{"report_id":"aa5220b9-c884-4b48-9a21-dab6f4e3ceb1","version":6,"status":"done","tags":[],"date":"2026-04-06T12:44:51Z","url":{"schema":"http","addr":"teamsapp.com.cn","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"172.67.199.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"teamsapp.com.cn/","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"title":"Teams手机版下载 - Teams官方网站","dom":{"size":9454,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"748082ac7b78c52d5c81d78ab3da2ddd","sha1":"e8e09c3337d4694c174cb6f56d909f5cd69c0f08","sha256":"dc7951bd3a79cfec1fd0dd2225372e8b8f7f7b6ee92d95fcbec040e61bb2e893","sha512":"cab81261db6eac9ae61417da9bb608a32ef05f260588d7169456cc586e2191f125527bf45128e22efac466242a3763f1784fdda1693920d2af5b8a82869b760c","ssdeep":"192:kpV8eRpE5bvnrFohRHBvYEgw6N0yJ/cKVgjQY:k0WKVgjQY","tlshash":"58121d1b71f32043a593a4782fb7a7156ea4c083c20edab03a9c178ddfca5819d9375d","dom_hash":"domhash0586be5a53a1f53b08aa3fde4888a91d","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"teamsapp.com.cn","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"172.67.199.123","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-11T12:44:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"teamsapp.com.cn","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-03","domain_rank":0,"first_seen":"2026-04-06T12:44:52.256764Z","last_seen":"2026-04-06T12:44:52.256764Z","alert_count":12,"request_count":6,"received_data":1742375,"sent_data":2679,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"teamsapp.com.cn/favicon.png","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teamsapp.com.cn/","date":"2026-04-06T12:44:31.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teamsapp.com.cn","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Apr 2026 14:09:42 GMT","end":"Thu, 02 Jul 2026 14:09:41 GMT"},"fingerprint":{"sha1":"7D:C3:01:23:9A:F5:DE:8D:0D:8E:12:43:22:4E:0C:FD:F7:1C:27:0B","sha256":"39:78:02:23:F0:DD:2A:20:A4:4D:3A:4E:C1:84:9F:8A:C8:4F:AD:76:FD:74:31:E5:8D:10:2E:16:F0:D6:C1:74"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: teamsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teamsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 12:44:32 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 03 Apr 2026 15:50:44 GMT\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69cfe1d4-19ff\"\r\nexpires: Wed, 06 May 2026 12:44:31 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tG8IroFLUS01WWsERfBH7xKrumbLnCiXznBXBg9K1C440Gp7yrB84itwfBILvY5gqy%2BiCAEcRdZqdXWfSmumeuP%2FAdmPQVNCi8QQ0IM%2FI7e4pYKMCRlCNWIkQw1JfWxN8p4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e80e2699c7eb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6655,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"b3af576f69bcf07f0edba10db50d92c3","sha1":"f841502b8eb8aedc17f9c4b5a8d7f83b485147a6","sha256":"d244414735074a422c8a71c8a1e71dc01753570bb18162ab2e235fd534670a47","sha512":"7b499a730081fc49a04fc9d641a30b0162bc36295465f4b07b50994329b114435dafc26984a11153f4a5a09b773f09bf1c32fe912b2735b7a5b94b1a44195777","ssdeep":"192:Mp1xEu6xW6dq0ZwsafnlqiSaqIVSIgpdfQaMO+iYaADz1:MenMOqJfflXvUQa+Dz1","tlshash":"4ed1af9f8386212ce4ac32ee2988405c1b1b68d4de1016e954228df872877a7fb37d56","first_seen":"2026-02-04T16:17:12.398212Z","last_seen":"2026-04-06T13:02:36.736873Z","times_seen":3,"resource_available":false,"data":null}},"time_used":518,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":517,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teamsapp.com.cn/","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-06T12:44:30.