{"report_id":"b60fa114-7c28-44c5-8885-b88b66df5903","version":6,"status":"done","tags":[],"date":"2026-03-18T12:18:23Z","url":{"schema":"http","addr":"web.whatsapp.jo.hl.cn","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"final":{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"title":"WhatsApp Web","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"web.whatsapp.jo.hl.cn","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":0,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-22T12:18:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-18T12:18:01Z","timestamp":1773836281,"ip_dst":{"addr":"Client IP","port":44184,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 31","source":"{\"timestamp\":\"2026-03-18T12:18:01.586311+0000\",\"flow_id\":1448003528892580,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"168.76.144.218\",\"src_port\":443,\"dest_ip\":\"172.18.0.17\",\"dest_port\":44184,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400030,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 31\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-03-18T12:18:01.336036+0000\"}}"}],"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"web.whatsapp.jo.hl.cn","ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"domain_registered":"2026-02-28","domain_rank":0,"first_seen":"2026-03-18T12:18:25.170487Z","last_seen":"2026-03-18T12:18:25.170487Z","alert_count":54,"request_count":18,"received_data":952711,"sent_data":8093,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Lodash","description":"Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm.","website":"https://www.lodash.com","common_platform_enumeration":"cpe:2.3:a:lodash:lodash:*:*:*:*:*:*:*:*","icon":"Lodash.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-03-15T23:03:26.25948Z","alert_count":0,"request_count":1,"received_data":288266,"sent_data":425,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-03-16T05:17:51.024188Z","alert_count":0,"request_count":2,"received_data":815943,"sent_data":834,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-03-15T22:30:49.343058Z","alert_count":0,"request_count":2,"received_data":30063,"sent_data":900,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"web.dcobxs.com","ip":{"addr":"104.21.80.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-11-02","domain_rank":0,"first_seen":"2023-11-15T04:57:36Z","last_seen":"2026-02-27T01:10:01.039224Z","alert_count":0,"request_count":1,"received_data":428,"sent_data":418,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/moment/js/moment-2.20.1.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"5ff1de69e6fd137a6dd511205ea7c49e","sha1":"91a29a02cca99f32598f7b5764c610ab3cc89fba","sha256":"001564a706fd2bd3f1b9bbd1ac732493ac2659c207504f5e0713592d7610f389","sha512":"419fa651f350826ebb4ef5f375352a504886638e1d1394ef5d18197ba45d8e48d12fc99596da7fbc7530ec23f6f46c81706c2743971724200da8f3f43c9af0a4","ssdeep":"768:RmEj5IyZrV7dmUJ8/HhbmINN3vhg+XVspjiCumS5vcAKR1DC:wKxrV7d3g8ixXVspCmcti1+","tlshash":"cc3393ca3646b112176622b5083f490bf33d5959680f0d1df508e9e93979c6e827bfbc","size":51599,"data":"","first_seen":"2023-03-07T01:07:40Z","last_seen":"2026-06-08T10:57:55.282669Z","times_seen":846,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/bootstrap/js/bootbox-4.4.0.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"8055e87f2396a627e93c85890189e625","sha1":"842ff4db865468086582581a540e5b87a128f5ce","sha256":"0b6bab63e3aa24b4ab6aab63765a217db5004961bab1ab7d74ffebfa33efb5c4","sha512":"9a18db6c96ebae906c28f9f6396818dbe838db8c32429927755c6d70ca4894a8fe028678b409c3a93790d8a91ee00ff71f761a21d5c746f9f2de436920617f79","ssdeep":"192:SkLnr8QmxYY72OlfojjuXBacAEkEVg3pXrzTGv6:Sk/8BKrypxPLC3pz46","tlshash":"79228281e819e13726737872308f9706303ad569e65948225241e2d59ffaddc43ffb3a","size":9972,"data":"","first_seen":"2023-03-07T12:04:36Z","last_seen":"2026-06-07T01:54:45.277416Z","times_seen":988,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/jquery/js/jquery-3.2.1.