{"report_id":"c69ef934-e68d-47bd-a115-1570b892272a","version":6,"status":"done","tags":[],"date":"2026-06-02T08:17:20Z","url":{"schema":"http","addr":"drk-whatsapp.hk.cn","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"52.184.98.194","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"title":"WhatsApp Web","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"drk-whatsapp.hk.cn","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"52.184.98.194","port":0,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-07T08:17:20Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-31T22:21:48.210615Z","alert_count":0,"request_count":1,"received_data":7280,"sent_data":474,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.xdgkg.net","ip":{"addr":"172.67.199.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-22","domain_rank":0,"first_seen":"2026-02-26T11:40:52.336419Z","last_seen":"2026-06-02T05:41:16.027434Z","alert_count":0,"request_count":1,"received_data":3719,"sent_data":414,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-05-31T22:37:14.287473Z","alert_count":0,"request_count":2,"received_data":30117,"sent_data":894,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"drk-whatsapp.hk.cn","ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-06-02","domain_rank":0,"first_seen":"2026-06-02T05:41:15.439862Z","last_seen":"2026-06-02T05:41:15.439862Z","alert_count":45,"request_count":15,"received_data":3629585,"sent_data":7020,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/qrcodejs/1.0.0/qrcode.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 08:16:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6083\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03fad-4dd7\"\r\nlast-modified: Mon, 04 May 2020 16:15:41 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 2280519\r\nexpires: Sun, 23 May 2027 08:16:59 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ibO%2Fd1a5IVwrnJ%2FS3nDeOtMUWh%2F8vhIF3GWzd8%2BPw861HNk4c01cXqzjCSxyPCrIH1sqYkE2qv05lg6kUq91uuJIRnI6nYoTK1kJN8tBvkHOIH7YzLxPRyVO3WNia5m7MzFkiqkz\"}]}\r\ncf-ray: a05504e0cc8c56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (19927), with no line terminators","md5":"517b55d3688ce9ef1085a3d9632bcb97","sha1":"2d06c1f823f34c19981c6ae0b0eb0f5861c5e14b","sha256":"c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36","sha512":"08d80845e706a3b9e985b799d3849cd7791ad3ba5aa9d793bb4591d4833890d7299810144874905f416c94d8530da74be0ee520066a91ade05a1da8bf0ccb498","ssdeep":"384:WRQ2kvcAAdTRhQLThP2yO9/9G84U5xOiKQYHHHsglDep9m1yfB8dKLMyA+LyUyy9:xThP2V/9N4U/gQYPXa8CAPLyrZ","tlshash":"8c92c7e4f36542f6915e6cd4283f104b64a0a4636c1490acbfb5c1e6a9f8fe0647af74","first_seen":"2023-03-07T01:14:56Z","last_seen":"2026-06-23T11:02:00.793832Z","times_seen":63045,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":8,"receive":1,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/css/spinner_style.css","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:58.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /css/spinner_style.css HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:58 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-b58\"\r\nExpires: Tue, 02 Jun 2026 04:54:41 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2904,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"c856959f0ff5db6a8c801c1f289c55d9","sha1":"9872106f236ecf014ca112dffb1510bdc42b8bc1","sha256":"7e5acc796a6ae576eb44fb7d2814152896be8870767226c204dc246f5c90d025","sha512":"23c4d2474c3063d3043cee2ce5ba593d23f08a52caa51dd732c5e867019d8967f783c24df95c8c99d0a4573a8b19ad86ddab1da372d0ae911a0a8a2290b32ebb","ssdeep":"","tlshash":"2c516d1e094114f7813b93729b922c25fb379463434a21d539afa9784f326cc0276ff4","first_seen":"2025-10-21T13:04:17.748185Z","last_seen":"2026-06-04T12:20:47.289436Z","times_seen":35,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/lib/jquery/js/jquery-3.2.1.min.