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teamsapp.com.cn","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Apr 2026 14:09:42 GMT","end":"Thu, 02 Jul 2026 14:09:41 GMT"},"fingerprint":{"sha1":"7D:C3:01:23:9A:F5:DE:8D:0D:8E:12:43:22:4E:0C:FD:F7:1C:27:0B","sha256":"39:78:02:23:F0:DD:2A:20:A4:4D:3A:4E:C1:84:9F:8A:C8:4F:AD:76:FD:74:31:E5:8D:10:2E:16:F0:D6:C1:74"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: teamsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 06 Apr 2026 12:44:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 03 Apr 2026 15:53:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gJ8NAOtDALmlWrvCtcEvunjlkfuoLnbtdpXBanrittkGAKqmarZlbEyybDuyWb8UrlumASUEYokwxBTNiUn0OhZrB2%2BUO1gnijbrk1y7jP%2BUZqQ%2FUza4MBoCqyQpfrF4aAg%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9e80e26299f55a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9467,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"e4b7ad90a6f4d0cbfc6956dbce9882f5","sha1":"4a8df7b62c73d3b1d029316f7cc7958335196b4a","sha256":"dbadb7f53afa0ed3d91091341886e308c7975ffceaf3ede1ac3c3a5b4ef2d387","sha512":"a01ced4581656bfdc9b8a923fea6fe771415d7918eea76413705d61643f9339548efafe5b89aaffb5691a0d689aee2922a40c31eee2596f1427cfd451646d7e0","ssdeep":"192:wpV8eRpE5bvnrFohRHBvYEgw6N0yJ/cKVgjQf:g0WKVgjQf","tlshash":"86121d1b75f32043a593a4782bb7a7156ea4c083c10edab03a9c178ddfca5819d9375d","first_seen":"2026-04-06T12:44:58.640261Z","last_seen":"2026-04-06T13:02:36.738463Z","times_seen":2,"resource_available":true,"data":null}},"time_used":1026,"timings":{"blocked":245,"dns":224,"connect":1,"send":0,"wait":536,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teamsapp.com.cn/logo.png","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teamsapp.com.cn/","date":"2026-04-06T12:44:31.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teamsapp.com.cn","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Apr 2026 14:09:42 GMT","end":"Thu, 02 Jul 2026 14:09:41 GMT"},"fingerprint":{"sha1":"7D:C3:01:23:9A:F5:DE:8D:0D:8E:12:43:22:4E:0C:FD:F7:1C:27:0B","sha256":"39:78:02:23:F0:DD:2A:20:A4:4D:3A:4E:C1:84:9F:8A:C8:4F:AD:76:FD:74:31:E5:8D:10:2E:16:F0:D6:C1:74"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: teamsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teamsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 12:44:31 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 03 Apr 2026 15:50:23 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69cfe1bf-19ff\"\r\nexpires: Wed, 06 May 2026 12:44:31 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z9bAYgWoEznGh1PqsqN%2FB9%2BUuYFQFxkkhQjsymAB31wEc1P%2FfhxbmM1ZD0MWPe8widlZ%2BsnjDgDaBdqfGd%2FIbKpu7MEJE48wRevFbdfC8hvWPqxpO7epIlvsn7Vf4%2Fi2EnM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e80e266f9eeb51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6655,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"b3af576f69bcf07f0edba10db50d92c3","sha1":"f841502b8eb8aedc17f9c4b5a8d7f83b485147a6","sha256":"d244414735074a422c8a71c8a1e71dc01753570bb18162ab2e235fd534670a47","sha512":"7b499a730081fc49a04fc9d641a30b0162bc36295465f4b07b50994329b114435dafc26984a11153f4a5a09b773f09