98262c57426c","ssdeep":"384:lT+K7sT/S/j7Bp+6dtR28R40byHpBo9q+rXMRvhBBTa0UdmDBG7Yphfee+JxD:lT1kKPBoqtR5q0byJmIw8t7emDnKHD","tlshash":"6dc2e17898ef2facde9141f0995de3903f578d8d26a7633a94909c3f32d08f27599085","first_seen":"2023-04-07T16:38:45Z","last_seen":"2026-06-18T06:56:00.663959Z","times_seen":817,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/index/index.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.640Z","timestamp":1781709525640,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/index/index.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-1211\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4625,"size_decoded":2140,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"0dcd53515a6992b2222ee4d9f4a3e682","sha1":"0aa981db906694ccb7650bd5defc855bf01a2f18","sha256":"4cf6b72d4faa38b5a6d0500c798cdabeb6a4f241d34d0612bbc6c328773cdca0","sha512":"795e3c8e0b69f8875b02c8ab820c1eadea220864ae64192e419ef354898b01684fbc71b54a49bbbd344e5bb090c96999459eb5df90e5be998791a2072b5509f9","ssdeep":"48:4NHsJYS7AEGyUjmHAuEZBnZBJOt9dxGiKsu5RtpmJpZzPDvuli+hIg:mHsJ/oQARZJZTADoPtpI3v4ikIg","tlshash":"88915606e4e314536e23909a8feb4005a1adc033d20acc4dbb9ed69e2f5c9ac5555ede","first_seen":"2025-02-26T18:00:22.704148Z","last_seen":"2026-06-20T16:22:07.840115Z","times_seen":38,"resource_available":true,"data":null}},"time_used":509,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":509,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/iosapp.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.413Z","timestamp":1781709525413,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/iosapp.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-806\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2054,"size_decoded":1385,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CR line terminators","md5":"7c2f59781d7868eff1bed99be0478af8","sha1":"d8bd7c15428c99cdbb38795df05438471953ba6e","sha256":"b16d7795b265d380540612bfed9739a90fb46aade4228c670fc8d17abce9adaf","sha512":"2e979baf0d2f94e91eef9665df48555ab4dcf4e7b8bc149465ec25d9e09a07dd625edf0750a6f9d7e47f64162f8099663c7986c4a4840948b177237581b4ff6b","ssdeep":"","tlshash":"c94132999a9d683919d3b42d1a3fb15c72333aa5a4428110bc0fbf943b34a4a162db98","first_seen":"2023-09-23T10:36:02Z","last_seen":"2026-06-20T16:22:07.767243Z","times_seen":44,"resource_available":true,"data":null}},"time_used":694,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":694,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/upload/20241104/99b9ea73d723473535101ef7a7d3caf8.jpg","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.669Z","timestamp":1781709525669,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /upload/20241104/99b9ea73d723473535101ef7a7d3caf8.jpg HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 04 Nov 2024 11:24:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6728aeef-16205\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":90629,"size_decoded":81779,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=355, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1053], progressive, precision 8, 618x287, components 3","md5":"6d745c1f42e2f547802d05a5f993f8ca","sha1":"093c1adbee444dfe12a0a7716c93eba31ef57114","sha256":"4819234101db485b24fd3de8416cb28bd301e561a09a1450cc0f8acf9bd1cf65","sha512":"fea46991f6869251fe0103de2843becac092865d96558ad13bf7d36dbae93672d4bd4f409f4b7107b31ef2601d2a10faa6aabacb6a5722431262bda8970cecff","ssdeep":"1536:371B1alO7+cbZ4hHknF+SwdfBzRN95Sv+5TOmni51hWpSzNcfA:pL3Z+hiF+SwpNuQK55fpf","tlshash":"0193f17c9e836f02fdc655389666d2096f105f0461eba653b8ce3171f3263e28e4c66b","first_seen":"2026-06-15T11:55:09.72465Z","last_seen":"2026-06-17T18:01:05.91797Z","times_seen":6,"resource_available":false,"data":null}},"time_used":682,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":682,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/css/modules/layer/default/layer.css?v=3.1.1","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:48.415Z","timestamp":1781709528415,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/layui/css/modules/layer/default/layer.css?v=3.1.1 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:48 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-3859\"\r\nexpires: Thu, 18 Jun 2026 03:18:48 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14425,"size_decoded":3394,"mime_type":"text/css","magic":"ASCII text, with very long lines (14368)","md5":"ba3e7d46e810d43d2501753275fa3d19","sha1":"009c50a10c3048409c9f12b0b9e8a48d9023e82c","sha256":"1f01a58452e90d8141dccdbc5be2fabc6afb6751c36330f2c1a6f032937c9580","sha512":"b4e4d01ded4b3188406d784e583b8713e04e25f9cb8fc142b1086018f13d56a7965196f2dfdf559f3264e6da268b3d2e9bd9683e655eb0a63c56e1f1c052b670","ssdeep":"96:7p+Ntha8qNEp+wRY1vUPXiK6nMLPD2OtLzXyPHL/LztJDzyv2OQ7KGx1jyd2/SWz:wWmLr2OtSrzzt42OQ7KGx1jCWR2b+RcU","tlshash":"d75231e144811299b0278721d6dc7eba32f88d43e5630daef2573c1f874c6dba2b6247","first_seen":"2023-04-07T11:34:38Z","last_seen":"2026-06-17T18:01:05.94718Z","times_seen":890,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/i5scroll.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.647Z","timestamp":1781709525647,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/i5scroll.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-6f3\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1779,"size_decoded":1459,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (762)","md5":"229ae241044a0a16861b8583b4435079","sha1":"8051376b7ff4f9eb4c40389985ceed910bd8a868","sha256":"00323fb404aa8d1151ba1d3842ace6e1b7dfd723faa7b0402c20bcbd7d93e59a","sha512":"edafd940bd292208de80d57343ef7dba5360bc21f5dd691f24b13d167b15b3f5529bae2735c1d2c67fb23de10ea4b907f7adf371db7d150724a2ee5d1ef82cc5","ssdeep":"","tlshash":"cc3167c47000b636859620b271ab56d9f3398ad7346d881174beb189bd1cdb50d2fda4","first_seen":"2025-02-26T18:00:22.707066Z","last_seen":"2026-06-20T16:22:07.780429Z","times_seen":38,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/user_withdraw.jpg","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.678Z","timestamp":1781709525678,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/user_withdraw.jpg HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Tue, 23 Dec 2025 07:44:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694a486d-3f2b\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16171,"size_decoded":11187,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1024x1024, components 3","md5":"1ae7331e43c6f31ec650877d8ba9be63","sha1":"e334e581ffdaa6eaf1010f76ea860391c8ac690f","sha256":"94ca1fbf83d467f65ae6a9f7e2cdb851ef7302c0527f03b692246c42e86ff784","sha512":"f7110c3c19f050fdca83ef4d7676018e2b005be1c44858e7f08ff4581470268d20c7713f330f4bc89ec029f680d2d8325382aeb354da2044fcceb8873841ded2","ssdeep":"192:4EAFwkrJQnnwvCDg4QD2Dq/cab1aakmtbDlGTkZPPUgLUN3Es3V/8:4FH4Q6DqLS4b8TkZi3Es3V/8","tlshash":"98728ecd331df106eda5073484e3c723edabbc81d84d0a62e083665888537f47e1aad6","first_seen":"2026-06-15T11:55:09.733011Z","last_seen":"2026-06-17T18:01:05.963372Z","times_seen":6,"resource_available":false,"data":null}},"time_used":673,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":673,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/bar-right.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.161Z","timestamp":1781709526161,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/bar-right.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/static/mobile/css/mobile.css?v=1.1.1.6\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-810\"\r\nexpires: Fri, 17 Jul 2026 15:18:46 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2064,"size_decoded":1837,"mime_type":"image/png","magic":"PNG image data, 210 x 16, 8-bit/color RGBA, non-interlaced","md5":"6d506e21ad1a31db63ac286259d8f5bc","sha1":"6ddca17c5680b11eb52c2c21fdbead826b5112e5","sha256":"da85579c28fbeb70f1bf970210cfb2f8026574f3530ff6e452921b1df0e9f2b3","sha512":"d7cf62f82c6dfa2ddab288e85dc1858336ff238b6860434c9660ec7dbe6372eaf6db94187abc36d66806bd0aff77e3ad4b8d501e72825a1326e4d7d99a6bba0c","ssdeep":"","tlshash":"0441810bf9457d112a4dfb066af790676b2387d09a81a5c6bcd95d07acb20fccc0c2ca","first_seen":"2025-02-26T18:00:22.731167Z","last_seen":"2026-06-20T16:22:07.811172Z","times_seen":36,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":681,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"wss://customer.cmksaletservices.work/socket.io/?EIO=3\u0026transport=websocket\u0026sid=21b12fb6ae8cda410139ecb1","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:48.942Z","timestamp":1781709528942,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket\u0026sid=21b12fb6ae8cda410139ecb1 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-WebSocket-Version: 13\r\nOrigin: https://customer.cmksaletservices.work\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: +NtvQp48h8Ee/vlJEP9OoA==\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: Upgrade\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Wed, 17 Jun 2026 15:18:49 GMT\r\nContent-Length: 0\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Version: 13\r\nSec-WebSocket-Accept: ztzrIxe5jsNIKwQOtTesoWDg56g=\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":227,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T16:29:48.02362Z","times_seen":16584092,"resource_available":true,"data":null}},"time_used":721,"timings":{"blocked":0,"dns":0,"connect":237,"send":0,"wait":240,"receive":0,"ssl":243},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/index/index/chatBoxJs/u/5c6cbcb7d55ca","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.644Z","timestamp":1781709525644,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /index/index/chatBoxJs/u/5c6cbcb7d55ca HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15878,"size_decoded":4712,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"a9ca612daef9b6e996a1c5ad4d881009","sha1":"e6759b991c21ff1d0a708489c87c9bd32b6fbd4e","sha256":"445f32836ebfb3bbddaab3b10b51c10002f87697a6fae7e3c763971a64fe3c77","sha512":"3b332838698f69255a6a3a54aba91a5c768122d986afd1e5e3db72d5501c1482bd533f64263e91ada0cb91b37977e8e8de475cd14686375d7717b9e88b40cf6f","ssdeep":"192:nq4l+/PCFTZA1JZ1ldN+NGG6IEixCrpZ0izLU5SVimGs9KhfI0aZFzHRsdryTZrZ:LXFaJZ1ldNtG6DixmRjN7tHQ0T8Vsx","tlshash":"8662a6915ab70d6d111a935e3fdf76043f21c013c60ae829bedc86d99fc58f84161bae","first_seen":"2026-06-17T15:19:17.530876Z","last_seen":"2026-06-17T15:19:17.530876Z","times_seen":1,"resource_available":true,"data":null}},"time_used":884,"timings":{"blocked":-1,"dns":137,"connect":234,"send":0,"wait":262,"receive":0,"ssl":250},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/earth.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.657Z","timestamp":1781709525657,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/earth.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 735\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-2df\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":735,"size_decoded":1243,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"aa1aef2953ab1800a76e6012324a7b16","sha1":"c460fe1de8753b12a1838ab1157b652301857e95","sha256":"fb7e47693fedf3662f433240cb4e93005e6c5c70d06e56919efbcfc1916f9f38","sha512":"045a48f686308b7f63ee418da2c733d8c7e2f775855a568169ba0bfa47809960589d2af64b357e94d6060d85718aed4e1f80fde5d919732b025bf7949fe80711","ssdeep":"","tlshash":"c9016580fe302b159c9e11fb230c6e80d852355e25c1b94d7951c136106a2860cd4723","first_seen":"2026-06-15T11:55:09.719095Z","last_seen":"2026-06-17T18:01:05.919938Z","times_seen":6,"resource_available":false,"data":null}},"time_used":692,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":692,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/chat_ico.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.674Z","timestamp":1781709525674,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/chat_ico.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-1036\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4150,"size_decoded":4637,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"a8ea109381330ccb1f4f8a8523ae467c","sha1":"f13408978f8eff0ddc707147045778b86dff752f","sha256":"b4dc705e78ffabf730b518ad6e19932896cf5cdf2d4bf12d5a3f7b0a7a5ab9d1","sha512":"17c366ee4ba98ad4bc806d3a6e9990fbe41beb2ae7934bc765f1b2e4206e5178d13be3d07eaa376b8f1ba17c5217f7ff275e736876b5a8b8d8a6f44c1ff99677","ssdeep":"48:9aTW3MhYj0tqW0qnCdR5OJIgRDRZkCh+BwRjrip7Cg2vxjwBGTBz3BEWMufcnNKq:IT3h60PCP5Ov3Zvn6qpjwBiR1Mp+C","tlshash":"a5816cd6f302d0bbc5ac8477a5bf77525460ff58cbac814cde8852b7683c182328028b","first_seen":"2026-06-15T11:55:09.731975Z","last_seen":"2026-06-17T18:01:05.949488Z","times_seen":6,"resource_available":false,"data":null}},"time_used":677,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":677,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/winer_ico.jpg","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.675Z","timestamp":1781709525675,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/winer_ico.jpg HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 22 Dec 2025 09:01:41 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694908f5-7b0f\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31503,"size_decoded":27874,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1024x1024, components 3","md5":"93459f40eeaf1a4900b41bef67b76e9e","sha1":"18215cadc34dbb1747e7e810fabbbceb39e4af53","sha256":"4796f1393f66594673008ea409470572a5021d3994c869ae6a4b374e4648b666","sha512":"4051b7990a1313c1f1536a1e7aa8f96038ea4ce8d8bcd2e35fcfcebb34cbd8a11138b3bdc44b34d239d9d51a28c304d0816809c527caa806ace6f3f56aced38b","ssdeep":"768:kPMQhU6lqynCDJSpe/Xds0jfSJUuRl5VTgngrjU:kQ7yCDJSpqTjfSJUuRlD8n5","tlshash":"61e2be0772854203da79677a95ef8330ff482c6a1d6a714a67a7610b0c7e3acfc4e9c4","first_seen":"2026-06-15T11:55:09.769359Z","last_seen":"2026-06-17T18:01:05.924447Z","times_seen":6,"resource_available":false,"data":null}},"time_used":676,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":676,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.558Z","timestamp":1781709526558,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Socket.io","description":"","website":"https://socket.io","common_platform_enumeration":"","icon":"Socket.io.svg","categories":["JavaScript frameworks"]}],"data":{"size":5269,"size_decoded":2318,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (601)","md5":"2cc2dcf4a41bff1e006af57959b2ee5f","sha1":"505db193cd085d5ae970068c42553b37ab059104","sha256":"f8b95b0d168f7ec0fa7e357238f82b9753e0a611374e653bfc3ef8a0d15abcc4","sha512":"314cf533848b1b1bc4953442c8c826102884df869b2d44d5f40cd08a6986a71de4cf6f3d575bd71a103ca203c9eb8ce22c230ab6c6a96a9bce65c7e47b609c54","ssdeep":"96:fOWWeEafajfoa8RPjOV0gaHhIENgiRjiwWDChsbs5mmB2Qp2K:Uafa87Y0h+iRhICabwmmgQp2K","tlshash":"c6b174218cf1c95134258185bebdbb2198d8e683d75ec148b2bd9ad09fd3dc9dc0b988","first_seen":"2026-06-17T15:19:17.536177Z","last_seen":"2026-06-17T15:19:17.536177Z","times_seen":1,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/lib/font-awesome-4.7.0/css/font-awesome.min.css?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.387Z","timestamp":1781709525387,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/lib/font-awesome-4.7.0/css/font-awesome.min.css?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-7918\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31000,"size_decoded":7614,"mime_type":"text/css","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-06-20T16:31:05.897395Z","times_seen":288323,"resource_available":false,"data":null}},"time_used":475,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":475,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/it.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.664Z","timestamp":1781709525664,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/it.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-9e9\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2537,"size_decoded":1399,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 268x179, components 3","md5":"6233ec64f3a49d3180070f68bae78502","sha1":"bd768fc4fa4a8a1ba5e02d990bcdce07ca5995c5","sha256":"e936376a5de002470fbfbe87523c7f5127397191ff9e46cf5704c2b85439db32","sha512":"cac5783e474d9eba995d61ce8b7ec13011ba284257db071414ef91cf7e46c577d92349f86a9aca48150dcc2bcac1c02f2df3436a1c780f77c37cb5cbf92a4a5f","ssdeep":"","tlshash":"0a517147efaa47afce938d38012cc41edaee0d225613cb118a4d28f1e31da55bc921e5","first_seen":"2023-12-07T04:32:25Z","last_seen":"2026-06-20T16:22:07.820479Z","times_seen":44,"resource_available":false,"data":null}},"time_used":687,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":687,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/jqueryWeui/jquery-weui.min.css","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.953Z","timestamp":1781709526953,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/js/jqueryWeui/jquery-weui.min.css HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-dae4\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":56036,"size_decoded":8550,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (55936)","md5":"f1b1208d27520d1e416d2cc8afacf82c","sha1":"d24e4dc7f758795359fe1b490bcb528e5543bc58","sha256":"64bdd05bb3b85a2252a1e599d0f58b216d1cf611797bdca88809c46aaa1abac0","sha512":"a71d863b0dba6bda62474a7945352415872db9f36efd7f47192e0e4d5ef20aff35623365c0af7542a922e369160e9bceffb73187b30ea63010fffbe792e150e3","ssdeep":"768:ZFraDz6UL96OpVHfiMHtI7RzLI7pMDpLpeZ:ZFr6632HfiEt67pLpC","tlshash":"7d43991f4701326a7622471ee3d69f6c871ac5435f632ced22127d1acbcb64522eb98b","first_seen":"2025-04-14T15:50:03.341554Z","last_seen":"2026-06-17T18:01:05.962819Z","times_seen":29,"resource_available":false,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/lay/modules/layer.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:48.170Z","timestamp":1781709528170,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/layui/lay/modules/layer.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:48 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-5619\"\r\nexpires: Thu, 18 Jun 2026 03:18:48 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22041,"size_decoded":8098,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21984)","md5":"68ff582d8490c48ccb5576ea27a35c8d","sha1":"14fd59adc3cc3708330498bba5263ea92bda9e61","sha256":"1d1f8f74389d9906bef9d17514d9a44f8c650a9ed9246df3222311770dc3976c","sha512":"a42cab904d035d75ff590778070c423ec3d5126dc41a74673a0cacf60da943a523c969f15fa4f9822b4442aa7279f60b0b1a404222d2199738d20d14438b7765","ssdeep":"384:o19Cih92A3igTLXSt/SdMrXqE6K+LxzAOTElH0jjhtjfs8:o14iV3iaWtXIKiF13k8","tlshash":"00a2b66a754034976323906ad11fba0b31f21d24d7078128f22ba4be1dbcd95a2b7f5f","first_seen":"2023-03-07T12:58:51Z","last_seen":"2026-06-17T18:01:05.919378Z","times_seen":259,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/jp.