{"report_id":"f2a1c4fd-03d2-4041-a4c9-5aed7f2039aa","version":6,"status":"done","tags":[],"date":"2025-12-24T19:15:37Z","url":{"schema":"http","addr":"mail.byala1.cn/","fqdn":"mail.byala1.cn","domain":"byala1.cn","tld":"cn"},"ip":{"addr":"8.210.93.145","port":0,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"mail.xfdw163.com/","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"title":"Roundcube Webmail :: Welcome to Roundcube Webmail","dom":{"size":5527,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (730)","md5":"8f63ea63cee904dd988aacc6c8f8c705","sha1":"020c36deebf7c3b00430e5b969490a5826016166","sha256":"3da0b2e86ac8235812437e6448dbc491dfd9405602bbe9e930c9a6f29063a2bd","sha512":"251f7797664cb15c9545c0f912e9ae706eb34e3658cd5a6728ac642147a2add01e671357dcc4004a66a9e1e31c6d770e75b761145875c56138e2bb7fbb8bd749","ssdeep":"96:BV+hseou9UtENUJoZWZwNDGFASGwFv2fFGifntUul:6hseh9U6KJo8ZwNDGFASGwKntUul","tlshash":"99b1f9022c188f37047208e9b5cef68899fd8268e7106c98b5fcc11e1f99f5899f23b0","dom_hash":"domhash46dd27664e22fb605e520705e27b2b01","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mail.byala1.cn/","fqdn":"mail.byala1.cn","domain":"byala1.cn","tld":"cn"},"ip":{"addr":"8.210.93.145","port":0,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-28T19:15:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.byala1.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"mail.xfdw163.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2022-05-22","domain_rank":0,"first_seen":"2022-11-01T22:37:14Z","last_seen":"2025-08-26T09:38:36.532726Z","alert_count":18,"request_count":18,"received_data":1171731,"sent_data":9441,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"PHP:7.3.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"RoundCube","description":"RoundCube is free and open-source web-based IMAP email client.","website":"https://roundcube.net","common_platform_enumeration":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","icon":"RoundCube.png","categories":["Webmail"]}]},{"fqdn":"mail.byala1.cn","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2022-05-22","domain_rank":0,"first_seen":"2025-09-05T04:54:17.25162Z","last_seen":"2025-09-05T04:54:17.25162Z","alert_count":2,"request_count":2,"received_data":5162,"sent_data":882,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mail.xfdw163.com/","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9868f752b8153f45da300ea4a5eba934","sha1":"16c3fd4f56ca988f1209f81dcd6818256002a8a6","sha256":"7b39c6df1446fd06e0ba19b3213375362b79a768b86122a9b2f7231106bb8dc5","sha512":"e1d066842e95e3d1074477247c189a5b18d2a68ac6a1b1ab4129d976a2f600bc72470ff43b5825b7fc556750e8976ed630a19b1cd89002944006d8016a73057b","ssdeep":"","tlshash":"2841d8963901cf3b46a20ac535cf318617ec436b21651d8afd9ed11d2f86b2297e30f4","size":2113,"data":"","first_seen":"2025-12-24T19:15:43.532765Z","last_seen":"2025-12-24T19:15:43.532765Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/app.min.js?s=1604825966","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8d89f36fa43e867f56d0c0b980784750","sha1":"0b400631add9a862e2bcacf8e87d37510be7c268","sha256":"efb8f29e934cd9b7b4848ef44e503f74fcfa7f3c4655b526a71bbd4e0628da5f","sha512":"1140e7e76d513b6f81a8d70c75f710d63d59159d0e46b28461c4b7d77cb3aa49dd68e57f6690df1c6f2b9bb795be6da2720aa68f271d8cb4cb7596ef6e47661b","ssdeep":"3072:dku5mJE5Sl7Qg7FlRbf+EO/Us94IqXIqDCBfpxUPe:dkumD7QkvRfSUFIqXIqDifHb","tlshash":"52f3f68633a4ec2145fbe7a6306f21026037b609e4409d5db96cd9e74e74f4a222bf7d","size":172166,"data":"","first_seen":"2023-03-08T04:57:30Z","last_seen":"2026-04-28T21:36:55.253223Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/jstz.min.js?s=1604825989","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5ee3ce2023c717fff34cfe5d3b82599","sha1":"36f532887c2bf6bc7bdd06e68e96eafe2051a5f7","sha256":"716ece8deb8412f7ec95ab395c92f6515bb8d8b792fd7480c014cdc6f063452a","sha512":"71a59366516e9d2142bdfaaf6ea3de1b8cec832f15cd8cbb7a3cd22870715544dea0df6f8a5211a73682f856a0d0089163708b0306c27c787a058c4a3e3587