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:58.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /lib/jquery/js/jquery-3.2.1.min.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-15283\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86659,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32058)","md5":"c9f5aeeca3ad37bf2aa006139b935f0a","sha1":"1055018c28ab41087ef9ccefe411606893dabea2","sha256":"87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de","sha512":"dcff2b5c2b8625d3593a7531ff4ddcd633939cc9f7acfeb79c18a9e6038fdaa99487960075502f159d44f902d965b0b5aed32b41bfa66a1dc07d85b5d5152b58","ssdeep":"1536:YNhEyjjTikEJO4edXXe9J578go6MWX2xkj8e4c4j2ll2AckaXEP6n15HZ+FhFcQ7:uxc2yjx4j2uX/kcQDU8Cu9","tlshash":"4483e6d9b2c67062977730b950bf410bb17a98dab44c8c60f158d9d47eb8a8d907bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-23T10:37:22.20865Z","times_seen":94972,"resource_available":true,"data":null}},"time_used":1217,"timings":{"blocked":398,"dns":1,"connect":203,"send":0,"wait":404,"receive":1,"ssl":207},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/lib/bootstrap/js/bootstrap-3.3.7.min.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /lib/bootstrap/js/bootstrap-3.3.7.min.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-90b5\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37045,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32033)","md5":"5869c96cc8f19086aee625d670d741f9","sha1":"430a443d74830fe9be26efca431f448c1b3740f9","sha256":"53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef","sha512":"8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45","ssdeep":"768:o2rGy27UwlNqMl95qNmCFejhqs8snmi+CSFXfbx8Gf3Zq7Q:Jg73zhq0GvbJ3ZKQ","tlshash":"b6f28606b23031a147efb1e1525b020e7239696ee906907c78b99af53db9c48717bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-06-23T11:14:19.327232Z","times_seen":92789,"resource_available":true,"data":null}},"time_used":1214,"timings":{"blocked":474,"dns":1,"connect":244,"send":0,"wait":244,"receive":1,"ssl":248},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/js/UpdaterPromise.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /js/UpdaterPromise.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-12494\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74900,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b751955868ca22533228a0b00b202246","sha1":"d2009cf3ce2d3fb12801fd4904f0f1af0dbb4f90","sha256":"6f5ddd748ae17d89c950678f62d8583aa7fef592597a29305df5cf0af1a691a4","sha512":"846d9030528ee05e44bed9e63c2ab5e570df85a2638c6f052549f6b677647f5b763d6761c19707595c79ef2f46b6a87cf3d34a57cf98107010f341b0b7b14043","ssdeep":"1536:JMN3MzMq3sfeJGS6q1h7lF/af9l4V3aiJLMFUZGARy9:J43+GfAxvy1qqilMoy9","tlshash":"da73528077d1b8c102875bb6b72bb1e6f82a5ce9b1c5484ef500f898f8b9915fed1931","first_seen":"2025-10-19T01:16:14.590733Z","last_seen":"2026-06-04T12:20:47.283603Z","times_seen":109,"resource_available":false,"data":null}},"time_used":1459,"timings":{"blocked":477,"dns":0,"connect":244,"send":0,"wait":487,"receive":1,"ssl":248},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/static/js/main.c5971098.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /static/js/main.c5971098.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-f042d\"\r\nExpires: Tue, 02 Jun 2026 04:54:44 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":984109,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"f14fc7eed6309044bdeda3e1aca89266","sha1":"e27143a7a327701aadfb6b47be812336531f4108","sha256":"667cdeff96b0201dc11142a7e77727024e36e1cfec3258be9e31a411e6a1078e","sha512":"4eccbf0e21985c797bc8adf0d6ff799dee2bf1055d10b68922a2a611794a871cde04fb32699c47a11cc0731d311cc3e09f3f1913faf3676343d6c143c13711a7","ssdeep":"12288:dtaHIiaOr9ntZ8HGGzpL+PTwC22vqahQbqzfTBifFo4FXJrNh+bbOIAgmp5t0:dtaIK9FTw4","tlshash":"b42509d9f63ca73561e56375589fb38e2a2c3857c80c867876d3f88e22799d4316af00","first_seen":"2025-10-21T13:04:17.74638Z","last_seen":"2026-06-04T12:20:47.292218Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1412,"timings":{"blocked":797,"dns":0,"connect":0,"send":0,"wait":203,"receive":412,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T08:16:57.