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","size":86659,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-08T23:14:56.592491Z","times_seen":93227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":true,"md5":"3c17aee691582d1bafbcda58f7c99a25","sha1":"4901942b80f262d51c870beba2fcb680923b406e","sha256":"3258a860f670527f2b6d4e2d116cb2e84a83b35ce008786e233e172685d4a5bd","sha512":"8f62d47cc4ba5e3a172da40aaefe5c3341d7aa6368ea324818c526c4fafb5b9a56baa078f3ce919ff52eab76db7d8eb39958ebbf830808fbe47dd88ad27fe4a0","ssdeep":"","tlshash":"daf05c22588b1afc6263606f2fbe9d2673d7280f5450c0003d4ca410df715c28605288","size":466,"data":"","first_seen":"2025-10-19T01:16:14.660328Z","last_seen":"2026-05-29T00:13:00.830048Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/lodash/js/lodash.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8515f131f3194c32a3670c8e274fab6","sha1":"60de6e43c4a2c3326275ab12d4ffd90b2582aee9","sha256":"23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc","sha512":"77fac43371a6dc0f97e2ceecdceb64c15eeb1165598b68ae115416afea2721aaedecc953e8dcd29c3af5ab87fae65d4956c58aa7cedeb95daa8f3c4a8f21c7ad","ssdeep":"1536:VkFd9r+sGaSag+Md2ucB+0L87DsqMq5lkQ:VkFSaMDi67","tlshash":"cd6360c93ac3f41643a364b1406f088bf17eaea5acdda108d0e1f0ec797885dd967e59","size":72772,"data":"","first_seen":"2023-03-07T12:03:35Z","last_seen":"2026-06-08T20:44:38.241489Z","times_seen":573,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/jsonTree/jsonTree.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"3ff80e9766a6ef42d85e78a51074ba6a","sha1":"1fbabf173acf615e89ad99fc4ca72ad575241cbd","sha256":"3cc0e2e4d75f991ab09790bc2f9bd86ae39d726c9827f718e367c2ac86098c09","sha512":"1f0d8e61550b2b60f062859cd3b7b63cb73232cadeb53646c1a413dd8f202892b7f996ac60ed8d4453cdbacf32ae8a9e3c2467f2fe2e4499d2cceeed2558201a","ssdeep":"384:JIjJ8s49pyE2DIR4Lb4YSDncH60lqBxzl/4:JId+9pyECIR4LEYSYgB1p4","tlshash":"b3b264153cf762639427f9b50b4f0045f568050fa905acd8bc9e6ab01f98f2459bbafc","size":24674,"data":"","first_seen":"2024-08-19T22:12:06.29686Z","last_seen":"2026-05-29T00:13:00.820789Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","size":407279,"data":"","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-06-08T22:40:47.689696Z","times_seen":39858,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/jquery-colResizable/js/jquery-colResizable-1.6.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"e289cb315e61253151fadc9b9a63824d","sha1":"ccb6f3fd5f91c7463c1aacadea25d9d63d2b8601","sha256":"df43b04a42d0088dd8b12f7ef3c04c2d2743c1af009acc07a331b8e4da4e9830","sha512":"cdcd859363202ad88be1550be4281d048f2494b5f2b6fbb30933fc65481bafc20247ceda1357d5d065d0a9887fe00e0fc91edb7a227a50207aa3c7df5a786edf","ssdeep":"96:mgfPd892kG0eutk0+DM2Cl7YCfZ4s+WYigQhfp6ir5tzPn5Y2KWDBsomB:mgfP/kcNDMYCfiRbigwp6Cnn5Y5WDOo0","tlshash":"03c1e8497350780f9557a15a382bb91efa220a21eb3bc16ce13ad37d4cf89c48175ebd","size":5817,"data":"","first_seen":"2023-03-13T08:49:18Z","last_seen":"2026-06-05T16:43:58.654028Z","times_seen":94,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/bootstrap/js/bootstrap-3.3.7.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"introduction_type":"scriptElement","is_inline":false,"md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","size":37045,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-08T23:08:08.938075Z","times_seen":90500,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/css/spinner_style.css","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /css/spinner_style.css HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Jan 2025 20:47:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ee474-986\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2438,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"d3c0fb3e5e8fb8fdec95a92550ac26e6","sha1":"7a6462fd8ca17c42877736b6fa9a17eaf2aaf7cb","sha256":"92503cced30e330d6e7074bca3bcfe0611f21886f737c682b1ff83db1b49ca14","sha512":"635b40841c07044c9b8d25df45e39db9fe0b5765f57d8519e697512babfe9dbb02f243ce95bf948302a12517da3adbae76509b01375246a6a3c3fa670e819156","ssdeep":"","tlshash":"c5412b1e0d8124f6813b937687932c25fb3b5863434a26d5396fad780f32ad81276ef5","first_seen":"2025-10-19T01:16:14.624534Z","last_seen":"2026-05-29T00:13:00.800056Z","times_seen":77,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/static/css/main.4ab9b89d.css","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /static/css/main.4ab9b89d.css HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 15 Mar 2025 13:47:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d58500-74c\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1868,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1823)","md5":"e5c7d3176160705a7932fc2e17a93774","sha1":"21a62d2bc514a07d9181edc2f9c84ff70db9cd3a","sha256":"0aec1499759884b05c5dc4795c5e6aacd16f2c93025a8bdbc8e95a17b8ba04cc","sha512":"11b07b7d3f270a5a4d4a2aa2de1072163e845dfcd1559e5cb301173fa43846caa24b8bf2746f24919f15612ddb67922550b0f645249162125838c1e90ce975e7","ssdeep":"","tlshash":"35318835eb08103fe17bc63b5295f80170262853da63876eb997b724cac35502a37b54","first_seen":"2025-10-19T01:16:14.631743Z","last_seen":"2026-05-29T00:13:00.81053Z","times_seen":77,"resource_available":false,"data":null}},"time_used":762,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":762,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/bootstrap/js/bootstrap-3.3.7.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/bootstrap/js/bootstrap-3.3.7.min.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-90b5\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-08T23:08:08.938075Z","times_seen":90500,"resource_available":true,"data":null}},"time_used":1008,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1008,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/js/WebSocketClient.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /js/WebSocketClient.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 26 Jun 2024 07:32:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"667bc41e-220b3\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139443,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d26219a6baeda6762dccb88c3cd692a8","sha1":"c3e5f409115d29e117607cc2eca6ef5317af210b","sha256":"e597eb5fcb211106d53ea3940d0bde89b178b093c12ada9de57f81169302ffca","sha512":"6db1170ab0c4571fc3aeed48e785dbf62bc3d03564d1c9b0dee993134db75bf85dea93e345ef801bbb7bc384446c1894705da2725900e2937303b207358962f8","ssdeep":"3072:NLnP1eVKU+ytfF6DyIA7kvo1kis3hQdhnNFn:99VytfL7kA1U3ydhnNFn","tlshash":"6ad3938177c6b88122471bb7772bb1e9f92e4dd870c9088bf154bc98f5b9911fae4930","first_seen":"2025-10-19T01:16:14.653859Z","last_seen":"2026-06-04T12:20:47.287498Z","times_seen":109,"resource_available":false,"data":null}},"time_used":1000,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1000,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/js/main.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 16 Mar 2025 10:49:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d6acb8-1f458\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":128088,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d0117a3218db3fb3bf6757de07c481e2","sha1":"97d6f8b06249ec39ebdce4e9c10b03e10d515ef8","sha256":"2f6233c3c2f2ded13630778b83a60d2f0b93cc7eb00ba59e6a0355f41afba7d5","sha512":"74e99ff3b88e39fd2b670894820f32a60a05c687100931cf91e811a5c8f45f024e550a7ba6a311d805873b2933e0f503c07a9caf4091a12c5d50b20be36ad88c","ssdeep":"3072:YgRqiDilIWUKSPXye5ZkrPlepHzLJXHuoR:tDiaWU7Xye5ZkrPYz9Oe","tlshash":"8ec35180b7c2bc8116875b72732bb2e9f52d4de97589488bf500fc94f5ba911fae0931","first_seen":"2025-10-19T01:16:14.594234Z","last_seen":"2026-05-29T00:13:00.824063Z","times_seen":75,"resource_available":false,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":996,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.5.1.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.5.1.