d7","ssdeep":"384:r+PkZoDTmE6BZTvHWKGVa3v1NH9kaIvrHgrz:r+8ZoQ+RV4fkRDm","tlshash":"0c52a3df152c90bb06a556f93c09fb85ac1ed418ac8adfc12ab5f1a924d0cd7bfe0548","size":13835,"data":"","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-13T13:41:49.842572Z","times_seen":3146,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/ui.min.js?s=1604826089","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"ed8f1b2feecfe213230d84f5415cde21","sha1":"99359abc4e7d9ae6c755d496b0278e5b20a08335","sha256":"946b68ba501a99378a0f240b3fbd5e8eb78346fc2013981ca26e51e80f90700f","sha512":"a3bce6c96373fddd40bcc27a05a4d91a12dbf77771d81eb0aeaa2d340f4e6b27c155543550ba8d5bf960243db8653ef9da156bdfe1af941bd0b2c0e60f758072","ssdeep":"1536:dIRqkQsjMJaVbG35MsACp+Dk6jD1Z6Emalew:dqX8oD1MEmo","tlshash":"7543a4acb27135b211bb22a720afe10665734826cd01d851b26d84e51efdf8532b7f6f","size":60311,"data":"","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-07T05:29:37.850917Z","times_seen":227,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/common.min.js?s=1604825971","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2fcf18b8b93b2acca79230ccf53c80c","sha1":"a5efb30a6cd0cce7f94d0a73f3a5d2b558e34e61","sha256":"6001e5503f42285de39e5ef3e276eec34a9fe1e71d3160a5aacb7b6516bee642","sha512":"159ded1437b51742c4537366b9152ae7d4376669594c950332aebe9568400a2aa1a0db8228a240d430bea9f51f8524c60ac28e89f7fbf26ad5e815f69f62b4bd","ssdeep":"192:KB5Inw2dongcF4XslAMjjiT1d5cPVsQ5P3NsiMOWEXmsK11lreApmxngB:KBenw2dog9XiAYsd5cPVxtWmmfrt0K","tlshash":"6942eaca7296587506796a96137b068ff035caf4bc6211b8f5a4ccd0ad24c4948affb8","size":13186,"data":"","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-07T05:29:37.847536Z","times_seen":337,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"d0c5b963f8165f56493874746adedf97","sha1":"e09c78d91814eebbd23a7080b6e90e06f4c84de1","sha256":"1a1f1580c0b8e2a2101cf9e01c596bcee15c2e38657b69ec8bd9ee4a526fd168","sha512":"eef06f1b999cf008c8ef5957c5b2961d9e664deca82f96e0a2a4438772046ce2f181af3cc0a2764a4fc3a74f2ee50052b3dcc2c5137d92dd447ef9ef2858e56f","ssdeep":"","tlshash":"9580008cb88f38320032302c22fb808cbc3b20803e3a300002cc00c30f22bbc322282e","size":35,"data":"","first_seen":"2023-03-07T12:03:00Z","last_seen":"2026-05-13T11:50:21.382089Z","times_seen":2132,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/plugins/jqueryui/js/jquery-ui.min.js?s=1604825877","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb752c6ba6b88ffa885f1d2a6492ef58","sha1":"e20616dd323e0313e75de00ac055b7d249cb9056","sha256":"59a4c9a75c48cf979e66c5641230bda0e15dfff292666e56ffb52a5a96d78834","sha512":"684a0b794ebbe5ec4f4edbbf7330bfdae7632d78c42657b540bd2b6d383406c34ca9b3c4400ac849059428b76e67824ae84c480c1ed338cb28781f3e98d9cbb5","ssdeep":"3072:amxBUnLO18G0qSLOZD5kn8Ks6BqMi/X+1ghPuQo1Q7SV7opX0MY:ALOnlfc8Kw4ghP70MY","tlshash":"3844084d72003a2295dfe2a5143b2a0fa237515da605845cb43dcede9ebce4431bbfb9","size":259776,"data":"","first_seen":"2023-03-07T01:41:24Z","last_seen":"2026-05-13T13:41:49.84722Z","times_seen":1423,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/deps/bootstrap.bundle.min.js?s=1604826086","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"a187431872552aacc1d4df6a65638f6a","sha1":"b61a4dc554a133bc455c09713a464ffea357643f","sha256":"3e735a9880bf0bf27c32641063cccc60d93c53a7a77306dd6221f3db3c57ea20","sha512":"8eebcc851ba3c937d788eb97bc333d770424ad977febb6064fc519c5a12fca562e5de4382f9219e69fe34157a0a6d60fed148fad3b311eccd9e487d7b32dfcc2","ssdeep":"768:59YDXypxHVIg3Xeh2p0NH04UX+TG9qTXAdQ+fZMQnOwkqUNFJUIU7lW0+YVxiM+D:59YeHqTEZChY223CzWpV0ea7I4","tlshash":"4c73d60a7240b472069fa066907f460fb23b68daa50b815cf56cd8dd2d7cd99326bf7c","size":78587,"data":"","first_seen":"2023-03-07T01:42:50Z","last_seen":"2026-05-13T04:43:05.599112Z","times_seen":858,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"Function","is_inline":false,"md5":"a7bf779bf1b210137b4e2e88f6222593","sha1":"b851692bb37b698d14b0f707f17d672bc31c5f5b","sha256":"e8e2b385faf716c54f60ce4f50d4526026c1565675a64d46a89395221f5b1b9b","sha512