{"report_id":"ac3126c2-59df-470f-84fe-4769d2633527","version":6,"status":"done","tags":[],"date":"2026-03-15T12:49:19Z","url":{"schema":"http","addr":"wechathk.org","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"172.67.137.25","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"wechathk.org/","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"title":"微信，是一个生活方式","dom":{"size":25989,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15201)","md5":"5fda385f7a9959a0ce0aece097fe296f","sha1":"074fc73ba7600ad61713b7542be017b15cb52532","sha256":"c050d503ace96a9687904638be4c27d81cb6f27b9f8a8e36fef24f9b629578c0","sha512":"546a6ae9d44166826b845900d27a60cb3ba9a529a7ee1c26aaa4e4ba9484dc9490694f2e4973f3ede17624d9a5c7439c92732020076d4b8826d5e47dc3d7cd91","ssdeep":"384:OD/b/J9fYsfQut02J9zWZqzwsOvWenANQb:Sb/J9fYsfQuW2J9zWZqzIWenANQb","tlshash":"3bc20929b884c82506bf98c895345e11d2f5b30685da85cbf27887b12fafe3df11b1b5","dom_hash":"domhasha1c62c2baf115778a1696b604ddd2911","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"wechathk.org","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"172.67.137.25","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-19T12:49:19Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"wechathk.org","ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-16","domain_rank":0,"first_seen":"2026-03-15T12:49:20.045017Z","last_seen":"2026-03-15T12:49:20.045018Z","alert_count":42,"request_count":7,"received_data":696758,"sent_data":2996,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WebAssembly","description":"WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.","website":"https://webassembly.org/","common_platform_enumeration":"","icon":"WebAssembly.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"wechathk.org/wasm_exec.js","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8bccb701dbf4a238e687fa92cda9c4bb","sha1":"0db37b0234332ca7e94fba1b3b4834055110ee26","sha256":"45ce9dfe7211247544ab6f4268eb8cb5b6f3d5ae602dc3b51447b7eada99c229","sha512":"1d4fbc45242ff06692c87971fb41dcb4a553da217949971ddf764cf9bcb1ce23456091f2dc3eea129d8ca011b28e5709521f84445bad2e8a17a5ce140e33f1d2","ssdeep":"384:gEsk9HFOfBpDFS2g762jeGsnFBvDSORSYG8IqeQWUw9JRxSt6SbMp7ptU4WA6xtm:99HwBpDU2g762jeGsFsORULqeQWlJbSg","tlshash":"e27286c2c75ea21b53fc316a4c1582cb563cd5b3a964deffbc6c18a804a593dc2a8974","size":16687,"data":"","first_seen":"2024-12-11T21:38:38.785136Z","last_seen":"2026-06-05T07:39:07.731934Z","times_seen":804,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/assets/index-Via4hlCH.js","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"dfc7e28798ceb2eda57d4273e571f79d","sha1":"674eca76e2921bb7c2d7f9ac37cf921968a16901","sha256":"a26cd0a0cd3366636ebcdf71b5fb53de84f2af403cb3bd5a5b6d1f4086c47fed","sha512":"e527950eef761d36bef86f00b4a830181a071ec07de4e8fa14aa334a8eff25f4a84624a7d96e8a3aacd4380026d237b3b25c88da3461aa978ad3756f083b1fd8","ssdeep":"6144:8Dv8BaoUsxGthpyjIFJQc1o46Ju3R0UuDAcShkw5Iqj7/S:8Dv8AozGthgjIgJ4mIRyDAcShkwy1","tlshash":"97b42cc872c6747643ab21b1a47f2007f33a2e44748980a4f6acd9d63d7564ae277f6c","size":525323,"data":"","first_seen":"2026-03-15T12:49:22.587191Z","last_seen":"2026-03-15T23:57:18.055556Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"wechathk.org/","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-15T12:48:55.