{"report_id":"cb41e5bc-7f87-4351-acd4-de8a8149e451","version":6,"status":"done","tags":[],"date":"2026-03-17T15:23:32Z","url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/#/login?redirect=%2F","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"title":"Login - Bitget","dom":{"size":244551,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (64887)","md5":"c1c083058364702f2cb3c3a08b705e61","sha1":"a6840c9ef76cfd963085ae43786d28c1633a1f8f","sha256":"408f3602cc833435a591021f784f289231d8ed7256ab35e8c290a7d8428c276f","sha512":"3e5fe79075f62c34f6cd6dde40e6ae8e47dd00a7fb8082467a8b929dd4438d0b52bb2990ffb031ae529ce01d931dafba5f5077aa070609ba54d35eb8b20c19dc","ssdeep":"3072:B+4JoItqg7wa6rfQL9AefD4Lnr3zoeSmZ3s9hZ:f7wKD4Lnr3zoeSUs9b","tlshash":"4134f7a4d36453fc5c0e47ddea367464360e10fe75d1cea8926ccea0a2939d8da4dcca","dom_hash":"domhash7fe4423fb8455f1b023952ee1aca1675","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":0,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-21T15:23:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"bitgetwbs.cexgfvi.cn","ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"domain_registered":"2025-10-22","domain_rank":0,"first_seen":"2026-03-17T15:23:34.689079Z","last_seen":"2026-03-17T15:23:34.689079Z","alert_count":12,"request_count":12,"received_data":2069575,"sent_data":5398,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"120.76.201.163","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":5,"received_data":0,"sent_data":2985,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/tradeview/charting_library/charting_library.min.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"c8cd63cddf0ab72e873d68a2d68ca336","sha1":"2d0b483c39ea41187d9fcb8200bb2819525dbd3b","sha256":"6571ad1a4bb68aacbd4c3a78fc0c26f9c1f1bb34a92164ea3fac2b4532acf88e","sha512":"f3956ab3268f27911de0789fa0858de98e26bcd2736544a6694a225aa61ab5b8ceff26774af62bad71294531d75e4faa198f44ee85a5731ffb26480940f4144d","ssdeep":"192:S4DF7XcEbRi1H0FEKyhWbviztF89xo/g81Qit+0idiiV8M5MSBj5JCWotPSXmYRB:fhoEbizXAoINoWoxSXmBEU3OHQI","tlshash":"18320054df6c2c3205c720fc8d7f288f513de276e895449e388491dc59ed44bbaaba39","size":11663,"data":"","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-05-19T09:18:59.523489Z","times_seen":225,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/js/chunk-vendors.001aa004.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"b65d3cd6f7241e64944ef84594836b21","sha1":"0a1dd2c4463986cacc76d958b472623c5fd4568a","sha256":"09ac6781561938ba372b178cbc6fc842cf12b41d8c25c097fdff0f8812e8e44d","sha512":"94599887c630f7b1942383a33fd83734dc1b64d792f0c932cece55d9f0b82986f0e05a0b8527a5da357e6a7af0744c68d3df52131553a554a20f50c387a3701d","ssdeep":"6144:bunj4jUIgZWoVL5Yf2jehYlz3yviOrUnxup/31H4xtSFNm:bunj4jKWoVWhYtfOrU8tlctuNm","tlshash":"01f41a89f2a1b07117d760b5403f110bf33b6958b40e80e8f665e8e56cb998da16bf7c","size":768780,"data":"","first_seen":"2025-11-10T04:08:19.532107Z","last_seen":"2026-03-17T15:31:21.167514Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/js/app.0ba8a031.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"03b82604f1a06d35570f5e323daf5e09","sha1":"1b3013d838bbe9a00142d4de637881c2704061c9","sha256":"1a372120ee179fa6b05d330348db5006090b2f4b865d81d8a3eb4d73cb1c5a6a","sha512":"e2551c61bc5ea0e132ec031d1f29608aa77ed5aed98e0b3fe0ed05d4c2323878f79cb78506b16ea2b01a20bf45d785ab2b5468bd2bd6b929eb5ceff2590c854a","ssdeep":"12288:puHyCKsjUsVUscdjNWchiuJH+zmdbtsXvMyOIL5IafuK46efrFAADLUQQkum:4HyUYrjdjNq5Ianlho","tlshash":"f9f48d5c518adfbe8e634292600e15a461786fd2e122485cbffced5427cca9ed34e738","size":765988,"data":"","first_seen":"2026-03-17T15:21:53.735455Z","last_seen":"2026-03-17T15:31:21.192268Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/font_2302506_dgub43s9y0e.