{"report_id":"7a6d6629-9def-4715-b3a6-cff3b2d9a1dd","version":6,"status":"done","tags":[],"date":"2026-05-29T21:02:08Z","url":{"schema":"http","addr":"d-feiishu.com.cn","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":0,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"final":{"url":{"schema":"https","addr":"d-feiishu.com.cn/","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"title":"飞书开放平台官方下载｜飞书网页端登录入口·智能办公解决方案","dom":{"size":11815,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (440)","md5":"ecc1593c942ff3e5918ab1580b7d0544","sha1":"c036fa94dcbd69c8b1cd53f1a30f334269722c6e","sha256":"1a1d9fed0565bc208ac6a00a8b0c764a0ad5c1a80660465277d18427c9107356","sha512":"5390ecd8edb36fc0b233e4c941658b994c57e62ea82ebbc6d5a47bc1beded69d2fcaf3376281cee6c7d9de06742edea9567e7562b7f8a2825d879962a533a448","ssdeep":"192:pkcbsyHEkZOVpkssBUidEuzJ/aTfwo0e4tOi1eKeA6eeOerfieqebe0egewNEzY:uyHzOVpLs+iyuztoimzAD4rjTapgRNEs","tlshash":"9132c83245f0297b514342c9eba9339e2ed99987d46b051876fc4b949fd3e87cca700e","dom_hash":"domhash18833cc6d36bd89526d32cb0c8e64c22","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"d-feiishu.com.cn","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":0,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-03T21:02:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"d-feiishu.com.cn","ip":{"addr":"38.76.168.119","port":443,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"domain_registered":"2026-05-12","domain_rank":0,"first_seen":"2026-05-29T21:02:08.959449Z","last_seen":"2026-05-29T21:02:08.959449Z","alert_count":10,"request_count":5,"received_data":32887,"sent_data":2526,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"d-feiishu.com.cn/assets/styles.css?v=2026052102","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":443,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d-feiishu.com.cn/","date":"2026-05-29T21:01:48.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-feiishu.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 04:58:06 GMT","end":"Thu, 20 Aug 2026 04:58:05 GMT"},"fingerprint":{"sha1":"D8:75:25:53:83:B5:AA:3F:98:12:D4:C0:BC:FC:D7:1F:A9:06:E9:51","sha256":"15:A2:0A:6A:96:9D:7B:B7:6C:55:FF:F4:E5:47:16:B1:C2:88:63:9D:CA:81:1B:28:64:55:86:35:02:9F:05:6F"}}},"request":{"raw":"GET /assets/styles.css?v=2026052102 HTTP/1.1\r\nHost: d-feiishu.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-feiishu.com.cn/\r\nCookie: server_name_session=c4f50584cb8ea91c58de428badd50990\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 21:01:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 20 May 2026 19:53:59 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a0e1157-3a40\"\r\nexpires: Sat, 30 May 2026 09:01:49 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14912,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"511846e2f2f5419131799f64c8c5382b","sha1":"a48dae525a51f4f70a7c43ca99a065eba045491d","sha256":"7410a8223f4be4b9e7cb1e54535de2c1850afca21937af9b0dace2371949e32e","sha512":"de210a96594e442a5a7acf64d6e42d26a4362ffdc81a2644e116fdd162c82d636800c740e1e4813231a8a367177115aced5e3708ac75c2473853cb678892883a","ssdeep":"192:NhF2twC0WqwiiZ5zcLF2juMQqXbRtJQlCtUlZpkyWNKhqRYmC7su2pEzq1It1NSN:Nqmc/3SYmQaVNe0AT3Y8","tlshash":"a26245d32774aa28f52ba5e4f9525b86b3589403810deebd5fe8100cedcd1e9a17260f","first_seen":"2026-05-29T21:02:12.646018Z","last_seen":"2026-05-29T21:03:31.541182Z","times_seen":2,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d-feiishu.com.cn/assets/feishu-logo.svg","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":443,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-feiishu.com.cn/","date":"2026-05-29T21:01:48.