":"70f14b7c321462cca2058c1664dc5af991db5abda90c28370a0086c5956ca526f69402ffeb8e53fb3aafb5bdb5a87d9889862f2c85d5683274ee9c80ff1b5d9b","ssdeep":"","tlshash":"f1b022823080f038c3023380083a0b80f03c0ee0308afcecc080cce038ae2888200e2f","size":113,"data":"","first_seen":"2023-04-13T01:54:41Z","last_seen":"2026-05-12T23:45:34.120842Z","times_seen":1243,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/jquery.min.js?s=1604825967","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"80d6b39faaf27486264ff13531191401","sha1":"03e255f1f19107a46b09da332347baa25231fc22","sha256":"542ac2738d21d5ea4a39cd05efc447c3b5ca553f212f1bff44215d3f5f007a6f","sha512":"657b945195e2160d09272fd7a9c8f6b27a1afa9414359e996ca36f0be6ace6ecbae53a7f36a9aaee2ef20c3e5192eb33c13329e6edfef061cb24b694d3af4ca9","ssdeep":"1536:TZyTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOb:8gZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"1a9318dd72c6706257b761ba00bf640bf236599e7c4d4400f124e4eabc78a4a827bf6d","size":89595,"data":"","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-12T15:11:50.490221Z","times_seen":835,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/images/logo.svg?s=1604826082","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/images/logo.svg?s=1604826082 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":2026,"timings":{"blocked":2026,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/deps/bootstrap.bundle.min.js?s=1604826086","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.950Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/deps/bootstrap.bundle.min.js?s=1604826086 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:20 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 78587\r\nLast-Modified: Sun, 08 Nov 2020 09:01:26 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3e6-132fb\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78587,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65297)","md5":"a187431872552aacc1d4df6a65638f6a","sha1":"b61a4dc554a133bc455c09713a464ffea357643f","sha256":"3e735a9880bf0bf27c32641063cccc60d93c53a7a77306dd6221f3db3c57ea20","sha512":"8eebcc851ba3c937d788eb97bc333d770424ad977febb6064fc519c5a12fca562e5de4382f9219e69fe34157a0a6d60fed148fad3b311eccd9e487d7b32dfcc2","ssdeep":"768:59YDXypxHVIg3Xeh2p0NH04UX+TG9qTXAdQ+fZMQnOwkqUNFJUIU7lW0+YVxiM+D:59YeHqTEZChY223CzWpV0ea7I4","tlshash":"4c73d60a7240b472069fa066907f460fb23b68daa50b815cf56cd8dd2d7cd99326bf7c","first_seen":"2023-03-07T01:42:50Z","last_seen":"2026-05-13T04:43:05.599112Z","times_seen":858,"resource_available":true,"data":null}},"time_used":2025,"timings":{"blocked":1146,"dns":0,"connect":0,"send":0,"wait":292,"receive":587,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/ui.min.js?s=1604826089","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/ui.min.js?s=1604826089 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:20 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 60311\r\nLast-Modified: Sun, 08 Nov 2020 09:01:29 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3e9-eb97\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60311,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (629)","md5":"ed8f1b2feecfe213230d84f5415cde21","sha1":"99359abc4e7d9ae6c755d496b0278e5b20a08335","sha256":"946b68ba501a99378a0f240b3fbd5e8eb78346fc2013981ca26e51e80f90700f","sha512":"a3bce6c96373fddd40bcc27a05a4d91a12dbf77771d81eb0aeaa2d340f4e6b27c155543550ba8d5bf960243db8653ef9da156bdfe1af941bd0b2c0e60f758072","ssdeep":"1536:dIRqkQsjMJaVbG35MsACp+Dk6jD1Z6Emalew:dqX8oD1MEmo","tlshash":"7543a4acb27135b211bb22a720afe10665734826cd01d851b26d84e51efdf8532b7f6f","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-07T05:29:37.850917Z","times_seen":227,"resource_available":true,"data":null}},"time_used":1859,"timings":{"blocked":1325,"dns":0,"connect":0,"send":0,"wait":267,"receive":267,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/images/logo.svg?s=1604826082","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:21.