{"report_id":"615f36ab-d7cd-4ac8-bccd-a49a2ef8d801","version":6,"status":"done","tags":[],"date":"2026-02-27T14:01:43Z","url":{"schema":"http","addr":"123.bmt-whatsapp.com.cn","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":0,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"title":"WhatsApp Web","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"123.bmt-whatsapp.com.cn","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":0,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-03T14:01:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-22T22:18:02.864626Z","alert_count":0,"request_count":1,"received_data":7280,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.xdgkg.net","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-22","domain_rank":0,"first_seen":"2026-02-26T11:40:52.336419Z","last_seen":"2026-02-26T11:40:52.336419Z","alert_count":0,"request_count":1,"received_data":3689,"sent_data":419,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ipapi.co","ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-02-25T13:40:07.535585Z","alert_count":0,"request_count":1,"received_data":2490,"sent_data":447,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-02-22T22:27:51.54973Z","alert_count":0,"request_count":2,"received_data":30125,"sent_data":904,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"123.bmt-whatsapp.com.cn","ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-02-10","domain_rank":0,"first_seen":"2026-02-27T14:01:44.206929Z","last_seen":"2026-02-27T14:01:44.206929Z","alert_count":75,"request_count":15,"received_data":3617854,"sent_data":6773,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/geo.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"dcff165d53891827c5c71848eff64b7f","sha1":"6612fccb345e8a671f00231bf0c8f54011aed369","sha256":"5cc91e4434699fc73301ad667abc1acebc7ab13f8dc53993c0fcd7e5dc9e5095","sha512":"7b43037f157219d583ca1e95c01b0bc34ce7b4674cc5a617d5452b749b7e050ed8deeabee1f57c145128b10041a7e568abbd2f0de528a0821f9766ded29a5cd5","ssdeep":"","tlshash":"5a51418c24b72a8c09a732ecaf3b7541627846572488dc4abbbd43442fd436d87a27d6","size":2889,"data":"","first_seen":"2026-02-26T11:40:56.758685Z","last_seen":"2026-02-27T17:55:43.774889Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/uuid/8.3.2/uuid.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/uuid/8.3.2/uuid.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2933\r\ncf-ray: 9d4836b5ae078be6-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5fe06b73-1fe0\"\r\nlast-modified: Mon, 21 Dec 2020 09:31:31 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1427641\r\nexpires: Wed, 17 Feb 2027 14:01:21 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=3ztvYXRSS3XmAd%2BW3lBqFzsmXJdd%2FDFHg6akEH2VFOEpgcTukKoa9gX1tsXiUw6%2B%2BBcXHe0vjNWyICcn1dMjndaCqEk0tY3cGS33%2F9g5m103T6Zn6GAqMjpuBOa5JTwssAijzWQ1\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8160,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8160), with no line terminators","md5":"50fecb6517141ce734bdc903aeb7aa6d","sha1":"ffce0e94a0a6f3b661942c5f9344e709773ec44a","sha256":"c5df6d9704bdada96df0770523058f395192ee9d1fe13880eb1d57dfe6417533","sha512":"50d3359e302038551aef86746c00f002af206d372a642f048f8c4f4b3a6787497a28c7afc2f901bdb95d17db91fbea8a789f8c3991d18d5d47663a11be30df35","ssdeep":"192:NT/XsoaxLo7L1AsLVllMA5/VYZncbsPYxb2g9n/m5iCyK08l9l4E+kghMnf4W5Qe:VX9aNo7LWsLPnYZncbs5UeiCyK0Q9l4W","tlshash":"d7f193ac6c8960afc3ef1e5d18aa304b72f07511244d8415f2a5b9fa1490eff9b36e1d","first_seen":"2023-03-29T21:08:33Z","last_seen":"2026-06-08T18:39:07.250025Z","times_seen":757,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":1,"connect":12,"send":0,"wait":21,"receive":1,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/static/js/main.c5971098.