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.659Z","timestamp":1781709525659,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/jp.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-1dc7\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7623,"size_decoded":7408,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 47x47, segment length 16, baseline, precision 8, 268x179, components 3","md5":"2c1af6592dad54dc0ca627bfa876b424","sha1":"b6d122cfae18620c59dc31c52df8fa79ac2973e3","sha256":"3fc7b561aa8629c9e0a7d904a0f75e80bcb47268a549e1bd44705bb6518aea22","sha512":"bbd01ad1bbd449cb41a45ab4e20747562bcfe75c3505a93f01a9d20d6cf01d73970c4bd8cea9518351a716af6165280335bf7b1119630bdad0cc0e0e4635e399","ssdeep":"192:BoVwrqC8KG3v7HbONd7sqi2KiD28OCha5aq:BZlwj7G/KctOF","tlshash":"6bf19e7799370b91ccafe335242e939ccf44f00217499f24c588adc2d8b2ae9db75808","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.824597Z","times_seen":51,"resource_available":false,"data":null}},"time_used":690,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":690,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/css/mobile.css?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.386Z","timestamp":1781709525386,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/css/mobile.css?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Nov 2024 12:22:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6728bc73-cde7\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52711,"size_decoded":13240,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with very long lines (2654)","md5":"f7efd391d9bb6e18d1195c4966fe369a","sha1":"385a21c4f2e61c8cf2c476ab19a81afc567e6af6","sha256":"669920c71c60e895e2467212a590ae3b9b232e0b609e3c9451ec24086b2bbaf4","sha512":"8a7a0aa1a70a0e03654930cae205308a135abf6af2444ac686f7fc01126dc24ffbfa39e91daf38ad74625b7cb390ace44cb2cb09c5ff9c447edabbe9f9bb409a","ssdeep":"1536:8q81zydGtHEdq5kjFsF4S0fIQcYH+ntX/cm0FOP:u1zttHH0fZc2+ntX/IQ","tlshash":"4b33a82766631d06b01bd454af6d6ba2633c8013940fd9f9b9d1726d8fc2ae184f3b4e","first_seen":"2026-06-15T11:55:09.773388Z","last_seen":"2026-06-17T18:01:05.926569Z","times_seen":6,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":476,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/clipboard.min.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.411Z","timestamp":1781709525411,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/clipboard.min.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-2780\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10112,"size_decoded":3846,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10002)","md5":"aa7c9d74f567a8877522f816d7c387cc","sha1":"d79bfe29e732477cb27598dedff9495ddc05f390","sha256":"6717dbf025d81f537cc639903fb560e01912c0467e8da579fcdf92c6f58f7a65","sha512":"da4a20fae935b42cb957a322479c0e779835b37291c6ac8cb41f300dde796847897f788e849ff6153a32004cff087615d37f9f2cb8aa5751cdb1b8bab2534b16","ssdeep":"192:q0Z14dOk1XSHkKpI/230xlH3G4Ly9+vxo53CoD87JxKllkvc363Pw/3JyUZu5MpL:HZCQfI/wsXCz3rbllC3P83JVu5/Gz","tlshash":"6122a68cb29071b156eb50ba802f420fb271c42db06e40a8b21de8f56c7de9d4627f3d","first_seen":"2023-04-08T01:19:22Z","last_seen":"2026-06-20T16:22:07.787084Z","times_seen":2204,"resource_available":true,"data":null}},"time_used":696,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":696,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/user_withdraw.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.667Z","timestamp":1781709525667,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/user_withdraw.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-1237\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4663,"size_decoded":5206,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"f6b2ef0aaa6efdc613d6e52e1805974c","sha1":"9ca0e06135ebb883b965af818f8dddb88868c216","sha256":"c58164e286162f059cf7483812fcc9740da5c42e5c6e8ef97a187d507d64933b","sha512":"30266da89291276b9dbec070480c73e90351b8949939644275dacb95936697106ef11a3812061aa011e7279b10b9713c7b2642d8ae298d8a06a25ab5382bf6bf","ssdeep":"96:stsvMSK+aBToco8T3R+DuJ0A2oexmuHtgc3IT7ibHvo:sOvMN+aZo8TB6uJITHtgc3tHvo","tlshash":"04a18e0f62e221175ad1685f35d5ba221cfcb17970759d38fb118e8faf1ae49c206363","first_seen":"2026-06-15T11:55:09.709853Z","last_seen":"2026-06-17T18:01:05.956694Z","times_seen":6,"resource_available":false,"data":null}},"time_used":683,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":683,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/user_recharge.jpg","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.678Z","timestamp":1781709525678,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/user_recharge.jpg HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 22 Dec 2025 09:00:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"694908ad-2aad\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10925,"size_decoded":3160,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1024x1024, components 3","md5":"4c201c39f894bdf4b073fae99e235d76","sha1":"794f67ab9a459ebea3f6d8858876abb6bcf0f1b1","sha256":"05b7395737617abeaf01f5f8f74f709735e9b760f17868c960b8b4705e01e63b","sha512":"3b478594e330c281bfb94588bf8ccbec0b12a9c3e2d9f9103ef68c5983309bf66fe367d2240c875f65881d99b651cd18082d2423f5c86ecd4908062b989aadee","ssdeep":"192:4Tll0llmv8gsVRWRWCWRWRYIlIm11111bF+uQK3:4Xv8gsu11111bx3","tlshash":"6c32c8cab741142ef693c73d99fdc27ee771d3b62ac746712117ab394c603a24d64281","first_seen":"2026-06-15T11:55:09.710897Z","last_seen":"2026-06-17T18:01:05.925361Z","times_seen":6,"resource_available":false,"data":null}},"time_used":674,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":674,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/home_ico_HL.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.679Z","timestamp":1781709525679,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/home_ico_HL.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 842\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-34a\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":842,"size_decoded":1350,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"59288ebf5b1824f2c55da80cdcf6484b","sha1":"a1eb7616cdba90ce1e7b1c96367eedf8c0b63f25","sha256":"10967137c2aa860e517c12d3ee52b10e0c11d005fa728b0693d9a1c74c07f96b","sha512":"692753b33c0056f3f5acc7f7e6496f4ae0d2f2c5642bbe4f1af8c8caa3cdde0cf68ff4470aef5ce270ad7b07ae4ddc6cbe86a00f70545e84ba47c0f760b8e89f","ssdeep":"","tlshash":"440152b775149233ee66d5238979112063a131091a47f79b9e016d028810ba2a1fe58b","first_seen":"2025-02-26T18:00:22.734909Z","last_seen":"2026-06-20T16:22:07.810177Z","times_seen":52,"resource_available":false,"data":null}},"time_used":910,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":672,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/lib/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.192Z","timestamp":1781709526192,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/lib/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/static/mobile/lib/font-awesome-4.7.0/css/font-awesome.min.css?v=1.1.1.6\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-12d68\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77160,"size_decoded":77601,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-06-20T16:30:31.965076Z","times_seen":499289,"resource_available":false,"data":null}},"time_used":657,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":653,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/jqueryWeui/jquery-weui.min.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.958Z","timestamp":1781709526958,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/js/jqueryWeui/jquery-weui.min.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-1496d\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":84333,"size_decoded":24931,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32007)","md5":"9c7bcbbeb838eabe8801befbb54f177c","sha1":"2c486e904bebe49b0bcea8e5d0b019533699a7a2","sha256":"e07b9a34158e94ba73df9e89768dce0e2846c984635a6fd4c4d7539c822b6bce","sha512":"dc5a2a219f4f7b3a29da600600c4666c18d0a9c3f77e256e3222387976b779cae0adaba0adfc72fb3991730c7a34b3f390fcbcf47977ca316fc5d94ca6de1f16","ssdeep":"1536:beyBPd2XiZAazT8DOCOB/j2kNleVRrI5CVam9P:beyBFTZZzfNleVRrI5C1","tlshash":"2d83f68e7651b63253f7217881af02052233a926644754a8b96ce8d51efcc4da3bff7c","first_seen":"2023-06-17T21:56:24Z","last_seen":"2026-06-17T18:01:05.958822Z","times_seen":36,"resource_available":true,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/assets_ico.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.681Z","timestamp":1781709525681,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/assets_ico.