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/images/logo.svg?s=1604826082 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/images/logo.svg?s=1604826082","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:21.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/images/logo.svg?s=1604826082 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:21 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 888\r\nLast-Modified: Sun, 08 Nov 2020 09:01:22 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3e2-378\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":888,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ddeffd34eae92b1b9b9c636636e4b9c8","sha1":"19cb881a5d08d31db933da6440595767d0a02d94","sha256":"2b2d9c7a82f92976268b03e13c61f64ead91a3c63b97c59cef2acbf501f67618","sha512":"a3807dbcbdc74972c7b028261e625edb1eec8f6b31969d6718a46d0402a1b261820f8060f760c9249f88b51076174b53628d152c4c75eeb2c5a3db6c16348f5b","ssdeep":"","tlshash":"f011cc5e56d4a69c440902ffefbe62d231b3a4efc20040a980f1ef30a9149342882af8","first_seen":"2023-05-02T14:07:32Z","last_seen":"2026-05-13T11:50:21.378457Z","times_seen":2549,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/app.min.js?s=1604825966","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /program/js/app.min.js?s=1604825966 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 172166\r\nLast-Modified: Sun, 08 Nov 2020 08:59:26 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b36e-2a086\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":172166,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (690)","md5":"8d89f36fa43e867f56d0c0b980784750","sha1":"0b400631add9a862e2bcacf8e87d37510be7c268","sha256":"efb8f29e934cd9b7b4848ef44e503f74fcfa7f3c4655b526a71bbd4e0628da5f","sha512":"1140e7e76d513b6f81a8d70c75f710d63d59159d0e46b28461c4b7d77cb3aa49dd68e57f6690df1c6f2b9bb795be6da2720aa68f271d8cb4cb7596ef6e47661b","ssdeep":"3072:dku5mJE5Sl7Qg7FlRbf+EO/Us94IqXIqDCBfpxUPe:dkumD7QkvRfSUFIqXIqDifHb","tlshash":"52f3f68633a4ec2145fbe7a6306f21026037b609e4409d5db96cd9e74e74f4a222bf7d","first_seen":"2023-03-08T04:57:30Z","last_seen":"2026-04-28T21:36:55.253223Z","times_seen":79,"resource_available":true,"data":null}},"time_used":2913,"timings":{"blocked":865,"dns":1,"connect":290,"send":0,"wait":581,"receive":586,"ssl":587},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/plugins/jqueryui/js/jquery-ui.min.js?s=1604825877","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /plugins/jqueryui/js/jquery-ui.min.js?s=1604825877 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:20 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 259776\r\nLast-Modified: Sun, 08 Nov 2020 08:57:57 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b315-3f6c0\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":259776,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (33303)","md5":"fb752c6ba6b88ffa885f1d2a6492ef58","sha1":"e20616dd323e0313e75de00ac055b7d249cb9056","sha256":"59a4c9a75c48cf979e66c5641230bda0e15dfff292666e56ffb52a5a96d78834","sha512":"684a0b794ebbe5ec4f4edbbf7330bfdae7632d78c42657b540bd2b6d383406c34ca9b3c4400ac849059428b76e67824ae84c480c1ed338cb28781f3e98d9cbb5","ssdeep":"3072:amxBUnLO18G0qSLOZD5kn8Ks6BqMi/X+1ghPuQo1Q7SV7opX0MY:ALOnlfc8Kw4ghP70MY","tlshash":"3844084d72003a2295dfe2a5143b2a0fa237515da605845cb43dcede9ebce4431bbfb9","first_seen":"2023-03-07T01:41:24Z","last_seen":"2026-05-13T13:41:49.84722Z","times_seen":1423,"resource_available":true,"data":null}},"time_used":1990,"timings":{"blocked":1142,"dns":0,"connect":0,"send":0,"wait":282,"receive":566,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/fonts/fa-solid-900.woff2","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:21.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/fonts/fa-solid-900.woff2 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/skins/elastic/styles/styles.css?s=1604826087\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:21 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 75440\r\nLast-Modified: Sun, 08 Nov 2020 09:01:32 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3ec-126b0\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75440,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 75440, version 329.