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-feiishu.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 04:58:06 GMT","end":"Thu, 20 Aug 2026 04:58:05 GMT"},"fingerprint":{"sha1":"D8:75:25:53:83:B5:AA:3F:98:12:D4:C0:BC:FC:D7:1F:A9:06:E9:51","sha256":"15:A2:0A:6A:96:9D:7B:B7:6C:55:FF:F4:E5:47:16:B1:C2:88:63:9D:CA:81:1B:28:64:55:86:35:02:9F:05:6F"}}},"request":{"raw":"GET /assets/feishu-logo.svg HTTP/1.1\r\nHost: d-feiishu.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-feiishu.com.cn/\r\nCookie: server_name_session=c4f50584cb8ea91c58de428badd50990\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 21:01:49 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1002\r\nlast-modified: Tue, 12 May 2026 15:01:23 GMT\r\netag: \"6a0340c3-3ea\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1002,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4edf0185971025009fe51952d4937005","sha1":"c0465d566f7cde2ca712444a63ed26176b3da966","sha256":"1572787bd69b847dce7b2d476abf9e9cf81616e78e73298ea24153346d42d17b","sha512":"889d5c3e959d095e4022972644cb10404d47d50e4581f02664d62b66722c35e0e8009b2b5d8e4fc923c915b7c527d72646842b03a45cd0ee6d94b61acbc912ee","ssdeep":"","tlshash":"f111ceb2d4fc5827da1ec185cda4ec64266452fb8685411270aedf5c1b289e31d0f7e6","first_seen":"2026-05-29T21:02:12.648816Z","last_seen":"2026-05-29T21:03:31.540574Z","times_seen":2,"resource_available":false,"data":null}},"time_used":277,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":277,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d-feiishu.com.cn/assets/favicon.svg","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":443,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-feiishu.com.cn/","date":"2026-05-29T21:01:49.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-feiishu.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 04:58:06 GMT","end":"Thu, 20 Aug 2026 04:58:05 GMT"},"fingerprint":{"sha1":"D8:75:25:53:83:B5:AA:3F:98:12:D4:C0:BC:FC:D7:1F:A9:06:E9:51","sha256":"15:A2:0A:6A:96:9D:7B:B7:6C:55:FF:F4:E5:47:16:B1:C2:88:63:9D:CA:81:1B:28:64:55:86:35:02:9F:05:6F"}}},"request":{"raw":"GET /assets/favicon.svg HTTP/1.1\r\nHost: d-feiishu.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-feiishu.com.cn/\r\nCookie: server_name_session=c4f50584cb8ea91c58de428badd50990\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 21:01:49 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 860\r\nlast-modified: Sat, 16 May 2026 12:13:32 GMT\r\netag: \"6a085f6c-35c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":860,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2730297424eb0a69ab27dee972c0510b","sha1":"22d706b4ad032d6cbad543efbd58b0d8e8fad730","sha256":"56d39b04b5bf3e3d74ec4bb51e4a3482784fa4131a89823021955ca009dab0ab","sha512":"3561bf742f6b9e7bd8a75c537a77eead033d68bd479c26aaa0dd4d9b24085317b757a31996483f8091fc0868e18c0cda7417027da8ba36bb2444d3fcf5f1d817","ssdeep":"","tlshash":"34116b71e8bcd527d30cc1969e90d8652b6853e786c44152b0ee9f8d1f289c31d0bbe9","first_seen":"2026-05-29T21:02:12.65134Z","last_seen":"2026-05-29T21:03:31.542223Z","times_seen":2,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d-feiishu.com.cn/assets/favicon.svg","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":443,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-feiishu.com.cn/","date":"2026-05-29T21:01:49.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-feiishu.