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 944\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-3b0\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":944,"size_decoded":1452,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"8fdf9783a64546d6d6c08baa86dbb8d7","sha1":"6834b2399b8102028bcb7b1a620037ed4a2d72c4","sha256":"8878fd022a56a6a2bbc55d0bef56fd9df9c91c1f2124b65bc10164e3d7c1a7da","sha512":"601572a73fc0417306a0c65e80585e7b36cd0c05cddea90f612745d818295941f75c67473591061e06f459244dffcc2db7631262efe7ef3d4e49151ba9746186","ssdeep":"","tlshash":"6111c8802a10114cbe2cd11fc209f80f811a05968e76c204292e79b32634a7cf8e05ff","first_seen":"2026-06-15T11:55:09.746359Z","last_seen":"2026-06-17T18:01:05.90089Z","times_seen":6,"resource_available":false,"data":null}},"time_used":908,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":670,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/jquery.min.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.957Z","timestamp":1781709526957,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/js/jquery.min.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-14979\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":84345,"size_decoded":30310,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"f9c7afd05729f10f55b689f36bb20172","sha1":"43dc554608df885a59ddeece1598c6ace434d747","sha256":"f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c","sha512":"3dcae1ff6e98c64e3586be3eb14dd486c51f7d4e9fa1b8f9a628be4fbb6a9ab562f31f9b50e16d2e0c72b942bdbe84eee8e0ef87fa730db1428b199a59d88232","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrJ:++414Jiz6fh6lTqya98HrJ","tlshash":"ca83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:06:48Z","last_seen":"2026-06-20T11:43:37.203378Z","times_seen":25306,"resource_available":true,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/whisper.io.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.964Z","timestamp":1781709526964,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/js/whisper.io.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 14 Nov 2022 02:14:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6371a479-2cf6\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11510,"size_decoded":3971,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"cd3f07764a4c22802d8f1239712aa0a0","sha1":"e2f406fd6868f6f63005ff001df966d61bc32d51","sha256":"f21a092cbe2a6b5a4a9a8730c810b00d5de492f1c69fa3bdd8600b65b00ffad8","sha512":"c9cf119e4a2be75201f922bb7022247965ec2cac8683e261401f009ce29c4454eeb8c043382e941022f24bf8ddcd1f1b18f5ebbd7347e8c922e99eb688508d65","ssdeep":"192:TgvI3y5lyVf1PGQ4vIcf+901E1Mc2bFIUp1jnyEhjxNpA6Q9iUQe:XCr1F+21E1r2JvvjnFNxNpA5","tlshash":"523241287de71857c21370aa9b9b70286174d147958ace007d2cd7ae2ff8730539afad","first_seen":"2026-06-15T11:55:09.765011Z","last_seen":"2026-06-17T18:01:05.954943Z","times_seen":6,"resource_available":true,"data":null}},"time_used":696,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":696,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/index/d3.v4.min.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.415Z","timestamp":1781709525415,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/index/d3.v4.min.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-36305\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221957,"size_decoded":75253,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65471)","md5":"e899651bcf1a3591032d7213daeab171","sha1":"607e02087446eb2efadcbee253db3aca3d794a7b","sha256":"8585db4092b8a9d26201e0d58e343d1b40fa034c4b9c343878923d7649bb1699","sha512":"44927534d0bcf1084deddc29098f2b9bfe8ec48f987503f8f03acb19efde48077e9feb353d7c10924a73cc082825ee1c6455b61802d0a31a31eb5812636c907e","ssdeep":"1536:wJdNAq50g6ds5VIG2pUfpgBU3gPDSb7+CmeoA08h6Vh5Lbg5ECfmDoo5rfIrTGE9:wrN3F2pHSYlyLG1sVAupFmuFyiI7R6","tlshash":"092494ccb682b096936320b0417f244bf33b2d59684f4568e029e9d97c7895e51bbfbc","first_seen":"2023-03-07T21:28:45Z","last_seen":"2026-06-19T13:36:10.06024Z","times_seen":433,"resource_available":true,"data":null}},"time_used":692,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":692,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/ru.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.662Z","timestamp":1781709525662,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/ru.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-b07\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2823,"size_decoded":1059,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPCM), density 47x47, segment length 16, baseline, precision 8, 268x179, components 3","md5":"bf6ba80ad73b1536ca1eaadcf1e6d7ee","sha1":"3655aa6557d155cb171cf75181ff885d7024561e","sha256":"1ba143597a6f749bd4bd2234bf37a6290df1adff1efe8cee9907b7233c6a8b26","sha512":"fb74f5dc8d38d00af7e869a264279a5137b482a65b011f9cdd9d3d3a59acd46fc9913cb9194feff203b147e6ff536af8eab15a16c88c78809df5bf123ef7f1d9","ssdeep":"","tlshash":"be51256eddc17f89db60ae382079a402b2c745ef8d53679c70466e04ee17ab7140ef82","first_seen":"2023-05-22T05:59:44Z","last_seen":"2026-06-20T16:22:07.770264Z","times_seen":59,"resource_available":false,"data":null}},"time_used":688,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":688,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/notice_1.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.671Z","timestamp":1781709525671,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/notice_1.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-84b\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2123,"size_decoded":1930,"mime_type":"image/png","magic":"PNG image data, 29 x 26, 8-bit/color RGBA, non-interlaced","md5":"3d33a2acc4a695c388156dfb3b17a2bf","sha1":"17a540d26242e1fef6f9f5bd868d83f219009341","sha256":"9425f5977651d844092cb3dea8a101a38430bc8230e2dda6395bb653b75e2741","sha512":"a1c0d67fcf5f1474de1b3c331e13d3a078047b25240ef484242cf964a359ead14610967576ca8c7ed109b196447def6bf58d5139627e1916e0bb63266f254a2e","ssdeep":"","tlshash":"0a41e949fa90bc415848f686fde1b1a716178ac4de92d880aceb881b68711f9cd0d8db","first_seen":"2025-02-26T18:00:22.732052Z","last_seen":"2026-06-20T16:22:07.793933Z","times_seen":38,"resource_available":false,"data":null}},"time_used":680,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":680,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/socket.io/2.3.0/socket.io.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.962Z","timestamp":1781709526962,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/socket.io/2.3.0/socket.io.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\nlast-modified: Mon, 04 May 2020 16:16:21 GMT\r\nvary: Accept-Encoding\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/r2\r\nx-cdnjs-cache: HIT\r\ncf-cache-status: HIT\r\nage: 1027403\r\nexpires: Mon, 07 Jun 2027 15:18:46 GMT\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s7wlxFyJpE1UgivG9mKCwe6HtH4zTEr0WDsbLytddtZhBCHVT95h4XSAAyA%2BLX%2B93YR%2FcHlxnXwL9k4pha4VPVuLcdnpr8vjr7cSpPXi6oiHcTbGZSggilLZm73PSUsL8e%2FNxs4J\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\ncf-ray: a0d3075f9c6c723c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":68686,"size_decoded":18523,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32094)","md5":"2316d5f067a1f861d2565a592376fea3","sha1":"a6560c8aed6fc7350e2ca96fcd98211bc18fc235","sha256":"6d09ab65ee323e742b2d363ed6063295f34c06e19f9d3fc72ac0865fef57baaa","sha512":"bfc9e0fee1b19207b7775209b84a3a7493fc2558b2be6b34725cbda676df4714faff7d5cddd456c488b01a73125b06631ca3ae6371159a28ecee4d63cfff5b2c","ssdeep":"1536:ronrZdZLIkYsOH+1+kN4gcUu9n+wkiKYfsD2:reVrLIk7OH+1+kN40inxA2","tlshash":"6263d8c4b6a1209543e721b1416f020b723aa82d250d81acb654d9f63cfcdde762bfbd","first_seen":"2023-03-07T12:12:41Z","last_seen":"2026-06-19T22:41:39.058614Z","times_seen":709,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":3,"connect":14,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/images/kefu.png","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.967Z","timestamp":1781709526967,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/images/kefu.png HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 21 Sep 2022 20:19:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"632b71e6-1e37\"\r\nexpires: Fri, 17 Jul 2026 15:18:47 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7735,"size_decoded":8278,"mime_type":"image/png","magic":"PNG image data, 114 x 114, 8-bit/color RGBA, non-interlaced","md5":"834733bb444370a44f87c4f27979db58","sha1":"e3aeeeab78d6002af544d0a156b02ebf7c60fee9","sha256":"c276773a06ffd97cb34485ab8e74a425297b7babb47eb5fbbb2dc7de7416123f","sha512":"18ae9edfb365e4ee9a35933850c8d7b362b15c24c1d4ca6bc603907a81164af994c7c35d2e8f89c3e5e2ad0be499607531b2481ffd6bcb19f8882c0742274618","ssdeep":"192:wTRoGshFmBuN8j/jib8G+O+uQq+A14KnGdVkDlp:wTiGgoLiwTUqatDL","tlshash":"24f1cf2cef4dba69a7c3382a620aa4c19640238917b87b253fa39157675c4e7e2c050f","first_seen":"2025-04-25T10:40:53.221764Z","last_seen":"2026-06-17T18:01:05.955601Z","times_seen":9,"resource_available":false,"data":null}},"time_used":692,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":692,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/voice/tururu.mp3","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.970Z","timestamp":1781709526970,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/voice/tururu.mp3 