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.545Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /static/js/main.c5971098.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-f042d\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":984109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"f14fc7eed6309044bdeda3e1aca89266","sha1":"e27143a7a327701aadfb6b47be812336531f4108","sha256":"667cdeff96b0201dc11142a7e77727024e36e1cfec3258be9e31a411e6a1078e","sha512":"4eccbf0e21985c797bc8adf0d6ff799dee2bf1055d10b68922a2a611794a871cde04fb32699c47a11cc0731d311cc3e09f3f1913faf3676343d6c143c13711a7","ssdeep":"12288:dtaHIiaOr9ntZ8HGGzpL+PTwC22vqahQbqzfTBifFo4FXJrNh+bbOIAgmp5t0:dtaIK9FTw4","tlshash":"b42509d9f63ca73561e56375589fb38e2a2c3857c80c867876d3f88e22799d4316af00","first_seen":"2025-10-21T13:04:17.74638Z","last_seen":"2026-06-04T12:20:47.292218Z","times_seen":34,"resource_available":false,"data":null}},"time_used":774,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":774,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/default_icon.png","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:23.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /default_icon.png HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:23 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-7fb\"\r\nexpires: Sun, 29 Mar 2026 14:01:23 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2043,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 194 x 194, 8-bit colormap, non-interlaced","md5":"6bb288b8ba772471f23cee4f99b54c08","sha1":"f72bf6750892a25cc40b590bafb2038109bd77ad","sha256":"3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27","sha512":"f63a442fd8a131c6b22d0a2a398d195dbc2a9c5a08a4d88c4959739df1be0df9aefa2605b11633d5ff58f40f8b8afdcc5a7b1caec31bf188a110691ec43c5350","ssdeep":"","tlshash":"26411825c7cdec6570e62c388961a3d4cc1481ed1601348a4d03d5168363e477ae82c7","first_seen":"2023-05-01T22:02:17Z","last_seen":"2026-06-04T12:20:47.297158Z","times_seen":3086,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/geo.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /geo.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-b49\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2889,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"dcff165d53891827c5c71848eff64b7f","sha1":"6612fccb345e8a671f00231bf0c8f54011aed369","sha256":"5cc91e4434699fc73301ad667abc1acebc7ab13f8dc53993c0fcd7e5dc9e5095","sha512":"7b43037f157219d583ca1e95c01b0bc34ce7b4674cc5a617d5452b749b7e050ed8deeabee1f57c145128b10041a7e568abbd2f0de528a0821f9766ded29a5cd5","ssdeep":"","tlshash":"5a51418c24b72a8c09a732ecaf3b7541627846572488dc4abbbd43442fd436d87a27d6","first_seen":"2026-02-26T11:40:56.758685Z","last_seen":"2026-02-27T17:55:43.774889Z","times_seen":10,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Josefin+Sans:100,300,400,700|Pacifico","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css?family=Josefin+Sans:100,300,400,700|Pacifico HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 27 Feb 2026 14:01:21 GMT\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6594,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f82d6a7e908d25d763e7b0a80d536dc7","sha1":"ee7db82aefd59cad74d3bab9803c18ae0edca05d","sha256":"902aaffa5db55ff5ea6622fbc81cf6d1715b2d200c933b035e286df7e9f4d546","sha512":"bc52410aea4a4e71dc233700f7ef7209ed472ddbeaa7c91ac31742645ea0f6b4e9a3a01f5efe75b306028f44b9480394870f867f728062a5218bb0273f1556d1","ssdeep":"192:cg747jn7zAIj1zpRj0zksj5EZQrZWYZJZ6RpZ1:cgEP/dYd0t","tlshash":"78d113d1042be690a7831dc223ce7d329e8fa15934418975affe18ccec56c3a6361b4d","first_seen":"2025-10-21T13:04:17.749691Z","last_seen":"2026-06-04T12:20:47.286326Z","times_seen":35,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":133,"dns":1,"connect":8,"send":0,"wait":19,"receive":0,"ssl":157},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/lib/moment/js/moment-2.20.1.min.