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 04:58:06 GMT","end":"Thu, 20 Aug 2026 04:58:05 GMT"},"fingerprint":{"sha1":"D8:75:25:53:83:B5:AA:3F:98:12:D4:C0:BC:FC:D7:1F:A9:06:E9:51","sha256":"15:A2:0A:6A:96:9D:7B:B7:6C:55:FF:F4:E5:47:16:B1:C2:88:63:9D:CA:81:1B:28:64:55:86:35:02:9F:05:6F"}}},"request":{"raw":"GET /assets/favicon.svg HTTP/1.1\r\nHost: d-feiishu.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-feiishu.com.cn/\r\nCookie: server_name_session=c4f50584cb8ea91c58de428badd50990\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 21:01:49 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 860\r\nlast-modified: Sat, 16 May 2026 12:13:32 GMT\r\netag: \"6a085f6c-35c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":860,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2730297424eb0a69ab27dee972c0510b","sha1":"22d706b4ad032d6cbad543efbd58b0d8e8fad730","sha256":"56d39b04b5bf3e3d74ec4bb51e4a3482784fa4131a89823021955ca009dab0ab","sha512":"3561bf742f6b9e7bd8a75c537a77eead033d68bd479c26aaa0dd4d9b24085317b757a31996483f8091fc0868e18c0cda7417027da8ba36bb2444d3fcf5f1d817","ssdeep":"","tlshash":"34116b71e8bcd527d30cc1969e90d8652b6853e786c44152b0ee9f8d1f289c31d0bbe9","first_seen":"2026-05-29T21:02:12.65134Z","last_seen":"2026-05-29T21:03:31.542223Z","times_seen":2,"resource_available":false,"data":null}},"time_used":276,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":276,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"d-feiishu.com.cn/","fqdn":"d-feiishu.com.cn","domain":"d-feiishu.com.cn","tld":"com.cn"},"ip":{"addr":"38.76.168.119","port":443,"asn":269846,"as":"T.V ZAMORA, C.A.","country":"Venezuela","country_code":"VE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-29T21:01:47.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-feiishu.com.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 22 May 2026 04:58:06 GMT","end":"Thu, 20 Aug 2026 04:58:05 GMT"},"fingerprint":{"sha1":"D8:75:25:53:83:B5:AA:3F:98:12:D4:C0:BC:FC:D7:1F:A9:06:E9:51","sha256":"15:A2:0A:6A:96:9D:7B:B7:6C:55:FF:F4:E5:47:16:B1:C2:88:63:9D:CA:81:1B:28:64:55:86:35:02:9F:05:6F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: d-feiishu.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 29 May 2026 21:01:48 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 28 May 2026 01:39:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a179cec-3244\"\r\nset-cookie: server_name_session=c4f50584cb8ea91c58de428badd50990; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12868,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (420), with LF, NEL line terminators","md5":"1ea5c53e5f22caea62be4ff819f55b19","sha1":"5ccb86979f6c38f193db238aa70c80358b0dcb4e","sha256":"5c5aea3a4939b6b3b73318407dbebff3c9937644c6e2b81610bb39bae1352999","sha512":"deed42d782e67cead68b493eb20850a92bb7de5118e7ea2688281499e2d8f375f02a131876718dcdb2910c92a2ebdc3cd9fedc62c7797731bf011158fecf8ab8","ssdeep":"192:dkcbsyHEkxSOVpkssBUidEQlfFaTh3w7fFX4sMOi1eKeA6eeOerfieqedeljewxf:KyHaOVpLs+iyQ3XkmzAD4rjTgEwxxg1s","tlshash":"1f42c63241f0277a914391c5aba8339e6eea9983d85f011477fc4b945fe2e8bcc9701e","first_seen":"2026-05-29T21:02:12.653458Z","last_seen":"2026-05-29T21:03:31.539997Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2635,"timings":{"blocked":1179,"dns":617,"connect":275,"send":0,"wait":277,"receive":0,"ssl":283},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-29","alert":"Sinkholed","trigger":"d-feiishu.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}