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nRange: bytes=0-\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: audio\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: audio/mpeg\r\ncontent-length: 7224\r\nlast-modified: Tue, 20 Sep 2022 04:44:23 GMT\r\netag: \"63294527-1c38\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-range: bytes 0-7223/7224\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7224,"size_decoded":7675,"mime_type":"audio/mpeg","magic":"MPEG ADTS, layer III, v1, 64 kbps, 44.1 kHz, Monaural","md5":"5061b4d134a7b4d5d744f9a127b757a8","sha1":"c5e240ac60d3914cb3836ba6652105c67720b845","sha256":"12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f","sha512":"bbd050943fd3129822d687f7733034989faa672e543d5fcc0f1bfc69f5af9c7ff3a4c6e1cd55011383760cef14351527f6de22cfb91b25e8d2ac201fc9b9c7c0","ssdeep":"192:2DjGr+6EnIPwZeM/BCepDxN8XcqOBO+JlRh:CjfxnIPkjpDP8Xcg+JlL","tlshash":"11e18c1937f3e09ed620177642d43664fcd01d8017e2945b25a8baebf13e3cbc26a961","first_seen":"2023-04-05T10:44:18Z","last_seen":"2026-06-20T11:29:33.716982Z","times_seen":8683,"resource_available":false,"data":null}},"time_used":929,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":688,"receive":239,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/socket.io/?EIO=3\u0026transport=polling\u0026t=PxMATyx\u0026sid=21b12fb6ae8cda410139ecb1","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:48.894Z","timestamp":1781709528894,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=polling\u0026t=PxMATyx\u0026sid=21b12fb6ae8cda410139ecb1 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:48 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 5\r\nx-xss-protection: 0\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":417,"mime_type":"application/octet-stream","magic":"data","md5":"7af80a3ef50f8ab70677275473b1b1b8","sha1":"bbddc27df3428bce641ace40dbd9afc0cd9ad583","sha256":"25d989b3ed89abc5bb5a814c257dc57619d7f45908013cd08aa508c22e4f6a0a","sha512":"f896406b2895b54afa3e80f8b96bb127a6de4a460609d95ec2c1c9da61d138140d156d417380cdf12b3e33a6f2ba13b7c5d0816a06da57dade847932e76681ca","ssdeep":"","tlshash":"093000000000000300000000000000000000000000000030000000c000000000000000","first_seen":"2023-04-08T03:02:23Z","last_seen":"2026-06-20T07:52:33.354341Z","times_seen":753,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/socket.io/?EIO=3\u0026transport=polling\u0026t=PxMAU0r\u0026sid=21b12fb6ae8cda410139ecb1","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:49.143Z","timestamp":1781709529143,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"POST /socket.io/?EIO=3\u0026transport=polling\u0026t=PxMAU0r\u0026sid=21b12fb6ae8cda410139ecb1 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-type: text/plain;charset=UTF-8\r\nContent-Length: 329\r\nSec-Fetch-Storage-Access: none\r\nOrigin: https://customer.cmksaletservices.work\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:49 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nx-xss-protection: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://customer.cmksaletservices.work\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2,"size_decoded":524,"mime_type":"text/html","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-06-20T16:29:48.02255Z","times_seen":427701,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-17T15:18:44.024Z","timestamp":1781709524024,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:44 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: lang=en-us; path=/\nPHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; path=/\nserver_name_session=9932a2e5c64bb5e01dee8449a28b8a5f; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Clipboard.js","description":"","website":"https://clipboardjs.com/","common_platform_enumeration":"","icon":"Clipboard.js.svg","categories":["JavaScript libraries"]}],"data":{"size":28919,"size_decoded":6755,"mime_type":"text/html; charset=utf-8","magic":"HTML document text HTML document, Unicode text, UTF-8 text, with very long lines (1067)","md5":"73d36647f95bfc87e5a8f6cc6c4c201c","sha1":"73528eda19f790da4109a0f31f0b07a50615a128","sha256":"eb928bdbb1de8e815ea6f3abd3388ad944fd905ce8ac05a3cbb18ad8462ab3d1","sha512":"557fc9e556839f917941e9c9ffea30d3fc05fd7a3058b2c7db62b8f4b810c98aaf1329812b6e5194ee4416b5c9a38f3429828480fc917db138c13b5ad794ce69","ssdeep":"384:OtBcZOVTj7pj7DBDyDQIDJDODUiA2eMtMwCBJ+xsKkAe5Nuzcyx9AYZ8vNjHD6p+:acERpXBWppC3A2LMghkAe/uzTQAO","tlshash":"ecd2100090dd4827607250c3a9eaaf2af4dfec76e36e4444b3ff0d5a5f87e08691755a","first_seen":"2026-06-17T15:19:17.5597Z","last_seen":"2026-06-17T15:19:17.5597Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1105,"timings":{"blocked":-1,"dns":53,"connect":252,"send":0,"wait":306,"receive":0,"ssl":494},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/transfer_icon.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.676Z","timestamp":1781709525676,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/transfer_icon.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-13d1\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5073,"size_decoded":5616,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"d63ce6c64c0fafbc3a10db1fb891fece","sha1":"9cf687ce227ec54e679009894fcb79ca659dc467","sha256":"61951c5a1b7bf2f87b32d1459d4b8548890170588439333c0760a7a24ac1f9db","sha512":"92d3ec007508e7a944e50b2830d6df33fc24c04fc6b978ca638a118a6dafe299550411d5f67d4426a841ac06a9879c92edda3c6d9ac64c303098549d10c6f6e1","ssdeep":"96:WJL2OWeH75h6r7MO6SYsfccehbgXzn9Y0xDxIPiR:CLpWkh63NzYsXnj32I","tlshash":"64a18f336a6008a99878759533681a39ffa373383a1e9a91fc02c226551f4d51ed3f9c","first_seen":"2026-06-15T11:55:09.745392Z","last_seen":"2026-06-17T18:01:05.950109Z","times_seen":6,"resource_available":false,"data":null}},"time_used":675,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":675,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/favicon.ico","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:47.148Z","timestamp":1781709527148,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Sun, 21 Apr 2024 03:31:10 GMT\r\netag: \"6624887e-423e\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16958,"size_decoded":17400,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"dd2d033863c3040abc022e3f5cc7e3a7","sha1":"b675776969dfbab997cc8acfc605f979362f5e03","sha256":"63631330f623f45e85e623fb9e25c1cb97a6091ec0e3ed417afd7e71927c38b7","sha512":"cad12cb29c98304b9bc4050faac9176e1969161b417f1b41f36a7a3bd5355e6702e3a1911e8aaeb54260f2b4dcf1bf2e4daf08adffcc1f37c7d36a5cd3fa5870","ssdeep":"48:3bOYOYOYOYOYOYO0O8rpTTTTTTTTTTTTTTTT1K5hZWDE:3bOYOYOYOYOYOYO0OIjQWDE","tlshash":"6a721f13a8d6900bf69fad32eb118248e0d027cfe5b15f0b23859e8547ee4e95b6ce45","first_seen":"2025-02-26T18:00:22.745743Z","last_seen":"2026-06-17T18:01:05.928369Z","times_seen":20,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/carousel.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:47.152Z","timestamp":1781709527152,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/carousel.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-f16\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3862,"size_decoded":1920,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3805)","md5":"f4b94959b4b5ad34cdc1dd2c12a6bd1c","sha1":"303a72c6380c4277062e85eac689d1dc5ebc60df","sha256":"ec7b67ac49f660eae790c97c9e47fd86973a01478947c603f458667fb322351c","sha512":"b4d24dd32769ad42ed0d4e7b61b80c0ef9f41e9d001a48f5bfd3a328e58e715724a2df8bb97e8078e6b1fc44be5ede4b53233f987578eaf9f3d6e0a3ec936831","ssdeep":"","tlshash":"d7811181775f386741972453935f4c0896b719ba9b06d054f2a264fa6dfbc88223eb0f","first_seen":"2023-03-10T09:41:51Z","last_seen":"2026-06-20T16:22:07.837271Z","times_seen":78,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/socket.io/?EIO=3\u0026transport=polling\u0026t=PxMAU0s\u0026sid=21b12fb6ae8cda410139ecb1","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:49.145Z","timestamp":1781709529145,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=polling\u0026t=PxMAU0s\u0026sid=21b12fb6ae8cda410139ecb1 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:49 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 63\r\nx-xss-protection: 0\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":63,"size_decoded":476,"mime_type":"application/octet-stream","magic":"TTComp archive data, binary, 2K dictionary","md5":"5fec536a4b0ed183b6410b04c094153f","sha1":"126ae210ee664c358c5fbeeec1612a318a95690c","sha256":"1b35183900c6e7d2eb3076f3133b3297555589f99245d2ee0d9137097c0663f5","sha512":"51fedfae41a32eeac3bc4b881a8f7646f8d420f2fdedbff0c6b49cb613678787c9530b40b79c9562e218724178ea68f83da8a50c5e2c2bb90c98c6dd367170e2","ssdeep":"","tlshash":"eba002669405c0d48a84a74840f8dc8a764e94607973dba4dd20a675cd585343783420","first_seen":"2026-06-15T11:55:09.707341Z","last_seen":"2026-06-17T18:01:05.959544Z","times_seen":6,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"wss://trustedexchange188.com/wss","fqdn":"trustedexchange188.com","domain":"trustedexchange188.com","tld":"com"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.617Z","timestamp":1781709526617,"http_version":"HTTP/1.1","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /wss HTTP/1.1\r\nHost: trustedexchange188.