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /lib/moment/js/moment-2.20.1.min.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-c98f\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51599,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (51599), with no line terminators","md5":"5ff1de69e6fd137a6dd511205ea7c49e","sha1":"91a29a02cca99f32598f7b5764c610ab3cc89fba","sha256":"001564a706fd2bd3f1b9bbd1ac732493ac2659c207504f5e0713592d7610f389","sha512":"419fa651f350826ebb4ef5f375352a504886638e1d1394ef5d18197ba45d8e48d12fc99596da7fbc7530ec23f6f46c81706c2743971724200da8f3f43c9af0a4","ssdeep":"768:RmEj5IyZrV7dmUJ8/HhbmINN3vhg+XVspjiCumS5vcAKR1DC:wKxrV7d3g8ixXVspCmcti1+","tlshash":"cc3393ca3646b112176622b5083f490bf33d5959680f0d1df508e9e93979c6e827bfbc","first_seen":"2023-03-07T01:07:40Z","last_seen":"2026-06-08T10:57:55.282669Z","times_seen":846,"resource_available":true,"data":null}},"time_used":781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":781,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/js/BootstrapStep.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /js/BootstrapStep.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-12e8f\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77455,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f76c1d59b412927131d2bdd64cac8be4","sha1":"3311c13fa7175af40427a8af270c647ec6c6fed0","sha256":"c2ade901c6e6b1dfd488789d9d013f0094b084eb65f4caa39fc6c4507c0cb60f","sha512":"90f61851503490e9c270b32b66a7bd334636ba2df959f131ab6622eb97e78a2c40261c79dc38f5049b8150bbfd85d669bcbd212e52c1fdfbe2c3278e738bf3c4","ssdeep":"1536:EM52C9Y2mVGNl5CThrtQLxL5sYpfWFt/JBOyKAWEBTxOZ8GdRcjR+BvF+ShvZIIk:EY9Y2mVGNl5CThr2vsy+BBzKTEBTxO2p","tlshash":"df73838577c6b8c1124767b7b32ab1e5e82e5cdd3088088ff544bc98f5b9916fae0931","first_seen":"2025-10-19T01:16:14.611698Z","last_seen":"2026-06-04T12:20:47.296651Z","times_seen":109,"resource_available":false,"data":null}},"time_used":779,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":779,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/static/css/main.70a4cba9.css","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /static/css/main.70a4cba9.css HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-bed1\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48849,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (48804)","md5":"77cc9786f613a5c5e066fe5c7b03ea27","sha1":"aaa304115426043fbba9058aafae72e0ba9f96bc","sha256":"c24ca2ad316ea0b4a3cf668f5c2c5cb472f37fe3abcce430ea71e30954d27193","sha512":"22553f86319d29245253de82f8229e86b7abc7c9b3e7a06716c91aa685a0f5befb81d43cbf15741a9f64f8d6b61c9e41f099a15e2bab083a01b84ec60c678f10","ssdeep":"768:JtS5VDrE2drkjGyXibfL3bH19TSowv7FONGBwApyS+tJOrYw:u/02Fkj74LbH19TSoGT5YS+tfw","tlshash":"262352181bc910eafd17dd72a0e467d0613ea208e4290bbc8459b5aff1c76dc477bda2","first_seen":"2025-10-21T13:04:17.731949Z","last_seen":"2026-06-04T12:20:47.299433Z","times_seen":34,"resource_available":false,"data":null}},"time_used":795,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":795,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xdgkg.net/script.js","fqdn":"www.xdgkg.net","domain":"xdgkg.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xdgkg.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 05:51:57 GMT","end":"Mon, 25 May 2026 05:51:56 GMT"},"fingerprint":{"sha1":"1B:84:01:5D:10:77:07:3A:89:54:DD:AD:CE:84:02:7B:C4:9C:03:E7","sha256":"32:22:27:EE:C9:69:94:50:A6:E1:EC:8E:2F:B6:2A:0F:14:FD:03:4F:E0:B9:29:22:B9:2B:6B:2D:45:50:06:11"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: www.xdgkg.