{"report_id":"b0b97168-88c0-4825-a91c-7eec14fd491b","version":6,"status":"done","tags":[],"date":"2026-02-26T14:55:47Z","url":{"schema":"http","addr":"whatssfapp.com.cn","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"ip":{"addr":"168.76.142.194","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"final":{"url":{"schema":"https","addr":"whatssfapp.com.cn/","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"title":"WhatsApp网页版 - 跨平台即时通讯解决方案","dom":{"size":70518,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (329)","md5":"29d5857b96c3ebdb14b6c54167990a2c","sha1":"5ddee1f9dac5d099813371016b09496782884d5e","sha256":"e07a078967b4925ac23785084f13f6a859f9c19a8d852e16fa5d0757df2937a5","sha512":"b7fa137f6f0a4adc33c2cf45f56ee5dc74f13b0f48e0a0c85bca359a9c4fbabc65e4cf35dfd3b2206ebcc2f0f31690634d4c5ceb56cb00c51ed82242bc27b3b9","ssdeep":"1536:rmA1dtlJhbPna8fFGKWvfrvw+mKVEto/UFumEplP8MHAWDgYNpqUjr7gZm/jYA+9:k8unwB75","tlshash":"c763e79a24f3a8b61953a1e52beb435a2a74d013d80bcd787fec06ac8fc4dd45953b0d","dom_hash":"domhashfe29dd03b75f8186184faa940d074d53","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"whatssfapp.com.cn","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"ip":{"addr":"168.76.142.194","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-02T14:55:47Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-26T14:55:26Z","timestamp":1772117726,"ip_dst":{"addr":"Client IP","port":56326,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"168.76.142.194","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 31","source":"{\"timestamp\":\"2026-02-26T14:55:26.093343+0000\",\"flow_id\":2128531548865687,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"168.76.142.194\",\"src_port\":443,\"dest_ip\":\"172.18.0.36\",\"dest_port\":56326,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400030,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 31\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-02-26T14:55:25.853143+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"whatssfapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"whatssfapp.com.cn","ip":{"addr":"168.76.142.194","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"domain_registered":"2026-02-24","domain_rank":0,"first_seen":"2026-02-26T14:55:48.055143Z","last_seen":"2026-02-26T14:55:48.055143Z","alert_count":15,"request_count":3,"received_data":74901,"sent_data":1492,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"whatssfapp.com.cn/","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"ip":{"addr":"168.76.142.194","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":true,"md5":"ca44a1a06faa27f1fea556bb06bbc4e4","sha1":"7cad5d7692a0ac354e507ce375d4c1a51965cd58","sha256":"b4d09c25c2e7765a5f6654af08f7d0d6e5932baf4690eb1a9f472db373ad8a7f","sha512":"0fbf20d1dcc7ca0c912e5aa70982542ee9742c8e9cc37906c5dc4e3cf9e68fcc5bcc0e0b1fad3c426990ab05be94dcae61a3b9b911f5359c808898112cc6e4a9","ssdeep":"","tlshash":"f1417b2e66f120ba55b7b22b832f9746353710432806ce063e1c8b4a1fd0ae669a5ed4","size":1912,"data":"","first_seen":"2026-02-26T14:55:52.608407Z","last_seen":"2026-02-27T00:14:40.162053Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"whatssfapp.com.cn/favicon.ico","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"ip":{"addr":"168.76.142.194","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whatssfapp.com.cn/","date":"2026-02-26T14:55:27.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whatssfapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 13:51:35 GMT","end":"Mon, 25 May 2026 13:51:34 GMT"},"fingerprint":{"sha1":"98:08:3A:54:6D:3D:68:DD:CD:D1:96:79:61:C1:80:A4:E9:82:B0:11","sha256":"12:2C:53:CE:8F:C2:41:66:DF:DB:45:B8:4B:00:F7:ED:1C:47:CC:BC:29:C6:3F:C2:1C:EF:6B:A5:61:21:83:C1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: whatssfapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatssfapp.com.cn/\r\nCookie: server_name_session=982007e13bc49bbc731c309157d01b52\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Feb 2026 14:55:27 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1385\r\nlast-modified: Tue, 24 Feb 2026 14:37:48 GMT\r\netag: \"699db7bc-569\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-06-06T07:44:52.24081Z","times_seen":1912,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"whatssfapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whatssfapp.com.cn/favicon.ico","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"ip":{"addr":"168.76.142.194","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://whatssfapp.com.cn/","date":"2026-02-26T14:55:27.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whatssfapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 13:51:35 GMT","end":"Mon, 25 May 2026 13:51:34 GMT"},"fingerprint":{"sha1":"98:08:3A:54:6D:3D:68:DD:CD:D1:96:79:61:C1:80:A4:E9:82:B0:11","sha256":"12:2C:53:CE:8F:C2:41:66:DF:DB:45:B8:4B:00:F7:ED:1C:47:CC:BC:29:C6:3F:C2:1C:EF:6B:A5:61:21:83:C1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: whatssfapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://whatssfapp.com.cn/\r\nCookie: server_name_session=982007e13bc49bbc731c309157d01b52\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Feb 2026 14:55:27 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1385\r\nlast-modified: Tue, 24 Feb 2026 14:37:48 GMT\r\netag: \"699db7bc-569\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-06-06T07:44:52.24081Z","times_seen":1912,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"whatssfapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"whatssfapp.com.cn/","fqdn":"whatssfapp.com.cn","domain":"whatssfapp.com.cn","tld":"com.cn"},"ip":{"addr":"168.76.142.194","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-26T14:55:24.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"whatssfapp.com.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 24 Feb 2026 13:51:35 GMT","end":"Mon, 25 May 2026 13:51:34 GMT"},"fingerprint":{"sha1":"98:08:3A:54:6D:3D:68:DD:CD:D1:96:79:61:C1:80:A4:E9:82:B0:11","sha256":"12:2C:53:CE:8F:C2:41:66:DF:DB:45:B8:4B:00:F7:ED:1C:47:CC:BC:29:C6:3F:C2:1C:EF:6B:A5:61:21:83:C1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: whatssfapp.com.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 26 Feb 2026 14:55:26 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 24 Feb 2026 14:47:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"699dba19-1142e\"\r\nset-cookie: server_name_session=982007e13bc49bbc731c309157d01b52; Max-Age=86400; httponly; path=/\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":70702,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (329)","md5":"d921c9e08e65aa1847b198ae5fd96650","sha1":"21176313c9a697b2a2b09e68b9eccb22b8cfa17a","sha256":"712e2e944f008020557c5e834d392425b2b2a0b2b73ff76d6e4f49da0fd20536","sha512":"bee80b4691656ed2b2442b25d094c3646f08391d52cca1bd2518ecfbba25a580c2e9c13d39119f0469b4c069913f2abdc65e89bb5be7bff377c4d131ad6d6a98","ssdeep":"1536:/mA1FtlJhbPna8fFGKWvfrvw+mKVEto/UFumEplP8MHAWDgYNpqUjr3gZm/jYA+b:0c+nwB73","tlshash":"3663e79a14f3a8b61953a1e52beb435a2a74d013d80bce787fec06ac8fc4dd45953b0d","first_seen":"2026-02-26T14:55:52.604533Z","last_seen":"2026-02-27T00:14:40.157559Z","times_seen":3,"resource_available":false,"data":null}},"time_used":3547,"timings":{"blocked":1533,"dns":1039,"connect":240,"send":0,"wait":481,"receive":0,"ssl":249},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"whatssfapp.com.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"whatssfapp.com.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}