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-WebSocket-Version: 13\r\nOrigin: https://exchange16889.work\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: g4lAcOArvWiT1iT2Zj8u1g==\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: Upgrade\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Wed, 17 Jun 2026 15:18:47 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Version: 13\r\nSec-WebSocket-Accept: C0oDWZWnH6igF1z3Qo9PJrJyd9g=\r\nSet-Cookie: server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f; Max-Age=86400; httponly; path=/\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":307,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T16:29:48.02362Z","times_seen":16584092,"resource_available":true,"data":null}},"time_used":1175,"timings":{"blocked":0,"dns":257,"connect":438,"send":0,"wait":240,"receive":0,"ssl":240},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/jquery.cookies.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.642Z","timestamp":1781709525642,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/jquery.cookies.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-c43\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3139,"size_decoded":1920,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"de952eda41b0edc0b5c416ee48f7028e","sha1":"dc07de882ab68370534fbf9440ac7b8c068695a7","sha256":"631ea2bc942c1791920270ba02eef37774aa10db3994b4936a2b5f891a970ff7","sha512":"674fd3c9db480ecf8680822131fc80f904ddfb3907a1033ae9ce06019a87ac6f9eb6d6535e6aba0ee0b601d039d55da7e7cd247a67db5cf7bbcb8408116a03d1","ssdeep":"","tlshash":"1b516554b6cc375f07ab22416b6f50aca63cbf72255808dc885965f82c60c37db9bd2a","first_seen":"2023-03-07T12:09:28Z","last_seen":"2026-06-20T16:22:07.834925Z","times_seen":2853,"resource_available":true,"data":null}},"time_used":706,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":706,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/topuser.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.654Z","timestamp":1781709525654,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/topuser.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 803\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-323\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":803,"size_decoded":1311,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"3f3c75169b2cd716de8cfbbdf9f2e877","sha1":"4f3c5478a519927e20de1931ee025cac82d3698e","sha256":"4dd39847a6e213677115d15afd1a0a419970f762ffbb1c61fc5d48dbfd3fa637","sha512":"ca9fffa6ea8fe1734c998b907519431ca73571959a2d5bcda6715cc9cdbd40cafb98d60a1cc1ad6c9e45839ac152284c91d9483f9f03282d89058fab3988520f","ssdeep":"","tlshash":"ff01ca4a0f297475b9384a79d2c7467bd40370be9bbc44050e98ac3c17acb2a4247b7e","first_seen":"2026-06-15T11:55:09.744399Z","last_seen":"2026-06-17T18:01:05.915928Z","times_seen":6,"resource_available":false,"data":null}},"time_used":695,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":695,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/market_icoc.jpg","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.672Z","timestamp":1781709525672,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/market_icoc.jpg HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 22 Dec 2025 08:55:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69490765-6014\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24596,"size_decoded":18899,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1024x1024, components 3","md5":"15667b5b6fdb942ddd11cc5a95db0c99","sha1":"0783321031131bc8b1c03ef4143605a766504fe9","sha256":"43fc0b727a695e776c1edc8feb4e56cda9d14759ae3f4d1d2b9b3ddd2d0f8ac9","sha512":"af1320d61bb0766085cc852ba818c084ed92fc0519a34f540197558cad8184557fc45c374c70e59516a391a5c7c8f45f1f5c7ffb11b30d45a7a7d3349326fa14","ssdeep":"768:9Xr5VuLcKCccccccNNNoCbuvPHUJCL/sEfjaoZK:Z5ocKCccccccNNNoCAP0AwEeoZK","tlshash":"cfb29e5273862442c86922b082c74716feb12d07ab1d959f6f6152170dbe3aefe7c6c2","first_seen":"2026-06-15T11:55:09.738489Z","last_seen":"2026-06-17T18:01:05.957211Z","times_seen":6,"resource_available":false,"data":null}},"time_used":679,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":679,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/White/trade_ico.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.680Z","timestamp":1781709525680,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/White/trade_ico.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 853\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-355\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":853,"size_decoded":1361,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"db0fd4d3f05b27df83fb5759838dc95a","sha1":"97c948cad478f1302485d2719f6911f08d535111","sha256":"8fd0e26f6585963dbd461f5a4eb79f4c58c5ea68fab30b00e2259998f32d4120","sha512":"a9fb85505e168b98dadfe7653243066566ee3432af631f1342d600682beb6018c0c0727e55fea0717376e0f226df45caca3d32c6418e14afea3428f304131aba","ssdeep":"","tlshash":"a70192eb0d62fc1fd886913bf22a220bd2800d45a0bb3003f0a3523220278a722087a2","first_seen":"2026-06-15T11:55:09.739648Z","last_seen":"2026-06-17T18:01:05.957744Z","times_seen":6,"resource_available":false,"data":null}},"time_used":909,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":671,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/mobile/ajax/findcpm.html","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.576Z","timestamp":1781709526576,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"POST /mobile/ajax/findcpm.html HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 16\r\nOrigin: https://exchange16889.work\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: lang=en-us; path=/\nPHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10,"size_decoded":507,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b9e754add75d51d888ce7585dc9dfe41","sha1":"0fd53114199a1a46e887032b7efa05f1fd74c807","sha256":"7a97b9b4d758a3929b8a2be53fbe189c9ba9378d6fbb8190d37f7cc14f5cf5d3","sha512":"6ea97d926607e77cda3275af2c3ba966fd45c1d4b4aa97b53d63a718f0941d93c1d4e67939885740dc6bfd59a0021ed049073ddfc61cfd0e8a5553efb449b539","ssdeep":"","tlshash":"2f500000003c000300030000000c0000c33f00000c0000000c0c033000000000000030","first_seen":"2023-04-06T21:01:20Z","last_seen":"2026-06-20T16:22:07.777375Z","times_seen":5326,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/socket.io/?EIO=3\u0026transport=polling\u0026t=PxMAU4r\u0026sid=21b12fb6ae8cda410139ecb1","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:49.400Z","timestamp":1781709529400,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=polling\u0026t=PxMAU4r\u0026sid=21b12fb6ae8cda410139ecb1 HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:50 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 4\r\nx-xss-protection: 0\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4,"size_decoded":416,"mime_type":"application/octet-stream","magic":"data","md5":"441a4d8bf810d1ff36b95fdcafeeee55","sha1":"2ecef35d13f170e4bdc9956e39460add73be4029","sha256":"a9a2f1dd042cb6f1eded53dc0a1c66ed8694fc093dc3520cdac1a541d615d474","sha512":"835d4fc74db215487aa23ec965d75374d3a7efb0561af331bd75c5921511b2022f2038cb18f4927c451b37a63a740baad35e16cbecb0750622d0779f25eab411","ssdeep":"","tlshash":"84300000000000c00000000000000300000000003000000000000000000c0000000000","first_seen":"2023-04-08T03:02:23Z","last_seen":"2026-06-20T07:52:33.304404Z","times_seen":932,"resource_available":false,"data":null}},"time_used":1008,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1008,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/js/jquery-3.4.1/jquery-3.4.1.min.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.396Z","timestamp":1781709525396,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/js/jquery-3.4.1/jquery-3.4.1.min.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 30 Dec 2025 02:16:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695335e1-15851\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88145,"size_decoded":31435,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"220afd743d9e9643852e31a135a9f3ae","sha1":"88523924351bac0b5d560fe0c5781e2556e7693d","sha256":"0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a","sha512":"6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"338319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-06-20T16:22:07.774055Z","times_seen":134317,"resource_available":true,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/en.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.658Z","timestamp":1781709525658,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/en.