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 15 Mar 2026 12:48:55 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 13 Mar 2026 15:12:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TBPFkWnLcLW2zzU5IgAnh%2FMgr5TM4ZiWXkfuD1aassvyjfplkAk6tqTufIIzbCuaRGYQEvJz3C49Xduk%2BDBZ9dT72UCAJEgxaNyGmg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9dcba29b9b700d38-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"WebAssembly","description":"WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.","website":"https://webassembly.org/","common_platform_enumeration":"","icon":"WebAssembly.svg","categories":["Programming languages"]}],"data":{"size":971,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"ed26d7fa3935ba7b1337b7fb05c92f5a","sha1":"4f5194670a30663879c3881001e5775d92757171","sha256":"f0b545f5972ce7879de56f80257d2d0774141f3474d3e72df5e2b598a3c072f4","sha512":"3df07fece5c2a0d4d4a5cea3897ef6a0db4f0cd97b751bee92ee0bb3a6ca5a9d81ae2ac21df1e821891c1f919d66cc8dc9b6c8447294c680d05e074e855dbdec","ssdeep":"","tlshash":"5411cb46aeb0982843a042845dc8f10c9dbd978b42198d9cb7ff506c4fa0eea889b569","first_seen":"2026-03-15T12:49:22.584326Z","last_seen":"2026-03-15T23:57:18.05401Z","times_seen":3,"resource_available":false,"data":null}},"time_used":854,"timings":{"blocked":312,"dns":273,"connect":10,"send":0,"wait":230,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/assets/index-Via4hlCH.js","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wechathk.org/","date":"2026-03-15T12:48:56.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET /assets/index-Via4hlCH.js HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wechathk.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 15 Mar 2026 12:48:55 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 13 Mar 2026 15:12:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69b4294c-8040b\"\r\nexpires: Mon, 16 Mar 2026 00:48:26 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\nage: 29\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BdGHh8Uzihin%2BRapzAN7D%2FrrXCUxp3sBVbZYGwPT0DEDRTfWcDIGfjPo%2BTRy9vblhxSiUVreWNXQndPFY2SU%2B8ydJ2jM7xcT6msaOQ%3D%3D\"}]}\r\ncf-ray: 9dcba29dce7495bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":525323,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"dfc7e28798ceb2eda57d4273e571f79d","sha1":"674eca76e2921bb7c2d7f9ac37cf921968a16901","sha256":"a26cd0a0cd3366636ebcdf71b5fb53de84f2af403cb3bd5a5b6d1f4086c47fed","sha512":"e527950eef761d36bef86f00b4a830181a071ec07de4e8fa14aa334a8eff25f4a84624a7d96e8a3aacd4380026d237b3b25c88da3461aa978ad3756f083b1fd8","ssdeep":"6144:8Dv8BaoUsxGthpyjIFJQc1o46Ju3R0UuDAcShkw5Iqj7/S:8Dv8AozGthgjIgJ4mIRyDAcShkwy1","tlshash":"97b42cc872c6747643ab21b1a47f2007f33a2e44748980a4f6acd9d63d7564ae277f6c","first_seen":"2026-03-15T12:49:22.587191Z","last_seen":"2026-03-15T23:57:18.055556Z","times_seen":3,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/assets/index-UJwsBes6.css","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://wechathk.org/","date":"2026-03-15T12:48:56.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET /assets/index-UJwsBes6.css HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wechathk.org/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 15 Mar 2026 12:48:56 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 13 Mar 2026 15:12:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69b4294c-2141f\"\r\nexpires: Mon, 16 Mar 2026 00:48:56 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KV9MajtmH0cK%2B6XUEH%2B4UpKLUc%2BTofQ%2FuFVAHAwYRktqbGdDTNhqc4pQT34b2uFGGGvrkTfqskLBWmGhFEzRK0zEuCKEZGGD3w99Eg%3D%3D\"}]}\r\ncf-ray: 