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"a105d9e99b709437060af0118b7bcba2","sha1":"44202564cce8cff8c0d60a4e2e24ecc1906088fd","sha256":"bce07f6092f8a587d682ec6e3775964bd0ddfce9763610782c7e9f16bbed9595","sha512":"6c827a38879c9d1ad9e043b0e65c7812adcedc3bf443185fd426a7003a1126fe14610b3a6ccb95a2c469aad57d43a4a5323c501c7dbe30bd686b32dae07b5ee7","ssdeep":"1536:SqW4WoowMsldvaW180rk2AV9xWNL4PwjyLFbkfXhMmChIuyjoKgv2doGtmK4r496:5W4JowHa0rk2AbxuLloWvD4Lnr3zoeUm","tlshash":"9424d7a5d36493fc5c0e43ddaa36b4b0360f10fe35d1cea8916dcea066939d8d94dc8a","size":219320,"data":"","first_seen":"2023-03-11T20:38:04Z","last_seen":"2026-04-27T21:30:20.797031Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/jquery.min.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"2edc942c0bd2476be8967a9f788d9e26","sha1":"0be05c714a7e6cf28fe692629ece5b3769901dca","sha256":"d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c","sha512":"d275562b4dd477493aa3cc0392b8bc8f15fdcd0227d3464756e7778aa053c1dd9b185c090d04a11956f7faf5f569d091c50724290ac840c166200ded7d67be32","ssdeep":"1536:pzm2ihKxxpbjBb2gKkGOegmLlGS0bgpiF5tNLRJBOYWEEVvmgWJrJfRjY3p:v6lGS0IWNLFdhtfVKp","tlshash":"a483f9dd73c6b06257bb20b9006f640ff236596a280d8450f125d8eabcb5a4d827bf6d","size":83095,"data":"","first_seen":"2023-03-07T12:03:36Z","last_seen":"2026-06-13T13:41:33.875193Z","times_seen":2760,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/tradeview/datafeeds/udf/dist/bundle.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"introduction_type":"scriptElement","is_inline":false,"md5":"fd3251e228d9edda60ce01ccb3046f77","sha1":"acea866435eea9c7a0564dd82435bab93c22a9db","sha256":"f016a5c57c09504aea2cca849831255353ad7e56e008fd49a45a23b114b1247d","sha512":"07db2933537e3a704befe64479130db26145597802b80cc9f9c3dcc437aff0823e896626240801ac121e06c25ec986b42580c7d240f900b160646d29c99429ad","ssdeep":"384:kpe0jAoNzmAHgWH4NRZsPA4iCA2PHDJMW:oBiWH4jZsDPA2PHyW","tlshash":"9452a6c97611312182936472e87f380ba139b515688a903c71c8e9de6efdb5dea17f3c","size":13539,"data":"","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-06-09T17:49:45.174928Z","times_seen":309,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/tradeview/datafeeds/udf/dist/bundle.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.432Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /tradeview/datafeeds/udf/dist/bundle.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-34e3\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13539,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13538)","md5":"fd3251e228d9edda60ce01ccb3046f77","sha1":"acea866435eea9c7a0564dd82435bab93c22a9db","sha256":"f016a5c57c09504aea2cca849831255353ad7e56e008fd49a45a23b114b1247d","sha512":"07db2933537e3a704befe64479130db26145597802b80cc9f9c3dcc437aff0823e896626240801ac121e06c25ec986b42580c7d240f900b160646d29c99429ad","ssdeep":"384:kpe0jAoNzmAHgWH4NRZsPA4iCA2PHDJMW:oBiWH4jZsDPA2PHyW","tlshash":"9452a6c97611312182936472e87f380ba139b515688a903c71c8e9de6efdb5dea17f3c","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-06-09T17:49:45.174928Z","times_seen":309,"resource_available":true,"data":null}},"time_used":2133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"120.76.201.163:86/socket.io/?EIO=3\u0026transport=websocket","fqdn":"120.76.201.163","domain":"120.76.201.163","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:18.090Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 120.76.201.163:86\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bitgetwbs.cexgfvi.cn\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: WFfN/xlgU8ME32LaxWfBTA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":1277,"timings":{"blocked":0,"dns":0,"connect":264,"send":0,"wait":0,"receive":0,"ssl":1012},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/font_2302506_dgub43s9y0e.