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-4638e\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\nage: 3629729\r\nx-served-by: cache-lga21971-LGA, cache-hel1410025-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 1557, 4198\r\nx-timer: S1773836282.328201,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 84374\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":287630,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"23c7c5d2d1317508e807a6c7f777d6ed","sha1":"ad16c4a132ad2a03b4951185fed46d55397b5e88","sha256":"416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37","sha512":"58d2f17cfffc71560bf6c8fc267a7a7add0192e6cb3f7d638531bdbe12ff179b84666839c04ccaa17a75909b25ccf416c0f4f57b23224b194a0a0cc72ce4ce4d","ssdeep":"6144:pJChNVls+TCtlFhTzeKR7cYmD2zK8EAbEtPx+WI+Y7cFyW48L/dyVxNaIPfytrAP:xf7cYmD43APx+WI+Y7cFyMyDTPfCAeuH","tlshash":"2354a4d9f78d112e423231aaac2f12cdb77cd171560458aebd4d597c24a083d83baf7a","first_seen":"2023-03-07T01:03:32Z","last_seen":"2026-06-08T22:09:02.121846Z","times_seen":8578,"resource_available":true,"data":null}},"time_used":129,"timings":{"blocked":44,"dns":3,"connect":14,"send":0,"wait":14,"receive":19,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/css/main.css","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /css/main.css HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 08 Jan 2025 20:37:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"677ee220-1db1\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7601,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcae2c55fc15557c686667b5211d6666","sha1":"29bb2f9fe5e429b85fbf1a9735a6c6933ff93ec7","sha256":"1cb533af5df98df30a59d6414fe34f4d407c9ec8de77e537c58c914328429261","sha512":"2f3b0d22229a699b558ac1d25204c658921b282c04c818e8b39eb6e03d6893f26a5f2c11061af3d7022dddde681b45319416db8c9bc1bda55fab9265ae1ba004","ssdeep":"192:3gssXtsPqjDZrugVO4Dy4JscL7MsABM4pquQJNPi:3bx9ZcyU3vz1DHPi","tlshash":"23f103d15fb62508b4afd06d7851eb19a72dc582e64fcc786be1200cddc92cd19b7b88","first_seen":"2025-10-19T01:16:14.641958Z","last_seen":"2026-05-29T00:13:00.82251Z","times_seen":77,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/lodash/js/lodash.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/lodash/js/lodash.min.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-11c44\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72772,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4357)","md5":"c8515f131f3194c32a3670c8e274fab6","sha1":"60de6e43c4a2c3326275ab12d4ffd90b2582aee9","sha256":"23258114961c94563c3e7df66f059d487995e01f4ce666f2e5b84f1c499e63cc","sha512":"77fac43371a6dc0f97e2ceecdceb64c15eeb1165598b68ae115416afea2721aaedecc953e8dcd29c3af5ab87fae65d4956c58aa7cedeb95daa8f3c4a8f21c7ad","ssdeep":"1536:VkFd9r+sGaSag+Md2ucB+0L87DsqMq5lkQ:VkFSaMDi67","tlshash":"cd6360c93ac3f41643a364b1406f088bf17eaea5acdda108d0e1f0ec797885dd967e59","first_seen":"2023-03-07T12:03:35Z","last_seen":"2026-06-08T20:44:38.241489Z","times_seen":573,"resource_available":true,"data":null}},"time_used":767,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":767,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/jquery-colResizable/js/jquery-colResizable-1.6.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/jquery-colResizable/js/jquery-colResizable-1.6.min.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-16b9\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5817,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5715)","md5":"e289cb315e61253151fadc9b9a63824d","sha1":"ccb6f3fd5f91c7463c1aacadea25d9d63d2b8601","sha256":"df43b04a42d0088dd8b12f7ef3c04c2d2743c1af009acc07a331b8e4da4e9830","sha512":"cdcd859363202ad88be1550be4281d048f2494b5f2b6fbb30933fc65481bafc20247ceda1357d5d065d0a9887fe00e0fc91edb7a227a50207aa3c7df5a786edf","ssdeep":"96:mgfPd892kG0eutk0+DM2Cl7YCfZ4s+WYigQhfp6ir5tzPn5Y2KWDBsomB:mgfP/kcNDMYCfiRbigwp6Cnn5Y5WDOo0","tlshash":"03c1e8497350780f9557a15a382bb91efa220a21eb3bc16ce13ad37d4cf89c48175ebd","first_seen":"2023-03-13T08:49:18Z","last_seen":"2026-06-05T16:43:58.654028Z","times_seen":94,"resource_available":true,"data":null}},"time_used":1008,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1008,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/moment/js/moment-2.20.1.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/moment/js/moment-2.20.1.min.