bf1c32fe912b2735b7a5b94b1a44195777","ssdeep":"192:Mp1xEu6xW6dq0ZwsafnlqiSaqIVSIgpdfQaMO+iYaADz1:MenMOqJfflXvUQa+Dz1","tlshash":"4ed1af9f8386212ce4ac32ee2988405c1b1b68d4de1016e954228df872877a7fb37d56","first_seen":"2026-02-04T16:17:12.398212Z","last_seen":"2026-04-06T13:02:36.736873Z","times_seen":3,"resource_available":false,"data":null}},"time_used":556,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":556,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teamsapp.com.cn/img/banner.png","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teamsapp.com.cn/","date":"2026-04-06T12:44:31.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teamsapp.com.cn","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Apr 2026 14:09:42 GMT","end":"Thu, 02 Jul 2026 14:09:41 GMT"},"fingerprint":{"sha1":"7D:C3:01:23:9A:F5:DE:8D:0D:8E:12:43:22:4E:0C:FD:F7:1C:27:0B","sha256":"39:78:02:23:F0:DD:2A:20:A4:4D:3A:4E:C1:84:9F:8A:C8:4F:AD:76:FD:74:31:E5:8D:10:2E:16:F0:D6:C1:74"}}},"request":{"raw":"GET /img/banner.png HTTP/1.1\r\nHost: teamsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teamsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 12:44:31 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 03 Apr 2026 15:23:08 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69cfdb5c-14ddb2\"\r\nexpires: Wed, 06 May 2026 12:44:31 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xwLFxAMW%2F6WMly7W4X4GTjMN1h7TYgSjGzhrG70%2Bj5akc8Ne4CunH1j%2BBLXWzhEy%2FlL8pEkGzi33ZY1YypJ9RyvvaETBABA5nzN9%2Fki4xbZRBA8E18v4n0h0AOFdjXF2LzE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e80e26709f4b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1367474,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1857 x 1077, 8-bit/color RGBA, non-interlaced","md5":"baa5a110bd022c6c77de5e3e9aa60b81","sha1":"91f84489383627d65884539d8215e14133443206","sha256":"f8c9a14132724092ccfbfba03a164e1448e715574a4778a5e31a0114b0664b4d","sha512":"e1a75e7a3d7d43bcfed3a8d2417bc473b31c7b8339bdce036d038c3475125744066a95c35b9960d566fb4f0878e2e4984c09e39289e951ef4e0ba7928ca1e1d9","ssdeep":"24576:+IwlN22HBUERs/FwcFH/tEBqBzYYdN27/RryQwafvqZbmyotTg:ilN/43/tEBqBzKpryQFfcmVZg","tlshash":"46253361c3f6fda3abe3ba3136308f192739c030d9df8971515a635c0471e6696a2f4a","first_seen":"2026-04-06T12:44:58.641234Z","last_seen":"2026-04-06T13:02:36.740958Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":543,"receive":1592,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teamsapp.com.cn/img/feature2.png","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teamsapp.com.cn/","date":"2026-04-06T12:44:31.210Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teamsapp.com.cn","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Apr 2026 14:09:42 GMT","end":"Thu, 02 Jul 2026 14:09:41 GMT"},"fingerprint":{"sha1":"7D:C3:01:23:9A:F5:DE:8D:0D:8E:12:43:22:4E:0C:FD:F7:1C:27:0B","sha256":"39:78:02:23:F0:DD:2A:20:A4:4D:3A:4E:C1:84:9F:8A:C8:4F:AD:76:FD:74:31:E5:8D:10:2E:16:F0:D6:C1:74"}}},"request":{"raw":"GET /img/feature2.png HTTP/1.1\r\nHost: teamsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teamsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 12:44:31 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 03 Apr 2026 15:23:08 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69cfdb5c-167c6\"\r\nexpires: Wed, 06 May 2026 12:44:31 