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.429Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /font_2302506_dgub43s9y0e.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-358b8\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":219320,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"a105d9e99b709437060af0118b7bcba2","sha1":"44202564cce8cff8c0d60a4e2e24ecc1906088fd","sha256":"bce07f6092f8a587d682ec6e3775964bd0ddfce9763610782c7e9f16bbed9595","sha512":"6c827a38879c9d1ad9e043b0e65c7812adcedc3bf443185fd426a7003a1126fe14610b3a6ccb95a2c469aad57d43a4a5323c501c7dbe30bd686b32dae07b5ee7","ssdeep":"1536:SqW4WoowMsldvaW180rk2AV9xWNL4PwjyLFbkfXhMmChIuyjoKgv2doGtmK4r496:5W4JowHa0rk2AbxuLloWvD4Lnr3zoeUm","tlshash":"9424d7a5d36493fc5c0e43ddaa36b4b0360f10fe35d1cea8916dcea066939d8d94dc8a","first_seen":"2023-03-11T20:38:04Z","last_seen":"2026-04-27T21:30:20.797031Z","times_seen":55,"resource_available":true,"data":null}},"time_used":1591,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1591,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/tradeview/charting_library/charting_library.min.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /tradeview/charting_library/charting_library.min.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-2d8f\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11663,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2132)","md5":"c8cd63cddf0ab72e873d68a2d68ca336","sha1":"2d0b483c39ea41187d9fcb8200bb2819525dbd3b","sha256":"6571ad1a4bb68aacbd4c3a78fc0c26f9c1f1bb34a92164ea3fac2b4532acf88e","sha512":"f3956ab3268f27911de0789fa0858de98e26bcd2736544a6694a225aa61ab5b8ceff26774af62bad71294531d75e4faa198f44ee85a5731ffb26480940f4144d","ssdeep":"192:S4DF7XcEbRi1H0FEKyhWbviztF89xo/g81Qit+0idiiV8M5MSBj5JCWotPSXmYRB:fhoEbizXAoINoWoxSXmBEU3OHQI","tlshash":"18320054df6c2c3205c720fc8d7f288f513de276e895449e388491dc59ed44bbaaba39","first_seen":"2023-03-07T14:46:31Z","last_seen":"2026-05-19T09:18:59.523489Z","times_seen":225,"resource_available":true,"data":null}},"time_used":2133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/js/app.0ba8a031.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /js/app.0ba8a031.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-bb024\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":765988,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19896), with NEL line terminators","md5":"5f047801a1759fc0b0d85eb45218d57d","sha1":"6e155cf914e7dd1a3dee6c8d66f871a12843e2df","sha256":"1a55b0e7eb0b7f1a8e87ae8270089e42215141ed96125440237788ab270ebea2","sha512":"0b04ead8eeb9c497fc8c73a78cdd00760e4adff4445fb4e602109f7ef8dc1a0aae11e1072b462c87b7fb03bfa3080c044606e6e94dc02da523a3eb6e298629a7","ssdeep":"12288:puHyCKsjUsVUscdjNWchiuJH+zmdbtsXvMyOIL5Ia/f+hXwKuK46exe4M+LgUQQo:4HyUYrjdjNq5IaH+hXwAYed+no","tlshash":"fd057c4dd18adbfa8ba242e1240d1691a178aed3d16a040f6fbcfcd437dca6c934d635","first_seen":"2026-03-17T15:23:38.72062Z","last_seen":"2026-03-17T15:23:38.72062Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/js/chunk-vendors.001aa004.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /js/chunk-vendors.001aa004.