{"report_id":"08845b75-e079-434e-bf1d-d2d1eff9f359","version":6,"status":"done","tags":[],"date":"2026-06-01T14:32:40Z","url":{"schema":"http","addr":"gcxchoog.com","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":0,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"title":"GCEX","dom":{"size":102032,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1044)","md5":"19c9a961105aca0e202d2a8bd53d0bd4","sha1":"2e8c70e7977e27ad19b916e4367da33973a22ed7","sha256":"39d4fe3ada460970da32a102e8c638cfee13001ef93afb4c5eb0ed485e8f2d5f","sha512":"1bee1e47be1a76bb6c9312ea076b9e1d1700bf96dedab651e6eedd57ba3fb125166ab12d89aa60d709417de14ce97c2c12171cca61ca78436b5244418a53505b","ssdeep":"768:xzJSBFbbFGFrqtlr8Wj5sAdqBkqr4SRqDlZM/eO/cNBalv/dBYHAY5KYgrY6d5Js:7KdbMlTrdFx/njgyLGjg4hD+zQF","tlshash":"d3a39724b7ef042e282350819f75275630faa533da06c4117bbc1d917fcda0d6977aae","dom_hash":"domhashdaf3c4825f727567b58904227ba77ee6","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"gcxchoog.com","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":0,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-06T14:32:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"gcxchoog.com","ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"domain_registered":"2026-02-19","domain_rank":0,"first_seen":"2026-06-01T14:32:41.609218Z","last_seen":"2026-06-01T14:32:41.609218Z","alert_count":108,"request_count":108,"received_data":2776698,"sent_data":58354,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery:2.0.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"FlexSlider","description":"FlexSlider is a free jQuery slider plugin.","website":"https://woocommerce.com/flexslider/","common_platform_enumeration":"","icon":"FlexSlider.png","categories":["Widgets"]},{"name":"Bootstrap:4.5.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"ThinkPHP","description":"ThinkPHP is an open-source PHP framework with MVC structure developed and maintained by Shanghai Topthink Company.","website":"https://www.thinkphp.cn","common_platform_enumeration":"cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*","icon":"ThinkPHP.png","categories":["Web frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-31T22:21:48.210615Z","alert_count":0,"request_count":1,"received_data":6149,"sent_data":468,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-05-31T22:42:17.707694Z","alert_count":0,"request_count":3,"received_data":331417,"sent_data":1530,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"b46b408cbc942d63bfd43a8f1826983e","sha1":"01e1cc338f720796c5029f1d5097e99b19077370","sha256":"3950b6d46e52d6121b17de344357e78659f755146076c05122cd2291a13263c2","sha512":"79260325162b5e9a771cc4458de579320c761e12b7fe755ba7aa5a8c88c1adc7010a2b86b2dafb3f568a170dfdfa17c8df18d606e8248feb9aa8329cea9b322f","ssdeep":"","tlshash":"1621384cfbcd1e973532312c0e3f51899d3966235414c865f23d25f47b8d5093202e96","size":1368,"data":"","first_seen":"2025-03-15T05:55:29.583227Z","last_seen":"2026-06-01T14:39:11.949899Z","times_seen":72,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"63d0972fc7c9b91deb5c3230523e2205","sha1":"72f098f9102d426978fea0e743ae76dc2c1bf2b8","sha256":"107144e2d6013555017bbe7e06cef39c53ce46f9765c403a7ba45d2d0b5008d3","sha512":"9c2b205c398924d05a59ba9a017336a1769ce37d5eec64344d05ef8d88937aec222391d24bffbdce9c32e1ceaa76a24e2120d753563b29095a1dd3b950554cfa","ssdeep":"384:PKCvKU9+wReE1bOw3+UhawGQGUVGAtealIAP2GPqUFmU/sAtQanuUi4i:PT/5zbPrFf1VtBzpXtI1","tlshash":"a982b36cf993245d3c9324159faf058038e87647cb4ad4153aadacc26f4820da5bbfde","size":18580,"data":"","first_seen":"2025-03-15T05:55:29.585573Z","last_seen":"2026-06-01T14:39:11.952206Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-06-01T14:39:11.948161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