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-c98f\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51599,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (51599), with no line terminators","md5":"5ff1de69e6fd137a6dd511205ea7c49e","sha1":"91a29a02cca99f32598f7b5764c610ab3cc89fba","sha256":"001564a706fd2bd3f1b9bbd1ac732493ac2659c207504f5e0713592d7610f389","sha512":"419fa651f350826ebb4ef5f375352a504886638e1d1394ef5d18197ba45d8e48d12fc99596da7fbc7530ec23f6f46c81706c2743971724200da8f3f43c9af0a4","ssdeep":"768:RmEj5IyZrV7dmUJ8/HhbmINN3vhg+XVspjiCumS5vcAKR1DC:wKxrV7d3g8ixXVspCmcti1+","tlshash":"cc3393ca3646b112176622b5083f490bf33d5959680f0d1df508e9e93979c6e827bfbc","first_seen":"2023-03-07T01:07:40Z","last_seen":"2026-06-08T10:57:55.282669Z","times_seen":846,"resource_available":true,"data":null}},"time_used":1002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1002,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-18T12:18:00.770Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:01 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 17 Mar 2026 16:38:37 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b9838d-c99\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Lodash","description":"Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm.","website":"https://www.lodash.com","common_platform_enumeration":"cpe:2.3:a:lodash:lodash:*:*:*:*:*:*:*:*","icon":"Lodash.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":3225,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"204374bd574e30c9884621c4e2e86a84","sha1":"db573c07c8456a900678daa67a2139160bb556bc","sha256":"c1b9d5668408306d07aec348a170772ab227e3f25c9684b2c50ace92b4b3ca78","sha512":"40c7fcd33b9098733f1322404ed479d75f7e068aa21dfe62841e3e654e1b0376e5d4d431b2ddf46d37437485586cc11f21b99baa26c9378ea982295b4ddab831","ssdeep":"","tlshash":"1661e247ace6cc6e712015cabdb6f42cec98b54ad550cca8b5ec80f61fe5bc84c57984","first_seen":"2026-03-18T12:18:29.114996Z","last_seen":"2026-03-19T00:10:18.565793Z","times_seen":3,"resource_available":false,"data":null}},"time_used":2408,"timings":{"blocked":1079,"dns":565,"connect":250,"send":0,"wait":251,"receive":0,"ssl":260},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 21 Jan 2026 08:26:32 GMT","end":"Tue, 21 Apr 2026 09:26:27 GMT"},"fingerprint":{"sha1":"90:9B:CE:CB:FE:F2:C6:A9:53:13:5D:52:B6:07:F4:B4:84:28:97:60","sha256":"61:49:94:E8:FB:D1:24:14:DF:C9:92:BE:60:84:A8:D8:37:E3:89:DC:42:7B:0A:64:D3:F2:32:FD:D0:93:4C:4B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::95btd-1773835886373-d8bdd2c8485d\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 395\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dKhpmVj25qhzuEZwrnVOwn6Muwvb7UOPGg8my5lQy%2F%2Fxf8ijMQ%2FUO8VOhstPkwIYKbBYum3gcbtVWHKhrunO6%2BMI8jPEwzuJhiD1VWtmdjVM5Q%3D%3D\"}]}\r\ncf-ray: 9de42d7c4a23ddf7-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T23:17:23.623528Z","times_seen":16252840,"resource_available":true,"data":null}},"time_used":77,"timings":{"blocked":27,"dns":2,"connect":8,"send":0,"wait":14,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/jquery/js/jquery-3.2.1.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/jquery/js/jquery-3.2.1.min.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-15283\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86659,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32058)","md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-08T23:14:56.592491Z","times_seen":93227,"resource_available":true,"data":null}},"time_used":1001,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1001,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/jsonTree/jsonTree.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/jsonTree/jsonTree.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-6062\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24674,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"3ff80e9766a6ef42d85e78a51074ba6a","sha1":"1fbabf173acf615e89ad99fc4ca72ad575241cbd","sha256":"3cc0e2e4d75f991ab09790bc2f9bd86ae39d726c9827f718e367c2ac86098c09","sha512":"1f0d8e61550b2b60f062859cd3b7b63cb73232cadeb53646c1a413dd8f202892b7f996ac60ed8d4453cdbacf32ae8a9e3c2467f2fe2e4499d2cceeed2558201a","ssdeep":"384:JIjJ8s49pyE2DIR4Lb4YSDncH60lqBxzl/4:JId+9pyECIR4LEYSYgB1p4","tlshash":"b3b264153cf762639427f9b50b4f0045f568050fa905acd8bc9e6ab01f98f2459bbafc","first_seen":"2024-08-19T22:12:06.29686Z","last_seen":"2026-05-29T00:13:00.820789Z","times_seen":78,"resource_available":true,"data":null}},"time_used":1006,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1006,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/js/UpdaterPromise.