9dcba29dce7595bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":136223,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"94b590a028f320e4d688fa172b7c1ca2","sha1":"d4302d6ea89abc490fc3a2df7b2e6b65413c79a8","sha256":"de55902e035084c046bff6f6102d6708ea00cd50fa6c6525ccf3a231e81be43d","sha512":"b584812a90c4d7c83fa825d167d769264806c177e861de6328726c310bfd9658c03e2077c5428f635a56927698403a37eaf069bbae354fc953467257aacb87da","ssdeep":"1536:foeV+CgWALZeAt4WJkXgGY+lJVlCwn7A93gg8DLX4My7qmqdHJl603mMxXduD+TF:foC+pY3NlwuLoMbmqvo03Pxt/2x05","tlshash":"fad3bfb27a98502db02fd235ac946d997d0ef223e3a2474dfa5d1a30d4af0d5fb26344","first_seen":"2026-03-15T12:49:22.589814Z","last_seen":"2026-03-15T23:57:18.057239Z","times_seen":3,"resource_available":false,"data":null}},"time_used":795,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":409,"receive":386,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/wasm_exec.js","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://wechathk.org/","date":"2026-03-15T12:48:56.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET /wasm_exec.js HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wechathk.org/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 15 Mar 2026 12:48:56 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 09 Feb 2026 14:14:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6989ebdc-412f\"\r\nexpires: Mon, 16 Mar 2026 00:48:27 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\nage: 28\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wl3vONR3sFsin%2FuK11xNyi3VQbsoEWdnXhNzhgI5Zjyr3xYiRUXN%2F9gtcOW3XQwjhZochXN4KNQw%2F9LeHiUASnLGQkrDv1NtbzD8BA%3D%3D\"}]}\r\ncf-ray: 9dcba29e1e8f95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16687,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"8bccb701dbf4a238e687fa92cda9c4bb","sha1":"0db37b0234332ca7e94fba1b3b4834055110ee26","sha256":"45ce9dfe7211247544ab6f4268eb8cb5b6f3d5ae602dc3b51447b7eada99c229","sha512":"1d4fbc45242ff06692c87971fb41dcb4a553da217949971ddf764cf9bcb1ce23456091f2dc3eea129d8ca011b28e5709521f84445bad2e8a17a5ce140e33f1d2","ssdeep":"384:gEsk9HFOfBpDFS2g762jeGsnFBvDSORSYG8IqeQWUw9JRxSt6SbMp7ptU4WA6xtm:99HwBpDU2g762jeGsFsORULqeQWlJbSg","tlshash":"e27286c2c75ea21b53fc316a4c1582cb563cd5b3a964deffbc6c18a804a593dc2a8974","first_seen":"2024-12-11T21:38:38.785136Z","last_seen":"2026-06-05T07:39:07.731934Z","times_seen":804,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/locales/en.json","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://wechathk.org/","date":"2026-03-15T12:48:56.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET /locales/en.json HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://wechathk.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 15 Mar 2026 12:48:57 GMT\r\ncontent-type: application/json\r\nlast-modified: Fri, 13 Mar 2026 15:12:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"69b4294c-2c6f\"\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bDQjbWkfJCe2TQKZTkdKXOeTBGPySgDpqkxZDtIl7FTQ8imrRWKJwiVD2lbo99J3ky%2FwgWuVsP6ywRUvGi0psFRtRPEv1vuspUllNQ%3D%3D\"}]}\r\ncf-ray: 9dcba2a328aa95bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11375,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e60778dbb6587b0e029c3cee4b359d6e","sha1":"99a11d177db20b194330c0bbbdc533a85553117d","sha256":"2412ecc13c2ebd95e3f15a234f6b2054ecfe272e237e6258b5e9b468a921e8e1","sha512":"cd3208536fa6075b80b02ddaac995232dc11b0e9be71d6b60aa335b7361500b80d23a2d8e6fd7843855e05d869ebf281378da71cb31cde83a0489f18bde77170","ssdeep":"192:KMBnSFp/7QWj//2qp0uLfJRgcyLj+LDqW8sS2dgLzzrvS:K2nSHrnjp0uLfJRNqjCDzGcgrrvS","tlshash":"7932cb3cca204cb789f9555b58a61b93760093430e043c2e7bbc52dd1f9e97f20b666e","first_seen":"2026-03-15T12:49:22.593571Z","last_seen":"2026-03-15T23:57:18.060667Z","times_seen":3,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/logo.ico","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://wechathk.org/","date":"2026-03-15T12:48:56.