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-740\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1856,"size_decoded":2393,"mime_type":"image/png","magic":"PNG image data, 49 x 32, 8-bit/color RGBA, non-interlaced","md5":"19e8aa640b1d129c94e299dfd580f210","sha1":"ccfa030c16120a11d224fa1ba72afd55f0776523","sha256":"7385aee2de7d89a525b33e6ff1e8c1246de9234fcc7346f5877ee7d3301f8ca1","sha512":"6ca9e3f44d4ce8a0f7734c8f814138fe54c3224f08905a6e0634f36f1c4de6ecef43281df8a7b29f473300a1096565b148ced5e51fb23b050457c63714af11c3","ssdeep":"","tlshash":"e4311bb469a26052fa5e2ad4be1045df4ef89c0605d89251e60645e13c9eef19f0c437","first_seen":"2023-05-06T18:37:16Z","last_seen":"2026-06-20T16:22:07.821989Z","times_seen":429,"resource_available":false,"data":null}},"time_used":691,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":691,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/plugs/layui-v2.5.6/lay/modules/slider.js","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:47.150Z","timestamp":1781709527150,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/plugs/layui-v2.5.6/lay/modules/slider.js HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-1bb3\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7091,"size_decoded":3033,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6929)","md5":"6c35742db2e72cd4f30cefa23690ecf5","sha1":"b50d4268f547cefd984c069d276c956feef395e8","sha256":"2fdaaa9935b2d19fb54e0798e6e42fc3528d1b2772b46b9aa8731b1ab6947609","sha512":"44d0ab3649b35cec891738e6eb4f28d1857fcb900e2369b9395ea54854717108268c8ce729591923fb094cfe1b34dc0f9b2e9bf35b17b77f34c479ef80deb391","ssdeep":"192:z8Syuw2bmz0DLKypMjYXVp5D8IlM/eq9zwtyd4UduKN:z1yuw2UOPSBMj8/","tlshash":"53e19615314ab5732172c263b59fc84eb2f20779b303c564a6a540a51ebece82b37f63","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.771646Z","times_seen":117,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/lay/modules/upload.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:47.928Z","timestamp":1781709527928,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/layui/lay/modules/upload.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:48 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-1b3b\"\r\nexpires: Thu, 18 Jun 2026 03:18:48 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6971,"size_decoded":3340,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6690)","md5":"8b670942bffbc1a655a2f7c8756a5e07","sha1":"e7d280a54e16ef6a20e24c5b07d741990fd1fcee","sha256":"6d3798f3329ff1ed18a541200a93d70c593877b0be9c17de760078495fab9f18","sha512":"5d77c10d92421f529b460faf5ea0bec6fb3896100c4795623d285c78695bb29f2b9854414ffa1053d5b434613e028d6c5a30653227310c07dac535b2f6c77021","ssdeep":"96:yjcpeth5uITLksYbox16qpR40xBggngZXgx9ugHFS36ZuCM3ga+jhSzZ5IOg:yV51NPxs84cgRgTdkyi3gP42","tlshash":"dee1a59ab908b82361b330e5014f420d257f055f550ac6c8b193d5caaebed1a11a3ffd","first_seen":"2023-03-09T22:19:33Z","last_seen":"2026-06-17T18:01:05.914328Z","times_seen":47,"resource_available":true,"data":null}},"time_used":234,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/lang/en-us.js?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.398Z","timestamp":1781709525398,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/lang/en-us.js?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 970\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\netag: \"66248882-3ca\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":970,"size_decoded":1489,"mime_type":"application/javascript","magic":"ASCII text","md5":"26fd80f238136ab70ac2545308240972","sha1":"9c53209dece13d2ea508801018e17a48ab20ec52","sha256":"4bc90ecaf4541f9f71e04744f90b02ec404ddb22aab1dac753d96e171e1c1185","sha512":"efb3db97c63e2cd7d447f8337e3b29c7cf369b261eadab75aa887d196feb57c4e44d0f1f2a96fb82190673acddb1c8735221617f1d6d1e4c119dbf4b5c0cd10d","ssdeep":"","tlshash":"87115c55520c9494050694cb76a716c5df8540770981768ab7dd81dc7f8bc2be2f7189","first_seen":"2023-05-07T20:12:38Z","last_seen":"2026-06-20T16:22:07.838233Z","times_seen":116,"resource_available":true,"data":null}},"time_used":708,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":708,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/index/images/ar.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.664Z","timestamp":1781709525664,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/index/images/ar.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-aa1\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2721,"size_decoded":2142,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 268x134, components 3","md5":"e0205f30c0fe26018d0370dc1933582c","sha1":"485c71cb9e473e70f69b98a1aa754ab80974665d","sha256":"70ac6f473e35e7785fba3ba68c15fe9c723a4b4e68fd3d770df4d49ba9800a27","sha512":"d48a8c1f01521c7a543c9cdbe0a118f4c5a8a2b923048f5a167d407d3f29be2f29fe48b16db2f4f71d2cc08fc0100b1cc40c90b7e7311e900e1e47246cb17a5f","ssdeep":"","tlshash":"cd51d7242f96a229d295b37f85870b04c2bb1fbe472022070dd7a154e937460dc6f364","first_seen":"2023-12-07T04:32:25Z","last_seen":"2026-06-20T16:22:07.789508Z","times_seen":46,"resource_available":false,"data":null}},"time_used":686,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":686,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/customer/css/whisper.cli.v2.css","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.949Z","timestamp":1781709526949,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/customer/css/whisper.cli.v2.css HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: text/css\r\nlast-modified: Sun, 13 Nov 2022 16:02:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"637114f8-2bf4\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11252,"size_decoded":3543,"mime_type":"text/css","magic":"ASCII text, with very long lines (597)","md5":"29946a925c1d877408bbd61d4f6b5e52","sha1":"cc43a29b0b7701d4e708a01bc2ae9b68705745eb","sha256":"0acdd30b79e35a36396de82b45ed573f73ed587a4193f00c3224bec8fcb3e429","sha512":"bfb556c0b93976a611c57ba171e7c0ec936b1e9f427dad0eab47dac15dc33ee310cf984c9205dc14ebbdc2001d9834d30684771b89f59c326288d9c3ab334c21","ssdeep":"192:TRtsNPYarS0rDDEP0dArs7PTvY9n/V+IxISXvXpI5M:MNPYO7umO","tlshash":"613262b79b630a52b41b995c2faa934a237490638109c47c3fc6b71c8f864dd95f3f98","first_seen":"2026-06-15T11:55:09.757973Z","last_seen":"2026-06-17T18:01:05.944006Z","times_seen":6,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/customer/js/whisper.cli.io.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.964Z","timestamp":1781709526964,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/customer/js/whisper.cli.io.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 01 May 2024 17:55:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66328214-8dbe\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36286,"size_decoded":9116,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"d7c4e246b0c9be4ebc6eb8bf68d95362","sha1":"585de1b523016dfa50dac830de72926b31fe4f3e","sha256":"f6caa0a9dd763cd2ebaa79f09b291c5281e0eccf998bc0c27408fd0860aac635","sha512":"7404acff6c778a376af7048b5a6dcbbd26219b6acad7b4b5803cbb105e09c1f68c89a709cabea9e2f47b7b30de3cbe05fbb2269b53e60077c65cc1e2828c3f14","ssdeep":"768:W/SI3zn26FYeDQ8iajwVy0w6VZaRhZRIpW:W/Ssn3FYeDQ8iajOt2hnqW","tlshash":"79f2530ca5f72420517330b96f9fa414ad26902b150dee14be5c9bc4afd89bca2e1fd9","first_seen":"2026-06-15T11:55:09.713716Z","last_seen":"2026-06-17T18:01:05.913675Z","times_seen":6,"resource_available":true,"data":null}},"time_used":694,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":694,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/css/layui.css","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.946Z","timestamp":1781709526946,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/layui/css/layui.css HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-10f94\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69524,"size_decoded":13372,"mime_type":"text/css","magic":"ASCII text, with very long lines (65479)","md5":"fc1db8eb1b3ddf7858e9fffc6618c54d","sha1":"8ea56b2f234df8feb4b5ad78b3bd0941da7e259e","sha256":"96e29e036eb99f9b9f27b08329d988b6cdf52d0c709713e3f49f5b7ae8f3596a","sha512":"2baa2f43956f3d00aad243fd73a1670d1d30c8bac5b90345a7614f001c5e44ca0134909e05a976abdb11bb5fdb6e0b87c6e17150fffe5755f1a1e7a5d77f473c","ssdeep":"768:znnWYcf/AskRzyclDj1JpZlwyQaIYKsR3zdVhlu9Tr1BpRDfKl6G6nI4wdg7n7qv:zWYcf/AUG6dwCKnaXqr","tlshash":"a1639532e6112c957a2bd215b1ccbdbda0745512ea634e6df3823b2bc7848971073f6b","first_seen":"2023-05-17T17:59:34Z","last_seen":"2026-06-17T18:01:05.954332Z","times_seen":354,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":240,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/common/js/jqueryWeui/weui.min.css","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.952Z","timestamp":1781709526952,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/common/js/jqueryWeui/weui.min.css HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-c759\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51033,"size_decoded":11892,"mime_type":"text/css","magic":"ASCII text, with very long lines (50917)","md5":"0583e2c0d972f0dc8da2044894a703cf","sha1":"c734da7862c4c3ea4b7a634aebf30b962aa78193","sha256":"dd0e864bd7605658db1930286ef3ade510f8e61bacf8300b2e55ebd652cf6015","sha512":"3e7169109bca105ed7bd342aab99c05b2af696c00e06a418181bdc071059eac4a1158640a168ae80ccdff8431bae5e10d4c0197cc8581b872453148622ceb789","ssdeep":"1536:Ap6Kyu+1bZLhxtqPqjsKOamrfNy6rLQ+0b0hCeODOHMOH8wxAp2pY1zZI5pELD:Ap6KwXD","tlshash":"f533a53757493208b22fdb0ee7c66e296f28f11384630beef6053519cb8659a65d730b","first_seen":"2023-05-25T08:01:00Z","last_seen":"2026-06-17T18:01:05.897857Z","times_seen":81,"resource_available":false,"data":null}},"time_used":473,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":473,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/css/style.css?