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /js/UpdaterPromise.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 25 Jun 2024 14:31:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"667ad4d0-12494\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74900,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b751955868ca22533228a0b00b202246","sha1":"d2009cf3ce2d3fb12801fd4904f0f1af0dbb4f90","sha256":"6f5ddd748ae17d89c950678f62d8583aa7fef592597a29305df5cf0af1a691a4","sha512":"846d9030528ee05e44bed9e63c2ab5e570df85a2638c6f052549f6b677647f5b763d6761c19707595c79ef2f46b6a87cf3d34a57cf98107010f341b0b7b14043","ssdeep":"1536:JMN3MzMq3sfeJGS6q1h7lF/af9l4V3aiJLMFUZGARy9:J43+GfAxvy1qqilMoy9","tlshash":"da73528077d1b8c102875bb6b72bb1e6f82a5ce9b1c5484ef500f898f8b9915fed1931","first_seen":"2025-10-19T01:16:14.590733Z","last_seen":"2026-06-04T12:20:47.283603Z","times_seen":109,"resource_available":false,"data":null}},"time_used":1002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1002,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/js/BootstrapStep.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /js/BootstrapStep.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 25 Jun 2024 14:31:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"667ad4c0-12e8f\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77455,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f76c1d59b412927131d2bdd64cac8be4","sha1":"3311c13fa7175af40427a8af270c647ec6c6fed0","sha256":"c2ade901c6e6b1dfd488789d9d013f0094b084eb65f4caa39fc6c4507c0cb60f","sha512":"90f61851503490e9c270b32b66a7bd334636ba2df959f131ab6622eb97e78a2c40261c79dc38f5049b8150bbfd85d669bcbd212e52c1fdfbe2c3278e738bf3c4","ssdeep":"1536:EM52C9Y2mVGNl5CThrtQLxL5sYpfWFt/JBOyKAWEBTxOZ8GdRcjR+BvF+ShvZIIk:EY9Y2mVGNl5CThr2vsy+BBzKTEBTxO2p","tlshash":"df73838577c6b8c1124767b7b32ab1e5e82e5cdd3088088ff544bc98f5b9916fae0931","first_seen":"2025-10-19T01:16:14.611698Z","last_seen":"2026-06-04T12:20:47.296651Z","times_seen":109,"resource_available":false,"data":null}},"time_used":998,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":998,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/uuid/8.3.2/uuid.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/uuid/8.3.2/uuid.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2933\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5fe06b73-1fe0\"\r\nlast-modified: Mon, 21 Dec 2020 09:31:31 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 383091\r\nexpires: Mon, 08 Mar 2027 12:18:02 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8Gf8Gdd1Nbf3WTCMxDjvxpyTDD4rNl05zAAoCpgomNSSDZz7KhqSXp6VUz%2BGq%2B0vPGime4kJzXLkROnmK4un54Py2cPBUnsHkOIB%2FOW8S1EDKhE%3D\"}]}\r\ncf-ray: 9de42d7c5b781525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8160,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8160), with no line terminators","md5":"50fecb6517141ce734bdc903aeb7aa6d","sha1":"ffce0e94a0a6f3b661942c5f9344e709773ec44a","sha256":"c5df6d9704bdada96df0770523058f395192ee9d1fe13880eb1d57dfe6417533","sha512":"50d3359e302038551aef86746c00f002af206d372a642f048f8c4f4b3a6787497a28c7afc2f901bdb95d17db91fbea8a789f8c3991d18d5d47663a11be30df35","ssdeep":"192:NT/XsoaxLo7L1AsLVllMA5/VYZncbsPYxb2g9n/m5iCyK08l9l4E+kghMnf4W5Qe:VX9aNo7LWsLPnYZncbs5UeiCyK0Q9l4W","tlshash":"d7f193ac6c8960afc3ef1e5d18aa304b72f07511244d8415f2a5b9fa1490eff9b36e1d","first_seen":"2023-03-29T21:08:33Z","last_seen":"2026-06-08T18:39:07.250025Z","times_seen":757,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":16,"dns":1,"connect":3,"send":0,"wait":15,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 21 Jan 2026 08:26:32 GMT","end":"Tue, 21 Apr 2026 09:26:27 