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-dns-prefetch-control: on\r\ncontent-security-policy: default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' ;\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\naccept-ranges: bytes\r\nlast-modified: Tue, 24 Feb 2026 06:59:28 GMT\r\netag: W/\"a80-19c8e721bee\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 15925\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oCTMCmbemk5u3J9tksrB7V%2F8tZMOpP%2FDwT8lHvK1Dn3ezNwSOr4WUt0czVgp0Fz5QdnSKVYNzq8EN8WqU7h5MdB6hZwYyW8YX3ib6Js%3D\"}]}\r\ncf-ray: 9d4836b59a374435-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2687)","md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-08T18:54:31.168521Z","times_seen":4246,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":7,"dns":0,"connect":8,"send":0,"wait":18,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/lib/jquery/js/jquery-3.2.1.min.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /lib/jquery/js/jquery-3.2.1.min.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-15283\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86659,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32058)","md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-08T20:45:04.429992Z","times_seen":93207,"resource_available":true,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":785,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/js/UpdaterPromise.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /js/UpdaterPromise.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-12494\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74900,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b751955868ca22533228a0b00b202246","sha1":"d2009cf3ce2d3fb12801fd4904f0f1af0dbb4f90","sha256":"6f5ddd748ae17d89c950678f62d8583aa7fef592597a29305df5cf0af1a691a4","sha512":"846d9030528ee05e44bed9e63c2ab5e570df85a2638c6f052549f6b677647f5b763d6761c19707595c79ef2f46b6a87cf3d34a57cf98107010f341b0b7b14043","ssdeep":"1536:JMN3MzMq3sfeJGS6q1h7lF/af9l4V3aiJLMFUZGARy9:J43+GfAxvy1qqilMoy9","tlshash":"da73528077d1b8c102875bb6b72bb1e6f82a5ce9b1c5484ef500f898f8b9915fed1931","first_seen":"2025-10-19T01:16:14.590733Z","last_seen":"2026-06-04T12:20:47.283603Z","times_seen":109,"resource_available":false,"data":null}},"time_used":781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":781,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/js/WebSocketClient.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /js/WebSocketClient.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-220b3\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":139443,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d26219a6baeda6762dccb88c3cd692a8","sha1":"c3e5f409115d29e117607cc2eca6ef5317af210b","sha256":"e597eb5fcb211106d53ea3940d0bde89b178b093c12ada9de57f81169302ffca","sha512":"6db1170ab0c4571fc3aeed48e785dbf62bc3d03564d1c9b0dee993134db75bf85dea93e345ef801bbb7bc384446c1894705da2725900e2937303b207358962f8","ssdeep":"3072:NLnP1eVKU+ytfF6DyIA7kvo1kis3hQdhnNFn:99VytfL7kA1U3ydhnNFn","tlshash":"6ad3938177c6b88122471bb7772bb1e9f92e4dd870c9088bf154bc98f5b9911fae4930","first_seen":"2025-10-19T01:16:14.653859Z","last_seen":"2026-06-04T12:20:47.287498Z","times_seen":109,"resource_available":false,"data":null}},"time_used":780,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":780,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/qrcodejs/1.0.0/qrcode.