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Tue, 02 Jun 2026 08:16:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLocation: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5121,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-23T11:14:29.504986Z","times_seen":16651907,"resource_available":true,"data":null}},"time_used":1549,"timings":{"blocked":653,"dns":238,"connect":203,"send":0,"wait":243,"receive":0,"ssl":210},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/public/default_icon.png","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:17:01.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /public/default_icon.png HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Tue, 02 Jun 2026 08:17:01 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\nServer: nginx\r\nX-Cache-Status: MISS from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-23T11:13:39.253314Z","times_seen":530159,"resource_available":true,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/js/main.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /js/main.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-5268e\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":337550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"228b9351a1647f1db43710d762bb80b2","sha1":"b0af0f091621547c9568197635d54f07aabdf5cf","sha256":"f919ed3c3ac53deed77938d1aeb07065e949ea962b89cefc14799dd977bc0ab0","sha512":"f62188ef70ca655d805d4e1884e9f62eb9ca535ffc8043b9be951ab3028a5b13766f78df65bef5a26843b94ed54e8f404af5deaa49fe729f87c62b5dc5dbd6be","ssdeep":"6144:ygKYZSxBgKd1C3xYOoO9o65Uv4KCkcLHXcqSabKh8j2KDL:L0jgKdQYOomKKLHXczwKhCv","tlshash":"5174b59473c27c8102431b77771bb1e5f96e8ddcb189848bf440bd58f0b9a16eae1a72","first_seen":"2026-06-02T05:41:20.886713Z","last_seen":"2026-06-04T12:20:47.291606Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1405,"timings":{"blocked":796,"dns":0,"connect":0,"send":0,"wait":203,"receive":406,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-02T08:16:58.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /?k=MTc4MDM4ODIxOHx3cw== HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:58 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:3.2.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:3.3.7","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]}],"data":{"size":5121,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (494)","md5":"7a396cb303bd5635e68195b66cb0dff7","sha1":"aa0462e5af5e88a31fddef21b9c177d7d0853b9c","sha256":"22e94513eec87f25b8598f05626c5a40e6b5642c44d11df0c1aeb6ef394b79cd","sha512":"f8a48bd37a79901913c8670b1f0af1cf548419579910f2c08a66f0d15e57c40243ce5e3103abdb89bdd6af8ecb7cc5fe8bdcb7f466a47c913b502b556ebc6f82","ssdeep":"96:pdXRKkyUXFUUHyMUAxnD5v7rTXJAD1KDE+YMvvBavBtjxRwjVe:pXM2FUAyMzxD5DrjORK5ezjxRwjw","tlshash":"dfb1b7af8dd0fa28323e5d56f0e4f74b8bb44a0be051ac56b86d40bd6f837858493815","first_seen":"2026-04-26T02:44:36.179767Z","last_seen":"2026-06-04T12:20:47.294847Z","times_seen":13,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Josefin+Sans:100,300,400,700|Pacifico","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:58.