"590cc2f6117df7b8f3b47ab865294c1d","sha1":"558eca1134370c53a9a74f79e84258872521893a","sha256":"6621ecf7bcb87ced97cb13e4aed4cd1e990a61edb0a31ea501f6a3170c4f6424","sha512":"c01260038c9c603625b924bcf5c6717ba696d5c7648b04edac5917e8adfc2f8319fb590b9021e8d0708c9e3842af77521d0199cf3aa39543155a5c6d0f793ce1","ssdeep":"","tlshash":"6b11f2f8f85b20da7cd324149baf015134e43647cb09d00936aea8822f8810da5b7bde","size":872,"data":"","first_seen":"2024-12-24T17:17:56.728956Z","last_seen":"2026-06-01T14:39:11.952734Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"e6d9f4a7a822a53d192210623dbdee1e","sha1":"157aedb38b162723125de7a1140cd780ec3ba3a7","sha256":"d7632dc5dc884c000d20cf8801f2a066b59701847c74555c1f7ecaecfc66a1b3","sha512":"61b12d5865e1b07f40cc227e7994f706619d1c26132b8d197100e8dea35d6546ade17cc07df236dd8a0703abf502d123ca7b9184891ecf9d03a3cb5832d7d46c","ssdeep":"","tlshash":"655100c0c0003c00c0c000fc0cc00000f0300000c0c0c0300c03c0c0c00c003c03cc0c","size":2552,"data":"","first_seen":"2026-04-22T18:26:39.827081Z","last_seen":"2026-06-01T14:39:11.950472Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"565216956bacfaf2e46213ed6b38549c","sha1":"106df23b7992e68ce57e2a1668d62c7fcff79721","sha256":"c4926aea646e632ad2bdd3a4d5668163d5f6513755e71706b3566f23f8251c40","sha512":"9ac5e100fb0c1239d821d6c5c5b8658fa316918ce4df2fad3c2da7a4b7e1327c5d9d0d29c3b3520f9b45790784fecc8da4b477e256c8c981b8241adf05ee7baa","ssdeep":"","tlshash":"6a510080c020cc00808000382cc2000220300000c00288300c008080000c823c0a8808","size":2547,"data":"","first_seen":"2026-04-22T18:26:39.831806Z","last_seen":"2026-06-01T14:39:11.949314Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"3ab2caca5538cb0d5bbbc1c62d13f7dd","sha1":"035734da28a2ad336d54dca871e206a704a957b1","sha256":"b262ff426787a7fcbf77764d42656757e819f249d147999f35426eb333342cc2","sha512":"a1d47f0318a1daf6db52b421115b0e63a7d70e98ddf5f9833699a4852718b298d4996526d8df0fc035663d45d44fc9a318af8e00b806cac7ff4e738dad19d946","ssdeep":"","tlshash":"66510080c8000c00808000b82c82003020202020c00080000800808022080028a0080a","size":2549,"data":"","first_seen":"2026-04-22T18:26:39.820524Z","last_seen":"2026-06-01T14:39:11.95704Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"bf95500273e223863fb94c92f109146c","sha1":"31394f13102ca1469f025cffb3530836c51f85b6","sha256":"e8117162c76e2778b4dcc5f3c66b44082fd5f85ec3160e411eab35a486351a25","sha512":"ea46e24dd1b246bed230b07cfec730bff714db0f5ea4b6f81daeb2d487d4b107f7fceaf22769c6c2060feb969206f1502bc6cb8b5f07e240f8a18c4079bee46a","ssdeep":"","tlshash":"7d5100e0c08e0c22808080380cb0000220208000c8c08000080080800008002800080c","size":2563,"data":"","first_seen":"2026-04-22T18:26:39.841376Z","last_seen":"2026-06-01T14:39:11.960669Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/jquery.SuperSlide.2.1.1.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b9bc63ab05e21e3830da5bbb4ccee67","sha1":"d162156bdaf14217d76d920e0e57b86d8feb1d97","sha256":"349e46b2c65028736d0bbff7b829c7fc6fbdebc1fb1e8b12365a0ca2e6e9e848","sha512":"bdfa220da1f08e29f05a9984c4999d7e742bea10ad86b7e497a0d112c7992cc52b7f1e9f5430b4286f14bb2336110f85cbdc3164a92121caaf5c91961f7e69c9","ssdeep":"192:j+K3bxH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:jNcnqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"9532c65fb66635ca4597b3f1107f940d222b5965fc8a8ca0b17082c0adb9a1c243bfed","size":11264,"data":"","first_seen":"2023-04-05T11:06:31Z","last_seen":"2026-06-08T16:12:48.656099Z","times_seen":13821,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"134d8974004180564c45b5d31aaff53a","sha1":"e782700779d55c71753c2e83c737ddd75f1feb5b","sha256":"7eb458cf2afde95d64f8b19b0014547281d79481c92b2667bc041f162f5a0c11","sha512":"799181c95fac4e87f19caf98012e6b512fd4e030df64355515923e9c06816