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6083\r\ncf-ray: 9d4836b59dbf8be6-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fad-4dd7\"\r\nlast-modified: Mon, 04 May 2020 16:15:41 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1325651\r\nexpires: Wed, 17 Feb 2027 14:01:21 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=eHYYo%2BldW2sW48wydHDoXVd5oC2kwmNFjzyEUSi2M0TuPDNUZYdW4V4J1WwMzFqE%2B516X3d55VY8i401Q801dBfxfpEwE7gsPD9Gp1wTtI9WIk6We%2FaIPGDpIW8zXWI1WcR6YbhM\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (19927), with no line terminators","md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-06-08T20:49:30.037793Z","times_seen":61641,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":14,"receive":1,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 15:59:25 GMT","end":"Sun, 17 May 2026 16:59:23 GMT"},"fingerprint":{"sha1":"37:8F:7A:B7:BF:60:24:8D:1C:83:4F:C2:59:C3:0A:0C:EE:B3:75:A5","sha256":"8D:E6:B5:3D:41:1D:D8:B2:FA:03:95:07:E2:54:7C:1F:A2:22:E9:05:05:5E:D2:99:7D:DF:46:3F:32:52:53:F9"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nOrigin: https://123.bmt-whatsapp.com.cn\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 14:01:22 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: HEAD, OPTIONS, POST, GET, OPTIONS\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://123.bmt-whatsapp.com.cn\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8v%2FbkW%2FEw9VtcyFXSxn4B7EVJ45ABKE4TeFzT2bI%2BuA0wC24XmZlhMPwLCwz8g66M%2BsBWW3yNLk86Pk68ZeFOLtuWXIuMKI%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9d4836b74e089ade-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":748,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e04f1469fffe997f86caaa7556ea45e3","sha1":"1d27c4b7717eb0815a21b1cc77b4ecfa46da686b","sha256":"de7561aa66cb3b68b9ca8c76e969396ca71f8b045e3dc76024fd96aae7cce322","sha512":"c2b87b634c6cded9140ef5ceb496f18359645a78fd5b19f9e1953d5f47d3d7a447c32b352720691f07853b90a0445fd1fe1d3cdad3e391e308b850bb0a7856a7","ssdeep":"","tlshash":"82012428e4680e7b88b80358b4686a07162422075f16354e7fd4874d0f8d8bf20b124e","first_seen":"2026-02-11T12:27:33.810968Z","last_seen":"2026-03-11T11:01:39.516772Z","times_seen":1299,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":37,"dns":2,"connect":8,"send":0,"wait":227,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-27T14:01:20.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-13a8\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5032,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (494)","md5":"9f238d950670be7b49c4ca40043f5f83","sha1":"49facd6f3dce675a8f30ea4daf9b8604663e5db6","sha256":"c0b4c45157c73bf6d987a16e1469e796b1bfc35aae316ecd5ffbca8f3b4039bf","sha512":"454c7253770af5f6a8cef6675b3c1e2d418fa5e4343541b62eb8041a2f997a5162dc1b7af0623981693dd33cc3d32ff7e708171e3dd0d93caa96d6c28610a896","ssdeep":"96:pdXRKkyUXFUUMyMUAxnD5v7rTXJAD1KDE8MvvBavBtjxRwjVe:pXM2FUryMzxD5DrjORKEezjxRwjw","tlshash":"cda197af8dd4ba28323e5d56f0e4f64b8bb44a0be011ac57b8ad40bd6fc37858493915","first_seen":"2026-02-26T11:40:56.776625Z","last_seen":"2026-02-27T17:55:43.782819Z","times_seen":10,"resource_available":false,"data":null}},"time_used":1949,"timings":{"blocked":842,"dns":304,"connect":263,"send":0,"wait":265,"receive":0,"ssl":273},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/css/spinner_style.css","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /css/spinner_style.css HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-b58\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2904,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c856959f0ff5db6a8c801c1f289c55d9","sha1":"9872106f236ecf014ca112dffb1510bdc42b8bc1","sha256":"7e5acc796a6ae576eb44fb7d2814152896be8870767226c204dc246f5c90d025","sha512":"23c4d2474c3063d3043cee2ce5ba593d23f08a52caa51dd732c5e867019d8967f783c24df95c8c99d0a4573a8b19ad86ddab1da372d0ae911a0a8a2290b32ebb","ssdeep":"","tlshash":"2c516d1e094114f7813b93729b922c25fb379463434a21d539afa9784f326cc0276ff4","first_seen":"2025-10-21T13:04:17.748185Z","last_seen":"2026-06-04T12:20:47.289436Z","times_seen":35,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/custom.css","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /custom.css HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-1b074d\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1771341,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ce642eda343217291148c86f1a22df1f","sha1":"e4ad2dad7b3051cf928e07c08a4f0a468cf8f10a","sha256":"fc0686b1f018677c959008e38affb7067bc98c93ec54a26cba996e9132b2d9e0","sha512":"177242629ddd2c7851b0b8df8416eb03ddceff4696644b2aaac3646512e2b264cf5de12faaf0c346d7ca75b86e4b36e39b690725de4260b786f4dafc5cc4b2be","ssdeep":"12288:/KreiDm6jGDDBUAK6iHQBJj3nnIxt+nM5vvQFTQ/lrhzmY3Z9c1oDCujHc3/Q9eo:yCn8x","tlshash":"d9253022b5f11dadec2fd25946ed5648739be7c3aa0f1fe6ba8c31548f842f80451e84","first_seen":"2025-10-21T13:04:17.7412Z","last_seen":"2026-06-04T12:20:47.290363Z","times_seen":34,"resource_available":false,"data":null}},"time_used":518,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":518,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/public/default_icon.png","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:23.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /public/default_icon.png HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:23 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-08T20:27:09.798907Z","times_seen":524216,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/lib/bootstrap/js/bootstrap-3.3.7.min.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /lib/bootstrap/js/bootstrap-3.3.7.min.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-90b5\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-08T20:58:26.049599Z","times_seen":90482,"resource_available":true,"data":null}},"time_used":781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":781,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"123.bmt-whatsapp.com.cn/js/main.js","fqdn":"123.bmt-whatsapp.com.cn","domain":"bmt-whatsapp.com.cn","tld":"com.cn"},"ip":{"addr":"43.226.17.44","port":443,"asn":64050,"as":"BGP Network Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://123.bmt-whatsapp.com.cn/","date":"2026-02-27T14:01:21.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bmt-whatsapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 23 Feb 2026 18:04:37 GMT","end":"Sun, 24 May 2026 18:04:36 GMT"},"fingerprint":{"sha1":"B2:B9:C1:BC:F7:8C:30:5A:E2:19:CF:50:D4:DD:17:BE:85:E4:3B:1F","sha256":"E8:BA:53:12:93:CB:7B:2F:33:87:31:75:52:61:D9:95:40:2C:94:3C:3A:28:65:09:2F:EB:60:B3:E7:06:48:6B"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: 123.bmt-whatsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://123.bmt-whatsapp.com.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Feb 2026 14:01:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 23 Feb 2026 18:07:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699c9761-502c5\"\r\nexpires: Sat, 28 Feb 2026 02:01:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":328389,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"0d0052ec52935cc829e1faff603ed36e","sha1":"b3d5b8fb0fa9d066e39c141e72db9618890e682c","sha256":"b69fa525df1b3ff3091f598c24fe00a7700559b98d004b3b08a7b4c37c01095b","sha512":"9eba76b2f19b348ac9da4025c0d7343f8fc21ac7b381b791dcabb837f646e18c8267c3db6d22c58df71cc3138b85a5eb2c380f6908b1bd8a5c495de8791b95c8","ssdeep":"6144:WutaOQpVIhaOflsxu4JvuIPA4u5JQYAJQe4jEL426UvF9l09zTGYfwLZ0XF5dqYS:TP8IkONsQ4JvRiJQYAJnqA4XUh09zTGj","tlshash":"1f641f8177d2bc42034b1776731b71e9e53a8da9b0dc448ae104bc94f1fea17eae4672","first_seen":"2026-02-26T11:40:56.76124Z","last_seen":"2026-02-27T17:55:43.795725Z","times_seen":9,"resource_available":false,"data":null}},"time_used":778,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":778,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-27","alert":"Phishing Block","trigger":"123.bmt-whatsapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"123.bmt-whatsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}