-1049","md5":"b5cf8ae26748570d8fb95a47f46b69e1","sha1":"07bed153d47f9129a944ee54dd72952deed074c8","sha256":"cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0","sha512":"f08b9289695cf530094f076b2df4d2b0e1a1daedd00190d123b4179b2c1a1b5e8b2bb988d86fc6dc9eee117d88a58dd5b6dfe7689586c17068f5d2da01904d76","ssdeep":"1536:1Zq/f5ldhNurIqp+jqNT5Fm653lqWppat1Wa4W8TeodjxNrqM:1kvdS7ppFm6JhpgkrW6bGM","tlshash":"6f73028e1719f192f5d6cd177edc20be38f1a7121008f839e2eda6dd5085ab639a3825","first_seen":"2023-04-05T08:48:24Z","last_seen":"2026-05-13T13:46:14.555718Z","times_seen":21004,"resource_available":false,"data":null}},"time_used":551,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":276,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.byala1.cn/","fqdn":"mail.byala1.cn","domain":"byala1.cn","tld":"cn"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T19:15:14.845Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: mail.byala1.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":1169,"timings":{"blocked":1169,"dns":0,"connect":305,"send":0,"wait":0,"receive":0,"ssl":316},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.byala1.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/deps/bootstrap.min.css?s=1604826085","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/deps/bootstrap.min.css?s=1604826085 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 155713\r\nLast-Modified: Sun, 08 Nov 2020 09:01:25 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3e5-26041\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":155713,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65324)","md5":"096fafc23eb84c35bb350d486e215ffc","sha1":"5bba93b213b9394f7deb540dd62f52a409f94ff6","sha256":"f9ddd1e64827cb0fa09d74aa581ecfd468212261fa170ec9baddbd678389b342","sha512":"9349947bc1c8c6431573881261dd131549133d99b2b784a82ab007e08cfd37fd88fff3670847c7fa42f2d0bf95f3cc913ac12f90ecdeb1d96b28778c09a8d236","ssdeep":"1536:b/xImT+IcCQYYDnDEBi83NcuSEk/ekX/uKiq3SYiLENM6HN26g:b/Riz7G3q3SYiLENM6HN26g","tlshash":"7ce396a6f5a0312de4a7c61964d0bafe156f8145d7220bfbf8273b7447892c70a63e4c","first_seen":"2023-04-05T08:48:24Z","last_seen":"2026-05-13T08:48:04.835755Z","times_seen":1452,"resource_available":false,"data":null}},"time_used":1148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":578,"receive":570,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/jquery.min.js?s=1604825967","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /program/js/jquery.min.js?s=1604825967 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 89595\r\nLast-Modified: Sun, 08 Nov 2020 08:59:27 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b36f-15dfb\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89595,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (64001)","md5":"80d6b39faaf27486264ff13531191401","sha1":"03e255f1f19107a46b09da332347baa25231fc22","sha256":"542ac2738d21d5ea4a39cd05efc447c3b5ca553f212f1bff44215d3f5f007a6f","sha512":"657b945195e2160d09272fd7a9c8f6b27a1afa9414359e996ca36f0be6ace6ecbae53a7f36a9aaee2ef20c3e5192eb33c13329e6edfef061cb24b694d3af4ca9","ssdeep":"1536:TZyTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOb:8gZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"1a9318dd72c6706257b761ba00bf640bf236599e7c4d4400f124e4eabc78a4a827bf6d","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-12T15:11:50.490221Z","times_seen":835,"resource_available":true,"data":null}},"time_used":2765,"timings":{"blocked":826,"dns":1,"connect":274,"send":0,"wait":549,"receive":551,"ssl":561},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/common.min.js?s=1604825971","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.939Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /program/js/common.min.js?s=1604825971 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:19 