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /css?family=Josefin+Sans:100,300,400,700|Pacifico HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 02 Jun 2026 08:16:59 GMT\r\ndate: Tue, 02 Jun 2026 08:16:59 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6594,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"f82d6a7e908d25d763e7b0a80d536dc7","sha1":"ee7db82aefd59cad74d3bab9803c18ae0edca05d","sha256":"902aaffa5db55ff5ea6622fbc81cf6d1715b2d200c933b035e286df7e9f4d546","sha512":"bc52410aea4a4e71dc233700f7ef7209ed472ddbeaa7c91ac31742645ea0f6b4e9a3a01f5efe75b306028f44b9480394870f867f728062a5218bb0273f1556d1","ssdeep":"192:cg747jn7zAIj1zpRj0zksj5EZQrZWYZJZ6RpZ1:cgEP/dYd0t","tlshash":"78d113d1042be690a7831dc223ce7d329e8fa15934418975affe18ccec56c3a6361b4d","first_seen":"2025-10-21T13:04:17.749691Z","last_seen":"2026-06-04T12:20:47.286326Z","times_seen":35,"resource_available":false,"data":null}},"time_used":478,"timings":{"blocked":216,"dns":0,"connect":15,"send":0,"wait":32,"receive":0,"ssl":213},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/static/css/main.70a4cba9.css","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:58.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /static/css/main.70a4cba9.css HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-bed1\"\r\nExpires: Tue, 02 Jun 2026 04:54:41 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48849,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (48804)","md5":"77cc9786f613a5c5e066fe5c7b03ea27","sha1":"aaa304115426043fbba9058aafae72e0ba9f96bc","sha256":"c24ca2ad316ea0b4a3cf668f5c2c5cb472f37fe3abcce430ea71e30954d27193","sha512":"22553f86319d29245253de82f8229e86b7abc7c9b3e7a06716c91aa685a0f5befb81d43cbf15741a9f64f8d6b61c9e41f099a15e2bab083a01b84ec60c678f10","ssdeep":"768:JtS5VDrE2drkjGyXibfL3bH19TSowv7FONGBwApyS+tJOrYw:u/02Fkj74LbH19TSoGT5YS+tfw","tlshash":"262352181bc910eafd17dd72a0e467d0613ea208e4290bbc8459b5aff1c76dc477bda2","first_seen":"2025-10-21T13:04:17.731949Z","last_seen":"2026-06-04T12:20:47.299433Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1220,"timings":{"blocked":399,"dns":1,"connect":203,"send":0,"wait":405,"receive":1,"ssl":208},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/js/WebSocketClient.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /js/WebSocketClient.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-220b3\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":139443,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d26219a6baeda6762dccb88c3cd692a8","sha1":"c3e5f409115d29e117607cc2eca6ef5317af210b","sha256":"e597eb5fcb211106d53ea3940d0bde89b178b093c12ada9de57f81169302ffca","sha512":"6db1170ab0c4571fc3aeed48e785dbf62bc3d03564d1c9b0dee993134db75bf85dea93e345ef801bbb7bc384446c1894705da2725900e2937303b207358962f8","ssdeep":"3072:NLnP1eVKU+ytfF6DyIA7kvo1kis3hQdhnNFn:99VytfL7kA1U3ydhnNFn","tlshash":"6ad3938177c6b88122471bb7772bb1e9f92e4dd870c9088bf154bc98f5b9911fae4930","first_seen":"2025-10-19T01:16:14.653859Z","last_seen":"2026-06-04T12:20:47.287498Z","times_seen":109,"resource_available":false,"data":null}},"time_used":1203,"timings":{"blocked":714,"dns":0,"connect":0,"send":0,"wait":244,"receive":245,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/uuid/8.3.2/uuid.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 May 2026 03:46:57 GMT","end":"Mon, 10 Aug 2026 04:46:42 GMT"},"fingerprint":{"sha1":"95:12:1E:0A:F6:69:8B:FC:A0:08:DA:67:1A:A4:D1:9D:87:F5:E9:07","sha256":"F3:4A:39:63:C7:6A:CE:66:1A:B4:62:2C:E9:92:82:9A:81:78:1B:CC:3F:D5:2D:0A:6D:D6:89:D9:F6:66:7B:BC"}}},"request":{"raw":"GET /ajax/libs/uuid/8.3.2/uuid.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 08:16:59 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2933\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5fe06b73-1fe0\"\r\nlast-modified: Mon, 21 Dec 2020 09:31:31 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1519792\r\nexpires: Sun, 23 May 2027 08:16:59 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wWv03MFvGv8otY%2F52RRMpy1UfLpV6Csd5kRCrCDgRreZf3dltTDBcfUE8fBWo9hWfmK4c7kia%2FvMEz4heqdj78w0ZKCfgFRV3Xko4JIsmLqR42%2FVFbLoB5svgnDSkJo%2BLyspTXwL\"}]}\r\ncf-ray: a05504e0dc9956c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8160,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (8160), with no line