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET /logo.ico HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://wechathk.org/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 15 Mar 2026 12:48:57 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=niFSRRfSxMEEqS5XIP%2BVPDsoPRsoMYX93eeS%2FL7C7Ym%2FI683pjXLaIBfuoxmof9MAy8MWfVxtjry6wK1kG00M6ZM9f5tnQfvv6a4Fg%3D%3D\"}]}\r\nlast-modified: Fri, 13 Mar 2026 15:12:12 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\netag: W/\"69b4294c-33b\"\r\ncf-ray: 9dcba2a3c8e195bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":827,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"5281e972ec463897022f56464011b5ed","sha1":"2a719c124449e0c31a0166cea7867bb1a44780bd","sha256":"a62d7d84bd02b1718106d294d1f2c8387f9967239696c1e8b446201b63f34dc7","sha512":"d5fc5821a1ba50f444665b01d3004ebd7546ae6b6a696c80ca4601c1ecdaed6632342381711055e65b86703d103bb38abd3a591fb21254ed4c934f0e41968b40","ssdeep":"","tlshash":"2001d62df3c18e3e4aa28953c214537cc0da01282d6b4f12d26af8cc626d8416a8a262","first_seen":"2023-05-03T14:18:50Z","last_seen":"2026-06-09T23:56:40.70709Z","times_seen":1202,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":406,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wechathk.org/site.config.json","fqdn":"wechathk.org","domain":"wechathk.org","tld":"org"},"ip":{"addr":"104.21.46.91","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://wechathk.org/","date":"2026-03-15T12:48:57.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wechathk.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 14:15:16 GMT","end":"Sun, 17 May 2026 15:13:52 GMT"},"fingerprint":{"sha1":"29:F0:6F:56:CE:AC:19:D4:F1:FB:C6:77:8C:52:69:CE:0D:26:6B:82","sha256":"83:42:81:A1:4E:F3:B2:5D:7A:6E:CD:11:35:9C:58:64:8F:73:1D:01:D1:D2:69:78:CF:7A:87:D7:A8:12:46:41"}}},"request":{"raw":"GET /site.config.json HTTP/1.1\r\nHost: wechathk.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://wechathk.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 15 Mar 2026 12:48:57 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4cgQ16D99U3fvXTVYmDkT%2BrzZoSlIz8LLK8X5CTdVglzxTmpHjN0jOr8Cap7maqhiRZhiSmO8%2Btgpu%2B6sgB2A6A3AIROtyLG5zBkSA%3D%3D\"}]}\r\nlast-modified: Fri, 13 Mar 2026 15:12:12 GMT\r\npriority: u=4,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\netag: W/\"69b4294c-2a3\"\r\ncf-ray: 9dcba2a5696895bd-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":675,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"45d8e6c07c313a46de75862bea2ee870","sha1":"fbd95de3bed9a781650203d7d68c2629c9b022db","sha256":"d0619aed55cdb36f53d80d8e216dc8ff0944537c8db018286ebb3c2b6acae0f8","sha512":"2124628c8fda73631b71f3161b936fafc346ee8ba7e358786d47f4dfc4b531429840a772e06fe89eafc0044b98b5438afe3e56b00853a58c228a9f2e4205a8fc","ssdeep":"","tlshash":"b7017d31ff714e5702e870e0511d660cfd91830b0cb82802fa4c88cc3f4b86ba594c5c","first_seen":"2026-02-20T09:41:03.611343Z","last_seen":"2026-03-15T23:57:18.063436Z","times_seen":4,"resource_available":false,"data":null}},"time_used":206,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":205,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-15","alert":"Phishing Block","trigger":"wechathk.org","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-15","alert":"Sinkholed","trigger":"wechathk.org","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}