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13186\r\nLast-Modified: Sun, 08 Nov 2020 08:59:31 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b373-3382\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13186,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1379)","md5":"a2fcf18b8b93b2acca79230ccf53c80c","sha1":"a5efb30a6cd0cce7f94d0a73f3a5d2b558e34e61","sha256":"6001e5503f42285de39e5ef3e276eec34a9fe1e71d3160a5aacb7b6516bee642","sha512":"159ded1437b51742c4537366b9152ae7d4376669594c950332aebe9568400a2aa1a0db8228a240d430bea9f51f8524c60ac28e89f7fbf26ad5e815f69f62b4bd","ssdeep":"192:KB5Inw2dongcF4XslAMjjiT1d5cPVsQ5P3NsiMOWEXmsK11lreApmxngB:KBenw2dog9XiAYsd5cPVxtWmmfrt0K","tlshash":"6942eaca7296587506796a96137b068ff035caf4bc6211b8f5a4ccd0ad24c4948affb8","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-07T05:29:37.847536Z","times_seen":337,"resource_available":true,"data":null}},"time_used":2040,"timings":{"blocked":866,"dns":0,"connect":291,"send":0,"wait":292,"receive":1,"ssl":587},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/program/js/jstz.min.js?s=1604825989","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /program/js/jstz.min.js?s=1604825989 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:20 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 13835\r\nLast-Modified: Sun, 08 Nov 2020 08:59:49 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b385-360b\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13835,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12309)","md5":"b5ee3ce2023c717fff34cfe5d3b82599","sha1":"36f532887c2bf6bc7bdd06e68e96eafe2051a5f7","sha256":"716ece8deb8412f7ec95ab395c92f6515bb8d8b792fd7480c014cdc6f063452a","sha512":"71a59366516e9d2142bdfaaf6ea3de1b8cec832f15cd8cbb7a3cd22870715544dea0df6f8a5211a73682f856a0d0089163708b0306c27c787a058c4a3e3587d7","ssdeep":"384:r+PkZoDTmE6BZTvHWKGVa3v1NH9kaIvrHgrz:r+8ZoQ+RV4fkRDm","tlshash":"0c52a3df152c90bb06a556f93c09fb85ac1ed418ac8adfc12ab5f1a924d0cd7bfe0548","first_seen":"2023-03-07T12:02:32Z","last_seen":"2026-05-13T13:41:49.842572Z","times_seen":3146,"resource_available":true,"data":null}},"time_used":1420,"timings":{"blocked":1135,"dns":0,"connect":0,"send":0,"wait":284,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/fonts/roboto-v19-regular.woff2","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:21.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/fonts/roboto-v19-regular.woff2 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/skins/elastic/styles/styles.css?s=1604826087\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:21 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 51116\r\nLast-Modified: Sun, 08 Nov 2020 09:01:33 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3ed-c7ac\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":51116,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 51116, version 1.0","md5":"9549360090baf2eb8b25d3a9708fc19d","sha1":"3229ae839d33696d39c89dc0d3e193fe985f1da4","sha256":"a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f","sha512":"8f4b3ad035001539b9e5926454d7f9a704620c9cb532429db07ecbccd7bdbfafe0a23b3cfbbec154db98e1ddd167596265a31da2a2490bb61c931a7a66aa8e52","ssdeep":"768:e6d0/tqqCCys/iSuKvIhGeUQE4E5B9hJa8SnyI3npOhzX+qD7KRuwPxxRvIhvv:Q/Iql/huXhVUQE427NWpOh75KwIxRvI","tlshash":"cb3302d7596eb35f90f56b88337549286a37a670a78c84fb4d73e8ccc5824a8ecc414e","first_seen":"2023-04-05T08:48:24Z","last_seen":"2026-05-13T15:09:57.279551Z","times_seen":5525,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":291,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/fonts/roboto-v19-regular.woff2","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:21.557Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/fonts/roboto-v19-regular.woff2 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/skins/elastic/styles/styles.css?s=1604826087\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:21 GMT\r\nContent-Type: font/woff2\r\nContent-Length: 51116\r\nLast-Modified: Sun, 08 Nov 2020 09:01:33 