terminators","md5":"50fecb6517141ce734bdc903aeb7aa6d","sha1":"ffce0e94a0a6f3b661942c5f9344e709773ec44a","sha256":"c5df6d9704bdada96df0770523058f395192ee9d1fe13880eb1d57dfe6417533","sha512":"50d3359e302038551aef86746c00f002af206d372a642f048f8c4f4b3a6787497a28c7afc2f901bdb95d17db91fbea8a789f8c3991d18d5d47663a11be30df35","ssdeep":"192:NT/XsoaxLo7L1AsLVllMA5/VYZncbsPYxb2g9n/m5iCyK08l9l4E+kghMnf4W5Qe:VX9aNo7LWsLPnYZncbs5UeiCyK0Q9l4W","tlshash":"d7f193ac6c8960afc3ef1e5d18aa304b72f07511244d8415f2a5b9fa1490eff9b36e1d","first_seen":"2023-03-29T21:08:33Z","last_seen":"2026-06-22T05:27:53.000322Z","times_seen":774,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":6,"send":0,"wait":12,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/default_icon.png","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:17:01.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /default_icon.png HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:17:01 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-7fb\"\r\nExpires: Wed, 01 Jul 2026 17:02:11 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2043,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 194 x 194, 8-bit colormap, non-interlaced","md5":"6bb288b8ba772471f23cee4f99b54c08","sha1":"f72bf6750892a25cc40b590bafb2038109bd77ad","sha256":"3899581abcfed9b40b7208bbbca8bdbfe3ae9655980dbf55f04dec9cb3309f27","sha512":"f63a442fd8a131c6b22d0a2a398d195dbc2a9c5a08a4d88c4959739df1be0df9aefa2605b11633d5ff58f40f8b8afdcc5a7b1caec31bf188a110691ec43c5350","ssdeep":"","tlshash":"26411825c7cdec6570e62c388961a3d4cc1481ed1601348a4d03d5168363e477ae82c7","first_seen":"2023-05-01T22:02:17Z","last_seen":"2026-06-04T12:20:47.297158Z","times_seen":3086,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":203,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/custom.css","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:58.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /custom.css HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-1b074d\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1771341,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"ce642eda343217291148c86f1a22df1f","sha1":"e4ad2dad7b3051cf928e07c08a4f0a468cf8f10a","sha256":"fc0686b1f018677c959008e38affb7067bc98c93ec54a26cba996e9132b2d9e0","sha512":"177242629ddd2c7851b0b8df8416eb03ddceff4696644b2aaac3646512e2b264cf5de12faaf0c346d7ca75b86e4b36e39b690725de4260b786f4dafc5cc4b2be","ssdeep":"12288:/KreiDm6jGDDBUAK6iHQBJj3nnIxt+nM5vvQFTQ/lrhzmY3Z9c1oDCujHc3/Q9eo:yCn8x","tlshash":"d9253022b5f11dadec2fd25946ed5648739be7c3aa0f1fe6ba8c31548f842f80451e84","first_seen":"2025-10-21T13:04:17.7412Z","last_seen":"2026-06-04T12:20:47.290363Z","times_seen":34,"resource_available":false,"data":null}},"time_used":1414,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":406,"receive":822,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xdgkg.net/script.js","fqdn":"www.xdgkg.net","domain":"xdgkg.net","tld":"net"},"ip":{"addr":"172.67.199.57","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:58.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xdgkg.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 25 Apr 2026 06:57:01 GMT","end":"Fri, 24 Jul 2026 06:57:00 GMT"},"fingerprint":{"sha1":"A5:E3:7A:37:E4:BF:29:7B:50:05:39:B8:1E:73:A3:F2:4F:0E:8B:90","sha256":"59:B7:55:86:CD:A4:B1:9C:46:3B:B8:3F:41:DA:37:20:EF:78:93:F6:B0:63:22:FC:CF:64:74:6C:00:DC:65:73"}}},"request":{"raw":"GET /script.js HTTP/1.1\r\nHost: www.xdgkg.