GMT"},"fingerprint":{"sha1":"90:9B:CE:CB:FE:F2:C6:A9:53:13:5D:52:B6:07:F4:B4:84:28:97:60","sha256":"61:49:94:E8:FB:D1:24:14:DF:C9:92:BE:60:84:A8:D8:37:E3:89:DC:42:7B:0A:64:D3:F2:32:FD:D0:93:4C:4B"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::rhz55-1772419043268-7fdcc195e7a4\r\nlast-modified: Mon, 02 Mar 2026 02:37:23 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 1417238\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PNZ%2BPisIeEap%2BsYOjwpSNPZHVRjkBcZlM371eselqZNLO3s7fyoxkPzaRK0B7eZF7Rk6kvmwJ4XtTRxmh9hRjiVy6r8NbkmnlpVf8BiCNgbcgw%3D%3D\"}]}\r\ncf-ray: 9de42d7c5a8cddf7-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-06-08T22:40:47.689696Z","times_seen":39858,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/static/js/main.6c724e39.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /static/js/main.6c724e39.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 15 Mar 2025 13:47:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67d58500-34091\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":213137,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"26a8b96a4e2f8ec33a08c340b726c50f","sha1":"1d3204f433b0c7d2f042083094bb1ab17317e3fb","sha256":"7dd85aca2c29abbe85ca1f14cb376ed30e3a9e64a6cb35f9b3f726b1a8784e82","sha512":"7b0de1dfa7540cb4d3e50d5792f61299036de1c8e2e3a9c56a3a64e36cd1cf80f7baf6bdf8a5edd796c6ab75d014d596a1abf53924faaac96c518b5d548886ca","ssdeep":"3072:lqwTemJdjlGG+5tMiGfV+rY2MPeiwXMLthI+:lfTpJdouiwV+rY2MPeiwXathI+","tlshash":"68241ae83955f5516eb343f710af1807737c2a2b280d4da0a211fd9db4b809eb17be99","first_seen":"2025-10-19T01:16:14.645533Z","last_seen":"2026-05-29T00:13:00.80942Z","times_seen":77,"resource_available":true,"data":null}},"time_used":509,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":509,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/lib/bootstrap/js/bootbox-4.4.0.min.js","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /lib/bootstrap/js/bootbox-4.4.0.min.js HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 25 Mar 2024 00:42:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6600c88a-26f4\"\r\nexpires: Thu, 19 Mar 2026 00:18:02 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9972,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9748)","md5":"8055e87f2396a627e93c85890189e625","sha1":"842ff4db865468086582581a540e5b87a128f5ce","sha256":"0b6bab63e3aa24b4ab6aab63765a217db5004961bab1ab7d74ffebfa33efb5c4","sha512":"9a18db6c96ebae906c28f9f6396818dbe838db8c32429927755c6d70ca4894a8fe028678b409c3a93790d8a91ee00ff71f761a21d5c746f9f2de436920617f79","ssdeep":"192:SkLnr8QmxYY72OlfojjuXBacAEkEVg3pXrzTGv6:Sk/8BKrypxPLC3pz46","tlshash":"79228281e819e13726737872308f9706303ad569e65948225241e2d59ffaddc43ffb3a","first_seen":"2023-03-07T12:04:36Z","last_seen":"2026-06-07T01:54:45.277416Z","times_seen":988,"resource_available":true,"data":null}},"time_used":1007,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1007,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/qrcodejs/1.0.0/qrcode.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 18 Mar 2026 12:18:02 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6083\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fad-4dd7\"\r\nlast-modified: Mon, 04 May 2020 16:15:41 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 281340\r\nexpires: Mon, 08 Mar 2027 12:18:02 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qCH3%2B559Eg3fZVVdIAyT4RqoWJW8VB92A7VVUhC4O4FUYLLjhuk0la8wRhPbgPFlm2NftYFqbtiLSMswlgRidVms4BQfM0Ldyitm0OaHF9CbfIQ%3D\"}]}\r\ncf-ray: 9de42d7c5b491525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (19927), with no line terminators","md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-06-08T23:17:23.582886Z","times_seen":61651,"resource_available":true,"data":null}},"time_used":62,"timings":{"blocked":17,"dns":1,"connect":1,"send":0,"wait":19,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.dcobxs.com/matomo.js","fqdn":"web.dcobxs.com","domain":"dcobxs.com","tld":"com"},"ip":{"addr":"104.21.80.193","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:02.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"dcobxs.