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l5FWcpiHRftxo2smoBhBCQ2sDPPe8stQqyOdAmvBAkTMdx2kk2n4F89Ev7%2F8ucKeEbv%2BBtAN5R4JE3aSSRPGbAOWXZWZnRloEb%2B4EQyUNeS%2F6L5h6%2FDSkvI17l2xA%2FbCi7Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e80e26709f8b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":92102,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82\", baseline, precision 8, 1024x581, components 3","md5":"998a61bc42737407f2b4aa286a85df44","sha1":"37a4fc3bee18f1021eedfadf2e3ee4c2e3ec81a8","sha256":"c42443aea347e96b30188fdacd63c298316f6ad00c141b66ab80fc37883bbfbe","sha512":"0beef8d9f2d91e5930f94012ef6c32eebc27ba2d929b55a9b64bc0b344bda55938e5c2cff0cbd43d5764e9cfe437b6f3fc843b7adbc7eb8af6774f69e5e76d2f","ssdeep":"1536:kgQYZ2D1w6iWO1TgbqFSB9H36CZdJxFFj2zbnS+RAevMOuUSB8FKHIjbJRfLInXt:OYd6iWSTgqFSBJXZPxFF6zbn1/pSPHHt","tlshash":"3f9302434d4081a7dc380ab892170f6e30a77e5a66746bd7f8204c7577a5bd6ceaf24c","first_seen":"2025-12-20T16:55:08.345826Z","last_seen":"2026-04-06T13:02:36.74545Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1079,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":529,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"teamsapp.com.cn/img/feature1.png","fqdn":"teamsapp.com.cn","domain":"teamsapp.com.cn","tld":"com.cn"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://teamsapp.com.cn/","date":"2026-04-06T12:44:31.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"teamsapp.com.cn","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 03 Apr 2026 14:09:42 GMT","end":"Thu, 02 Jul 2026 14:09:41 GMT"},"fingerprint":{"sha1":"7D:C3:01:23:9A:F5:DE:8D:0D:8E:12:43:22:4E:0C:FD:F7:1C:27:0B","sha256":"39:78:02:23:F0:DD:2A:20:A4:4D:3A:4E:C1:84:9F:8A:C8:4F:AD:76:FD:74:31:E5:8D:10:2E:16:F0:D6:C1:74"}}},"request":{"raw":"GET /img/feature1.png HTTP/1.1\r\nHost: teamsapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://teamsapp.com.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 06 Apr 2026 12:44:31 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 03 Apr 2026 15:23:08 GMT\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69cfdb5c-3e6bf\"\r\nexpires: Wed, 06 May 2026 12:44:31 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o4Uif%2B9wi5AAy1v0zGqShjicY%2FWklIvpswn3dSuLvcLfIAJf8JigHj09gIYtyi1J4RfGkTY2tNdFA%2FxHbW%2BHrsn04Vt6%2FSGZ826P94Kza9usyiTH05lXqZlAEWT2DhlyM8Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9e80e26709f6b51e-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":255679,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 709, 8-bit/color RGBA, non-interlaced","md5":"ab8e3ea8cb661886b7efab1074997e37","sha1":"b9305d2873c620de922a1a7cd407f6e3160f4a1f","sha256":"3a443a4926c36eb4be8dd9c790860dad49dd5a0d08766d43fb30a3803d25ebc8","sha512":"b5bd1579b4b01ce84ef7632752dfbeb265f5c32ce177ff7fa9aea683255b89d76d0aa3e2b700ccf444a7ba59ebaac5f01f77d148e8b65587ef0fc4f6a9c4115f","ssdeep":"6144:kvAIsQPPd2ui++Tu6G0/HNxp+MRDPZ2MQZ+myphMyp0:ELX6us/H3kQDPZiZ+pphMyp0","tlshash":"cb4423c46d6ae1b2c8c3677c9c125fca13ef11656cc20b13ed5199dfaaa6f27c8921d0","first_seen":"2025-12-20T16:55:08.338179Z","last_seen":"2026-04-06T13:02:36.743923Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1561,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":532,"receive":1029,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-06","alert":"Sinkholed","trigger":"teamsapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}