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 02 Jun 2026 08:16:59 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-dns-prefetch-control: on\r\ncontent-security-policy: default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' ;\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\naccept-ranges: bytes\r\nlast-modified: Thu, 12 Mar 2026 06:04:21 GMT\r\netag: W/\"a80-19ce0a56633\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nage: 36905\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nGprXAgCuY3DpdKL%2FOmLxTKdQjn0sLfPD7U%2F4CndeyNL9L5iL20Vztl4KArypRrfdPoeYRj2q%2F8a%2FpZuSJLzR%2BBPsziI%2FnD6LbzEmhGVTJukrRwD0pbetR1MphkMXl3D\"}]}\r\ncf-ray: a05504e0fc0956c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2687)","md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-23T10:57:58.51763Z","times_seen":4496,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":38,"dns":28,"connect":1,"send":0,"wait":15,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/lib/moment/js/moment-2.20.1.min.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /lib/moment/js/moment-2.20.1.min.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-c98f\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51599,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (51599), with no line terminators","md5":"5ff1de69e6fd137a6dd511205ea7c49e","sha1":"91a29a02cca99f32598f7b5764c610ab3cc89fba","sha256":"001564a706fd2bd3f1b9bbd1ac732493ac2659c207504f5e0713592d7610f389","sha512":"419fa651f350826ebb4ef5f375352a504886638e1d1394ef5d18197ba45d8e48d12fc99596da7fbc7530ec23f6f46c81706c2743971724200da8f3f43c9af0a4","ssdeep":"768:RmEj5IyZrV7dmUJ8/HhbmINN3vhg+XVspjiCumS5vcAKR1DC:wKxrV7d3g8ixXVspCmcti1+","tlshash":"cc3393ca3646b112176622b5083f490bf33d5959680f0d1df508e9e93979c6e827bfbc","first_seen":"2023-03-07T01:07:40Z","last_seen":"2026-06-22T17:22:47.4816Z","times_seen":861,"resource_available":true,"data":null}},"time_used":820,"timings":{"blocked":-1,"dns":1,"connect":204,"send":0,"wait":404,"receive":1,"ssl":210},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"drk-whatsapp.hk.cn/js/BootstrapStep.js","fqdn":"drk-whatsapp.hk.cn","domain":"drk-whatsapp.hk.cn","tld":"hk.cn"},"ip":{"addr":"104.208.68.88","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==","date":"2026-06-02T08:16:59.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"drk-whatsapp.hk.cn","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Mon, 01 Jun 2026 15:50:17 GMT","end":"Sun, 30 Aug 2026 15:50:16 GMT"},"fingerprint":{"sha1":"D5:C0:F1:1A:71:52:5D:0F:32:0C:6D:3A:E2:C6:7A:FA:21:11:CE:3A","sha256":"42:F1:98:ED:6E:8F:7B:9D:60:EC:CE:35:1E:0E:8E:D7:D0:F8:FE:AA:1A:AD:E8:2E:A6:F3:20:85:66:6D:67:7F"}}},"request":{"raw":"GET /js/BootstrapStep.js HTTP/1.1\r\nHost: drk-whatsapp.hk.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://drk-whatsapp.hk.cn/?k=MTc4MDM4ODIxOHx3cw==\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Tue, 02 Jun 2026 08:16:59 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Mon, 01 Jun 2026 16:49:22 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"6a1db812-12e8f\"\r\nExpires: Tue, 02 Jun 2026 04:54:42 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:24\r\nVia: L1:24\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":77455,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f76c1d59b412927131d2bdd64cac8be4","sha1":"3311c13fa7175af40427a8af270c647ec6c6fed0","sha256":"c2ade901c6e6b1dfd488789d9d013f0094b084eb65f4caa39fc6c4507c0cb60f","sha512":"90f61851503490e9c270b32b66a7bd334636ba2df959f131ab6622eb97e78a2c40261c79dc38f5049b8150bbfd85d669bcbd212e52c1fdfbe2c3278e738bf3c4","ssdeep":"1536:EM52C9Y2mVGNl5CThrtQLxL5sYpfWFt/JBOyKAWEBTxOZ8GdRcjR+BvF+ShvZIIk:EY9Y2mVGNl5CThr2vsy+BBzKTEBTxO2p","tlshash":"df73838577c6b8c1124767b7b32ab1e5e82e5cdd3088088ff544bc98f5b9916fae0931","first_seen":"2025-10-19T01:16:14.611698Z","last_seen":"2026-06-04T12:20:47.296651Z","times_seen":109,"resource_available":false,"data":null}},"time_used":1000,"timings":{"blocked":796,"dns":0,"connect":0,"send":0,"wait":203,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-02","alert":"Phishing Block","trigger":"drk-whatsapp.hk.cn","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-02","alert":"Sinkholed","trigger":"drk-whatsapp.hk.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}