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 30 Jan 2026 04:16:53 GMT","end":"Thu, 30 Apr 2026 05:14:54 GMT"},"fingerprint":{"sha1":"C0:74:ED:7F:9A:5F:BB:D6:5B:90:DD:B2:16:B4:A0:69:2F:43:0B:A8","sha256":"ED:F1:CB:50:FE:26:89:8A:C2:52:EC:D6:3E:96:4E:8C:F2:A7:AB:DE:17:23:75:B4:4F:03:D8:82:72:B5:7A:1D"}}},"request":{"raw":"GET /matomo.js HTTP/1.1\r\nHost: web.dcobxs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 522 No Reason Phrase\r\ndate: Wed, 18 Mar 2026 12:18:21 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 7234\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nreferrer-policy: same-origin\r\nx-frame-options: SAMEORIGIN\r\nserver: cloudflare\r\ncf-ray: 9de42d7e2a0a4b93-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"522","status_text":"No Reason Phrase","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T23:17:23.623528Z","times_seen":16252840,"resource_available":true,"data":null}},"time_used":19446,"timings":{"blocked":85,"dns":43,"connect":8,"send":0,"wait":19270,"receive":5,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/logo192.png","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:04.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /logo192.png HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:04 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 17 Mar 2026 16:36:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69b98304-14e3\"\r\nexpires: Fri, 17 Apr 2026 12:18:04 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5347,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"33dbdd0177549353eeeb785d02c294af","sha1":"7f4f2d68782a7fafceda84554ecab9b489877500","sha256":"c386396ec70db3608075b5fbfaac4ab1ccaa86ba05a68ab393ec551eb66c3e00","sha512":"e34572cf754ff7e1d0acb12d8275252230ad1dd9adc5858e807fef0fb61aea82cb1f9ca3ebab3eeb449460373140105f8d773e7bddbf6745f9e81cc1546621f4","ssdeep":"96:gMgJkzj81lSl2dxYAYKsHHVIqApHGoKf4slNb6LQbTehYx5AtKAdmTRwy/Ik2k3:gMct0nKsUwXTbnkeAMA+Twkv","tlshash":"deb18e4e37e13c238137de00aa8ee5ddff52c6ff81226144e24933e9243839d9591916","first_seen":"2023-04-21T11:39:01Z","last_seen":"2026-06-08T15:15:22.743809Z","times_seen":10509,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"web.whatsapp.jo.hl.cn/favicon.ico","fqdn":"web.whatsapp.jo.hl.cn","domain":"jo.hl.cn","tld":"hl.cn"},"ip":{"addr":"168.76.144.218","port":443,"asn":137951,"as":"ASLINE LIMITED","country":"South Africa","country_code":"ZA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://web.whatsapp.jo.hl.cn/","date":"2026-03-18T12:18:04.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web.whatsapp.jo.hl.cn","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Tue, 17 Mar 2026 15:42:39 GMT","end":"Mon, 15 Jun 2026 15:42:38 GMT"},"fingerprint":{"sha1":"26:8C:0A:57:CE:AD:D4:AC:4F:24:1A:F4:0A:34:2E:F3:B7:F5:08:D9","sha256":"F3:B2:64:7A:E9:BC:36:B4:C7:DC:5E:8E:F1:09:A1:25:FA:C4:34:F5:23:F0:31:01:5B:F5:E0:63:16:89:79:D1"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: web.whatsapp.jo.hl.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web.whatsapp.jo.hl.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 18 Mar 2026 12:18:04 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1385\r\nlast-modified: Tue, 17 Mar 2026 16:36:20 GMT\r\netag: \"69b98304-569\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1385,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"b70e6078004aeb5146c635cc4c8af761","sha1":"08361cabab0812baeb8ecf4dfbdddd10a9104423","sha256":"20ce7e373448ca2a51d95f60fc906f57cc27d103a6bba4e33be3453f7b23b98e","sha512":"76e0a9f494998151ab5f5d1ef2f1e2cd826135537e6b3e77e6653997d6e073696880a1ab5100c6a85aea926edcfe036c31513d08f58c0bcc02db0a4c8b6bec09","ssdeep":"","tlshash":"bf210bf3e36020e90841d4310333621b57fa4f7b6d909371f071509112b944845a1e97","first_seen":"2024-12-25T11:23:49.33594Z","last_seen":"2026-06-06T07:44:52.24081Z","times_seen":1912,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":252,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-18","alert":"Phishing Block","trigger":"web.whatsapp.jo.hl.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-18","alert":"Sinkholed","trigger":"web.whatsapp.jo.hl.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}