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3ed-c7ac\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":51116,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 51116, version 1.0","md5":"9549360090baf2eb8b25d3a9708fc19d","sha1":"3229ae839d33696d39c89dc0d3e193fe985f1da4","sha256":"a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f","sha512":"8f4b3ad035001539b9e5926454d7f9a704620c9cb532429db07ecbccd7bdbfafe0a23b3cfbbec154db98e1ddd167596265a31da2a2490bb61c931a7a66aa8e52","ssdeep":"768:e6d0/tqqCCys/iSuKvIhGeUQE4E5B9hJa8SnyI3npOhzX+qD7KRuwPxxRvIhvv:Q/Iql/huXhVUQE427NWpOh75KwIxRvI","tlshash":"cb3302d7596eb35f90f56b88337549286a37a670a78c84fb4d73e8ccc5824a8ecc414e","first_seen":"2023-04-05T08:48:24Z","last_seen":"2026-05-13T15:09:57.279551Z","times_seen":5525,"resource_available":false,"data":null}},"time_used":293,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":291,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/images/favicon.ico?s=1604826082","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:21.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/images/favicon.ico?s=1604826082 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:21 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 2294\r\nLast-Modified: Sun, 08 Nov 2020 09:01:22 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3e2-8f6\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2294,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 16x16, 32 bits/pixel","md5":"f1ac749564d5ba793550ec6bdc472e7c","sha1":"e7629a6866f78f303da1ce3acc4245931d2d9b58","sha256":"57cd8ca9ca6e635c103951b8339f8661e3dbc6eded99c082c6ea1df8e866e9e4","sha512":"126babdb40d5cf8d31c980876f81f44d490e89a2b9921a071c29d7ab77dae5b3e5f1e5373fc4abc72b89bc32fc877fcb6d8473ac33faae3475c5d5fe9998ce52","ssdeep":"","tlshash":"e741a6183a6bbc0cf5ce51f5df40bb440224983a27c043d799902a70ab177c2bfb894c","first_seen":"2023-04-13T06:48:44Z","last_seen":"2026-05-12T15:11:50.494497Z","times_seen":715,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"mail.byala1.cn/","fqdn":"mail.byala1.cn","domain":"byala1.cn","tld":"cn"},"ip":{"addr":"8.210.93.145","port":80,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T19:15:16.647Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: mail.byala1.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Moved Temporarily\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:17 GMT\r\nContent-Type: text/html\r\nContent-Length: 145\r\nConnection: keep-alive\r\nLocation: https://mail.xfdw163.com/\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Moved Temporarily","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4962,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-13T15:33:13.162002Z","times_seen":15117490,"resource_available":true,"data":null}},"time_used":875,"timings":{"blocked":292,"dns":1,"connect":292,"send":0,"wait":290,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.byala1.cn","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-24T19:15:17.233Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:18 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/7.3.33\r\nSet-Cookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs; path=/; secure; HttpOnly\r\nExpires: Wed, 24 Dec 2025 19:15:18 GMT\r\nLast-Modified: Wed, 24 Dec 2025 19:15:18 GMT\r\nCache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0\r\nPragma: no-cache\r\nX-Frame-Options: sameorigin\r\nContent-Language: en\r\nStrict-Transport-Security: max-age=31536000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"PHP:7.3.