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.383Z","timestamp":1781709525383,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/css/style.css?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Nov 2024 12:21:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6728bc38-58a6\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22694,"size_decoded":5646,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text","md5":"7accb4cab9dc466e93fdc227629d44da","sha1":"8a259b90815877a701d0a58d5dee50ead13fcfaf","sha256":"2fd466c71b96726adf59dad3032676aa6114ab8f6f33e8e89d80968b92f72cf0","sha512":"07536dc3ea3fa26478cfd2e06b52e8f9c1b6550b4b91d848c4b3c8a11b3e00bf6ac1ad20f3ac7cf5a848a2d52fde386d2b465ea4cf0e870de91bc35a335ac4ca","ssdeep":"192:MI8pwCzLGbV81/uGzsYyh4OKImsk9Lz7Po7fKaucG5oojo4CUY4o+hnMD6rFd1VK:MYC681/bzsVKFHo7IcGDDfF+ax/FIz","tlshash":"efa2842b77021c46b116d0b6ee6da7b1b33d5413a94f9eb4f588312dcbc089590b7b8b","first_seen":"2026-06-15T11:55:09.75485Z","last_seen":"2026-06-17T18:01:05.961532Z","times_seen":6,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/css/white.css?v=1.1.1.6","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.393Z","timestamp":1781709525393,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/css/white.css?v=1.1.1.6 HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Nov 2024 11:38:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6728b23e-2c8e\"\r\nexpires: Thu, 18 Jun 2026 03:18:45 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11406,"size_decoded":3515,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (304)","md5":"cab8a20a4b84b3bd4b66de4186395482","sha1":"e8552b8dc46693201e01a9e63732111cab07083e","sha256":"3cca5df2a34261e65d0f0179f0690008e8e0e141c6c852c66b4311f8d470f4e1","sha512":"270b70824b7b632b91c5be8abd8bb4eb3c6c7140d83e80eff7b1e3c8eb9ab704be6e7a7b59633551414c1084c60bbf9efb05d0f9e601b00eb1e278a837e6ec75","ssdeep":"192:An7gNuIDsvm2crXHtuGhBy9tKSULXHW+Qy94zVz0zoOqMg6i3M9EiI5L/R+c:c7gN1LzhuGhByTzB+uzVzPpMti3uyL5j","tlshash":"2b321e12e3e71c87302bc4a42a2ea770773ce193840e5b7d3b95f2799fc45d498b2956","first_seen":"2026-06-15T11:55:09.718111Z","last_seen":"2026-06-17T18:01:05.952221Z","times_seen":6,"resource_available":false,"data":null}},"time_used":469,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":469,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/common/images/icon-download-green.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.668Z","timestamp":1781709525668,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/common/images/icon-download-green.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248880-58f\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1423,"size_decoded":1659,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"c73e4d7655f7710b260ba5a08c292232","sha1":"9e031307ce5015b7ee0ff964dff1f1e06efb0bc4","sha256":"949055b3715f77431067bbb0f156f84eb9efb09341335613562b1c03f93ac5dc","sha512":"32de3af5ce9453e34d68d6287e78cd9daca4f8da7118fae9a5a929285d40b0dd2af2d62c92fa1708f9083f0e6b638c7494e4ef11f770b3be63b8803725ecefb1","ssdeep":"","tlshash":"5821b94fed51345166daf58738f6147799220450aac0e14dacdfc0072bec1b4a82d4df","first_seen":"2026-06-15T11:55:09.748726Z","last_seen":"2026-06-17T18:01:05.93271Z","times_seen":6,"resource_available":false,"data":null}},"time_used":683,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":683,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/upload/20241104/dfe3947f252c3b098cd971a5081a8ac9.jpg","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:45.670Z","timestamp":1781709525670,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /upload/20241104/dfe3947f252c3b098cd971a5081a8ac9.jpg HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:45 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Mon, 04 Nov 2024 11:27:17 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6728af95-2f460\"\r\nexpires: Fri, 17 Jul 2026 15:18:45 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":193632,"size_decoded":179312,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=12, height=525, bps=0, PhotometricInterpretation=RGB, orientation=upper-left, width=1280], progressive, precision 8, 1133x525, components 3","md5":"c9c94443c0fc9679f0c8f9408a7cf6a5","sha1":"205bdc9e255173ba6a78c0b08025aa35103a4b3c","sha256":"cd1fb886ef6c5228e29ba4fbcc802f5be923cbeb9f6142c0a201c2a05c23b2d7","sha512":"d87791afa7cc9d6f99bdab5ef696b7f6def9fc94dd2157b9c6b60a6245a70d85a0a5b7063ca7cca796c2cdc9f6d9cab0f758a59c43dd62704094c06579c7c589","ssdeep":"3072:gM5Me5aO5MYTVDO2T51g121Svo6fh0PmUl/MeIPLaZJBB7SnLA0Rofv1KsuLjMd:gM7hOYl9516vdfh0+UlEeuIZELgsnU","tlshash":"2e1412667a988dd3d747193c16c4d790e1e16b3537633680ba1cb2b8bfa37611a2c392","first_seen":"2026-06-15T11:55:09.756526Z","last_seen":"2026-06-17T18:01:05.948773Z","times_seen":6,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":681,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchange16889.work/static/mobile/imgn/bar-left.png","fqdn":"exchange16889.work","domain":"exchange16889.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchange16889.work/","date":"2026-06-17T15:18:46.160Z","timestamp":1781709526160,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trustedexchange166.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:29:51 GMT","end":"Thu, 20 Aug 2026 03:29:50 GMT"},"fingerprint":{"sha1":"7E:E5:40:01:F3:87:90:1E:7F:32:8C:79:79:D2:66:26:AE:0C:7B:5A","sha256":"15:5B:C5:75:72:05:52:ED:87:DE:18:AA:1D:52:4F:C9:1B:4F:1C:A8:DD:BF:B0:75:55:31:C5:41:A9:A6:83:18"}}},"request":{"raw":"GET /static/mobile/imgn/bar-left.png HTTP/1.1\r\nHost: exchange16889.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://exchange16889.work/static/mobile/css/mobile.css?v=1.1.1.6\r\nCookie: lang=en-us; PHPSESSID=ac7e50ed368914b8d6a9d920d0e84d59; server_name_session=9932a2e5c64bb5e01dee8449a28b8a5f\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:46 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 21 Apr 2024 03:31:14 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66248882-7f9\"\r\nexpires: Fri, 17 Jul 2026 15:18:46 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2041,"size_decoded":1822,"mime_type":"image/png","magic":"PNG image data, 210 x 16, 8-bit/color RGBA, non-interlaced","md5":"3534398517d4c701b134c0b54373012b","sha1":"8059eee19b3eef33d698f232c7986943835978ce","sha256":"2792e2bc2f685e496ea34677dfb172585e80f7c346994836e8a82caefa6638ca","sha512":"39b6e50b92170da611ac8bf6475a996f20b56f964fd9b6dc03ab8d445d5869d9f5c45a8b3c13cff5f3d9e7227cb70a9abc55257b08a4a4dda5d2e6af10632da1","ssdeep":"","tlshash":"2641b389f9519a02350df746b9faa0ab663743c4cac08591bce24b63a0711fccd1c1e7","first_seen":"2025-02-26T18:00:22.72948Z","last_seen":"2026-06-20T16:22:07.768697Z","times_seen":37,"resource_available":false,"data":null}},"time_used":682,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":682,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-17","alert":"Sinkholed","trigger":"exchange16889.work","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"customer.cmksaletservices.work/static/layui/layui.js","fqdn":"customer.cmksaletservices.work","domain":"cmksaletservices.work","tld":"work"},"ip":{"addr":"162.245.220.33","port":443,"asn":150452,"as":"LANDUPS LIMITED","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17","date":"2026-06-17T15:18:46.960Z","timestamp":1781709526960,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"customer.cmksaletservices.work","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 03:30:06 GMT","end":"Thu, 20 Aug 2026 03:30:05 GMT"},"fingerprint":{"sha1":"7C:75:54:56:B6:C3:89:29:BE:76:D8:EB:6B:CF:FA:FF:49:82:66:79","sha256":"FE:4E:49:F3:82:06:E7:D9:66:58:1F:0F:BE:23:F4:85:32:F0:C9:09:32:7E:D8:21:83:03:41:FB:9C:37:34:EC"}}},"request":{"raw":"GET /static/layui/layui.js HTTP/1.1\r\nHost: customer.cmksaletservices.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://customer.cmksaletservices.work/index/index/clibox/u/5c6cbcb7d55ca/t/1781709526/tk/f37f73f28da9d53de3f0d9dae15e1f17\r\nCookie: server_name_session=3c647ba2430e42c61aacf9d76ae2051a\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 17 Jun 2026 15:18:47 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 30 May 2020 08:14:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5ed215fc-1a0b\"\r\nexpires: Thu, 18 Jun 2026 03:18:47 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6667,"size_decoded":3432,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6596)","md5":"d9328fba9720a5a8444146e458ec6d1a","sha1":"c70b26c4fbaaf89c8ceed3df16baa2aadc1a26e3","sha256":"a25d71fd2f5fc0c05e62dbdabd1a1fe3191ec0a90a03d546a9527355fc8e2ac6","sha512":"65271016f1a6cf6fef6d42940399aa6155d67cd4e46789f3b2e18655dbe72bad69ff41a59f8b8f2cade733e2c6f832ca5a2fa4b6a56f9ccde1174bcdf2938d31","ssdeep":"96:s3y+aD48Dsp21ORbCkShS60OGeRr7UHL+XsqUuN8x70Acgc:yytDXo6VRKKXjU+8x7SR","tlshash":"5ad1c69cfab27092477f3165766f801ea7bb40ad285c4490e1cad8e52c72cad4377f58","first_seen":"2023-03-07T12:58:51Z","last_seen":"2026-06-17T18:01:05.912448Z","times_seen":383,"resource_available":true,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}