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-bbb0c\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":768780,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (43945)","md5":"b65d3cd6f7241e64944ef84594836b21","sha1":"0a1dd2c4463986cacc76d958b472623c5fd4568a","sha256":"09ac6781561938ba372b178cbc6fc842cf12b41d8c25c097fdff0f8812e8e44d","sha512":"94599887c630f7b1942383a33fd83734dc1b64d792f0c932cece55d9f0b82986f0e05a0b8527a5da357e6a7af0744c68d3df52131553a554a20f50c387a3701d","ssdeep":"6144:bunj4jUIgZWoVL5Yf2jehYlz3yviOrUnxup/31H4xtSFNm:bunj4jKWoVWhYtfOrU8tlctuNm","tlshash":"01f41a89f2a1b07117d760b5403f110bf33b6958b40e80e8f665e8e56cb998da16bf7c","first_seen":"2025-11-10T04:08:19.532107Z","last_seen":"2026-03-17T15:31:21.167514Z","times_seen":7,"resource_available":true,"data":null}},"time_used":2131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/cordova.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /cordova.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"697af03a-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-13T19:25:28.423144Z","times_seen":280161,"resource_available":true,"data":null}},"time_used":2682,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2131,"receive":551,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/img/customer_img.0853e495.png","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:15.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /img/customer_img.0853e495.png HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-1084\"\r\nexpires: Thu, 16 Apr 2026 15:23:16 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4228,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"0853e49564dbc91f22f877de6707a445","sha1":"386ea5b0e1ef7a3990b2ba0b0580f2ff10666cf2","sha256":"f3efaad909ea3ed45498831af139fde964c7b61c2baaaae2b10ef18f2b5a1805","sha512":"de99a296d3d304309909f5dddc27c1a09ac97b6a831e29821eb7abe3ab63ea69e2b2a23cd9cf2d3b79feec0efd6835a804833d621466e6ce5feafa948161892a","ssdeep":"48:f+CWai/toGBrBhf9dJqYRV2TKZeynaFkZuUfqsvDkvWNwMO2LzugdqhEszu+PAJQ:fopto2BERFk8KU6XdiJ3gKkW9jPiuyU","tlshash":"a6916d8f728387a08ca0853bb721c0f72329da819ce9de61096bce991b8758d7779491","first_seen":"2026-03-17T15:21:53.730309Z","last_seen":"2026-03-17T15:31:21.187319Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1235,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-17T15:23:11.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:12 GMT\r\ncontent-type: text/html\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-548\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1352,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (699)","md5":"302b58b21c064d6648df0a9a13e9f1a3","sha1":"523804d9e2da1e63f419702f6ebe50b8f1d9c0b3","sha256":"ee69a173264cd0f8ccf9f03786f9b1bea9f2a09cb72981eb6aeacaf760dc4cf8","sha512":"d5bc2aa2c2fa05ac4957aff2338364afb8b3923db3dbd1adc68a42b3f92c2c92a8b3879afe289f417479c11d8c99473199b3dab08cad82a356b60e18e44b8f0d","ssdeep":"","tlshash":"2721f089ec14d69c59501e999eb1f00e0a9e9a0f6e21cc6079fc033d8fa4fcc0e56c41","first_seen":"2026-03-17T15:21:53.733927Z","last_seen":"2026-03-17T15:31:21.181566Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1728,"timings":{"blocked":728,"dns":182,"connect":270,"send":0,"wait":269,"receive":0,"ssl":277},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/jquery.min.js","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /jquery.min.js HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-14497\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":83095,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32110)","md5":"2edc942c0bd2476be8967a9f788d9e26","sha1":"0be05c714a7e6cf28fe692629ece5b3769901dca","sha256":"d482871a5e948cb4884fa0972ea98a81abca057b6bd3f8c995a18c12487e761c","sha512":"d275562b4dd477493aa3cc0392b8bc8f15fdcd0227d3464756e7778aa053c1dd9b185c090d04a11956f7faf5f569d091c50724290ac840c166200ded7d67be32","ssdeep":"1536:pzm2ihKxxpbjBb2gKkGOegmLlGS0bgpiF5tNLRJBOYWEEVvmgWJrJfRjY3p:v6lGS0IWNLFdhtfVKp","tlshash":"a483f9dd73c6b06257bb20b9006f640ff236596a280d8450f125d8eabcb5a4d827bf6d","first_seen":"2023-03-07T12:03:36Z","last_seen":"2026-06-13T13:41:33.875193Z","times_seen":2760,"resource_available":true,"data":null}},"time_used":1902,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1902,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/css/app.1e464876.css","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /css/app.1e464876.css HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-18d56\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101718,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"49b39a48c13081e0c7f1951d14767dbc","sha1":"87d47ef47f6a1fb8ff770e446e49dd1772d400f1","sha256":"669394c44559bf9be6f6d4fdd13cd6e4730ec52be911a96e8882056c13c1c1e4","sha512":"d19248ac79b3037b836d0853c6a592d82d2c7b608b4db0958459aa3d2b3fac8d938c7e96930f45af91614e55092f39ad8fa816ca01259f9f0ba587805da2fd2b","ssdeep":"1536:mihm9IQE+iLEAeXwAgax4pKZ7toBiKX70vvWMBfk3jDTIsIuph5S:meWXwAgax4pABUXD5S","tlshash":"a9a38230768c2539733bc09ca451b6d97a65eb33d4079aa5f81a7139cdc729336b2b4c","first_seen":"2026-03-17T15:21:53.726304Z","last_seen":"2026-03-17T15:31:21.166073Z","times_seen":6,"resource_available":false,"data":null}},"time_used":2133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/css/chunk-vendors.7d3c37a7.css","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:12.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /css/chunk-vendors.7d3c37a7.css HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:13 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-16854\"\r\nexpires: Wed, 18 Mar 2026 03:23:13 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":92244,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (62349)","md5":"60574ca0d895ba6a3c23aa1814262c82","sha1":"ad2425a8f453b4e9ee9d4b4f97b6541aed2914a9","sha256":"2e801ed8ef2ad16de5c75b7a4013b8f58dc1011b429cdd328205614b034b4619","sha512":"d221614f601b43ce41ed25c5f8251a5f54e1057481edef00b18060de7cd5f6eb3cf0a1ce0b79145e95f5b99ab18971e14a84b0c90de270e8e701eda706413521","ssdeep":"768:Ce9EBtMFfDIA6eXBNHP+PnQrwqRcLxcg7G/zlooG1WhCzC6ZV4:0EBNHzE7prZHCAV4","tlshash":"9993d7e1aa01210ef023c65a81c09a49713fc94ffe73569ebb186506ffca5db05a3f59","first_seen":"2025-11-10T04:08:19.534983Z","last_seen":"2026-03-17T23:45:22.14912Z","times_seen":25,"resource_available":false,"data":null}},"time_used":2132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"120.76.201.163:86/socket.io/?EIO=3\u0026transport=websocket","fqdn":"120.76.201.163","domain":"120.76.201.163","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:15.745Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 120.76.201.163:86\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bitgetwbs.cexgfvi.cn\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: NrueK6RF0aI18bdkuu75FQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":1251,"timings":{"blocked":0,"dns":0,"connect":257,"send":0,"wait":0,"receive":0,"ssl":994},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bitgetwbs.cexgfvi.cn/favicon.png","fqdn":"bitgetwbs.cexgfvi.cn","domain":"cexgfvi.cn","tld":"cn"},"ip":{"addr":"180.97.215.93","port":443,"asn":4134,"as":"Chinanet","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:16.