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"RoundCube","description":"RoundCube is free and open-source web-based IMAP email client.","website":"https://roundcube.net","common_platform_enumeration":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","icon":"RoundCube.png","categories":["Webmail"]}],"data":{"size":4962,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (730)","md5":"964243510b1706849b8eb22edb639a0c","sha1":"b9349940ef18e1dcdf241c38d862a23dd02de038","sha256":"ee282ef4efb976fc71b6b4f30e08211abbe025b5b3fd88d9f178412b89bc208b","sha512":"48d3f2f95c5bb4fb5e8a965544c4a3ca07f5f8f10aa5100b508eb8a60482cd888c9421cee368cd96850e335283d0e68e6511577d633103a5f67c6c492e6cb391","ssdeep":"96:F+hseou9UtENUJoZWZwNDGFASGwFvYRyGULfLtUunz:Ahseh9U6KJo8ZwNDGFASGweuLtUunz","tlshash":"c9a1a8422c09ce37056204e9b5cbf58886fd8268e2107d98b5fdc21e1f95f5c99e67b4","first_seen":"2025-12-24T19:15:43.529008Z","last_seen":"2025-12-24T19:15:43.529008Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2625,"timings":{"blocked":1159,"dns":301,"connect":283,"send":0,"wait":307,"receive":1,"ssl":571},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/skins/elastic/styles/styles.css?s=1604826087","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /skins/elastic/styles/styles.css?s=1604826087 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 103595\r\nLast-Modified: Sun, 08 Nov 2020 09:01:27 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b3e7-194ab\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":103595,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"4e7a1a6ae689ee5cc49f8dadce5fb9ff","sha1":"881bdb0596551eec056525020a0a7afaf550ce7c","sha256":"7be8adede2f06532bc60694f1a065b6db1d1447951451229cedb9921856025bb","sha512":"431b045436c42d488d5464f33422474c2e8e9ee4aee876b466999be9c263d061f30042b27ce26abe8d953c5cc74df3225ead7c7fc6483a0b21a7401973d641b1","ssdeep":"1536:ggnhH9J1tLEfjs+QwNx+Kr9gzRkFKv+A8Drkc30t7s:ggnhH9jtLEfjs+QwSy9gzRwt","tlshash":"c5a3d6fef458359c773fc20bbbc1b79c7269e024c2111eaae10bb55c86ce11a9572b19","first_seen":"2023-04-07T20:40:11Z","last_seen":"2026-05-12T15:11:50.495794Z","times_seen":635,"resource_available":false,"data":null}},"time_used":1133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":571,"receive":562,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mail.xfdw163.com/plugins/jqueryui/themes/elastic/jquery-ui.css?s=1604825872","fqdn":"mail.xfdw163.com","domain":"xfdw163.com","tld":"com"},"ip":{"addr":"8.210.93.145","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mail.xfdw163.com/","date":"2025-12-24T19:15:18.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"mail.xfdw163.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Thu, 16 Oct 2025 11:29:26 GMT","end":"Wed, 14 Jan 2026 11:29:25 GMT"},"fingerprint":{"sha1":"57:FB:7D:A7:14:95:FE:8B:79:68:16:98:07:ED:55:DF:FF:4D:72:B2","sha256":"4D:6E:15:B6:6C:4C:47:58:9C:D2:90:00:5C:77:1A:47:E7:36:C2:2E:E9:A6:B4:EF:36:72:3D:67:7F:2D:0E:25"}}},"request":{"raw":"GET /plugins/jqueryui/themes/elastic/jquery-ui.css?s=1604825872 HTTP/1.1\r\nHost: mail.xfdw163.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mail.xfdw163.com/\r\nCookie: roundcube_sessid=bkfugoes3i6i52cmnq0iftfggs\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 24 Dec 2025 19:15:19 GMT\r\nContent-Type: text/css\r\nContent-Length: 34190\r\nLast-Modified: Sun, 08 Nov 2020 08:57:52 GMT\r\nConnection: keep-alive\r\nETag: \"5fa7b310-858e\"\r\nStrict-Transport-Security: max-age=31536000\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34190,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2515)","md5":"58500b350f9ebfc6a6ddf292859207ad","sha1":"b87ad65d09c6b423b54b0241afcb628605d1bf58","sha256":"06bd23ab85e71dcb4aabe629932bb6438fe0819cfd037fd5f53168af71db0c35","sha512":"67f7e0eab2d347aaae4d789d87eb103a55df4faf2abc411810b644a579c2f7a543437062a51a4a21ea08e7611b5166d71255a7223284f557f710066df3cdec61","ssdeep":"192:10OW0dCbMiEt7j6lKn+brG+EQv5s3+5YQY+h572hk/4rVY5Y6BjSmMErEURHjni1:pCwiEt7jV+vEW1e1aTiF5fyXDS25m","tlshash":"c5e2fa316b433919ba0bd1a425a11bf3d32e1342ee2b6e7e54ab395cd3d54e080bf5b4","first_seen":"2023-03-07T01:25:00Z","last_seen":"2026-05-12T15:11:50.489157Z","times_seen":799,"resource_available":false,"data":null}},"time_used":2160,"timings":{"blocked":810,"dns":1,"connect":266,"send":0,"wait":533,"receive":1,"ssl":545},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-24","alert":"Sinkholed","trigger":"mail.xfdw163.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}