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bitgetunt.cexgfvi.cn","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Mar 2026 07:14:16 GMT","end":"Wed, 10 Jun 2026 07:14:15 GMT"},"fingerprint":{"sha1":"66:FB:D1:D6:40:F4:68:68:6F:FD:86:F2:4D:DA:13:7D:44:D0:4E:0B","sha256":"56:EF:E1:76:2E:EA:50:6F:A5:1D:3B:7C:3F:12:A3:60:8D:35:8D:95:E0:88:D5:E7:B8:C2:90:75:5B:76:20:6B"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: bitgetwbs.cexgfvi.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://bitgetwbs.cexgfvi.cn/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 17 Mar 2026 15:23:16 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 06 Mar 2026 05:26:28 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69aa6584-684\"\r\nexpires: Thu, 16 Apr 2026 15:23:16 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1668,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 280 x 280, 8-bit colormap, non-interlaced","md5":"8888b542fb1c8beb57f8e4355f29cf28","sha1":"8ab0df0be6211517f016ec0f81160abb658dc4bb","sha256":"00c876d286597eef14d3dbe450af9657000594c308e32c6c49f4216fa1493497","sha512":"5ee9cea4ad4c995bb85b0882ed1a2493bb3ed5e750bc97991cd3edbe94ea035c4bd462cf5708df3015cca554de39e5de3ab9a6af4838675f6a064b66b6708412","ssdeep":"","tlshash":"f331eaae8fb51e6ce605dc720789607594f0437c27a12554328fc1f35ba885af91c59d","first_seen":"2026-03-17T15:21:53.727885Z","last_seen":"2026-03-17T15:31:21.177707Z","times_seen":6,"resource_available":false,"data":null}},"time_used":1003,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1003,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-17","alert":"Sinkholed","trigger":"bitgetwbs.cexgfvi.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"120.76.201.163:86/socket.io/?EIO=3\u0026transport=websocket","fqdn":"120.76.201.163","domain":"120.76.201.163","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:30.448Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 120.76.201.163:86\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bitgetwbs.cexgfvi.cn\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: o+vczmG9kaKPibeWVtkadQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":527,"timings":{"blocked":0,"dns":0,"connect":260,"send":0,"wait":0,"receive":0,"ssl":267},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"120.76.201.163:86/socket.io/?EIO=3\u0026transport=websocket","fqdn":"120.76.201.163","domain":"120.76.201.163","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:21.696Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 120.76.201.163:86\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bitgetwbs.cexgfvi.cn\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: 09ZUBEFx6U1h64PNBk1g0A==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":537,"timings":{"blocked":0,"dns":0,"connect":266,"send":0,"wait":0,"receive":0,"ssl":271},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"120.76.201.163:86/socket.io/?EIO=3\u0026transport=websocket","fqdn":"120.76.201.163","domain":"120.76.201.163","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://bitgetwbs.cexgfvi.cn/","date":"2026-03-17T15:23:24.905Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /socket.io/?EIO=3\u0026transport=websocket HTTP/1.1\r\nHost: 120.76.201.163:86\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://bitgetwbs.cexgfvi.cn\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: kjx7OVFvUlmNvq8t4/SvPQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T19:33:38.803897Z","times_seen":16394044,"resource_available":true,"data":null}},"time_used":537,"timings":{"blocked":0,"dns":0,"connect":266,"send":0,"wait":0,"receive":0,"ssl":271},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}