d1130fd810a1a94ae3ee6c981f848c495c2132bbe97fce0788aaad8ac8fc4a7fa3d","ssdeep":"","tlshash":"5311d469b49310583d5334158faf164034e4b647cb45d4043aaca8826f5860ea5b6ede","size":936,"data":"","first_seen":"2024-12-24T17:17:56.732307Z","last_seen":"2026-06-01T14:39:11.953307Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"dd88769f66853521c4eb1386fb31f5af","sha1":"f2e5b632c5fa6c667cf33cfcd7353206383044ab","sha256":"f4d545af500f264647a269ee45c099feb11c3dbc962ddcbd623b001a043f227f","sha512":"00e45cf300ad73445c7b7e5211f3d73859abd2fafb0c9c7f3bc147b392c656dcc737c7cb2b243d1cbaf7d911dcd12c55f5bd4d4ecad24bf48675df106e4c8c5b","ssdeep":"","tlshash":"635100c0c0000c03c0c0003c0fc0c00030300000c3c0c0300c03f0c0000c003c03cc0c","size":2558,"data":"","first_seen":"2026-04-22T18:26:39.83618Z","last_seen":"2026-06-01T14:39:11.959612Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"565216956bacfaf2e46213ed6b38549c","sha1":"106df23b7992e68ce57e2a1668d62c7fcff79721","sha256":"c4926aea646e632ad2bdd3a4d5668163d5f6513755e71706b3566f23f8251c40","sha512":"9ac5e100fb0c1239d821d6c5c5b8658fa316918ce4df2fad3c2da7a4b7e1327c5d9d0d29c3b3520f9b45790784fecc8da4b477e256c8c981b8241adf05ee7baa","ssdeep":"","tlshash":"6a510080c020cc00808000382cc2000220300000c00288300c008080000c823c0a8808","size":2547,"data":"","first_seen":"2026-04-22T18:26:39.831806Z","last_seen":"2026-06-01T14:39:11.949314Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"5b802191f5c15cd7512f28978db6cab1","sha1":"99652c1b4f3bffb8472a38f83e170579f3be52ea","sha256":"a989644e59b4fff37f3049585aacdab66815b6ca932d412c94a950d4998ba2e6","sha512":"e2207946de2afdf9a5c94214e01368f422308100a8c99133ceef41fb0912ec31cb4ed3aff1b68f17c34ace11931505c45e42e9d80fa6fdf7a0da9d45bc8e57c0","ssdeep":"","tlshash":"c15100f0c0000c00c0c0303c0cc0cc0030330c00c000c0300c00f0c0000c033c00cc0c","size":2584,"data":"","first_seen":"2026-04-22T18:26:39.825331Z","last_seen":"2026-06-01T14:39:11.948777Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"72be916aec41d30e92b0ac12e5eabf2f","sha1":"2b29ebc300178cf357331cffdbeaa4219226c495","sha256":"1f1a582f830cd40e136506199d7a137e2c0ad98f4ec2c8e45f40ab3f21dfd82c","sha512":"fd83d9af00ab9ea002a406287d9344b1cb2494312d562b34a9cb8376b53b1d7652c29c0c3d48efb3738b87bb506d04de565b4b47cdd64f10359774db9271055a","ssdeep":"","tlshash":"2311d859b45310593c5328118fbf01a038dc3547cf69e80676acac822f6812d65beade","size":956,"data":"","first_seen":"2024-12-24T17:17:56.73644Z","last_seen":"2026-06-01T14:39:11.953998Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"f1d8f167ab5d0db772505d2dcfbe1b22","sha1":"18385f7c4ef25551e09093f06d1e34a8f63e3e88","sha256":"ab7e1a01e49c4718fbe110389de7c0b353e536ff7fe33ed0406959900ea1877b","sha512":"d292fd411d2d17c4dbad73f309dd69da65ee06a2f27f856d52dbbec9d74327007ce4c546c0128bcec677a37e8efd8d2a2a66f2f3eac3bd4d7eabab8186af6fe1","ssdeep":"","tlshash":"6c118468b493245c3cd324159baf258434e67747cb45d4153abcb8c2af4c20da6b7bde","size":953,"data":"","first_seen":"2024-12-24T17:17:56.737498Z","last_seen":"2026-06-01T14:39:11.954567Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"f56f990a9346c780d8c3c40ff3facad1","sha1":"fd796e44307d1e4f9c79d0dda36f19f0615bfbc6","sha256":"e70c73dd5aec8eabeebd96a0b6bd3f12fbcfcb58c8ebde8e85834d251a9b8dc1","sha512":"ac1e4441c2e7485d64d7489d891ae1b276eb8ec72739b8aad1330034f75bf1c6e9a2df2d7426b3a46c82d5dce2ff1c29b9dafef7e51ef0763e060bf9fc4e1f37","ssdeep":"","tlshash":"df11b16cf49328583d5364118bae394038f477478b45d40537edb8822f4820ab5f6a9e","size":963,"data":"","first_seen":"2024-12-24T17:17:56.739953Z","last_seen":"2026-06-01T14:39:11.955252Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"3ab2caca5538cb0d5bbbc1c62d13f7dd","sha1":"035734da28a2ad336d54dca871e206a704a957b1","sha256":"b262ff426787a7fcbf77764d42656757e819f249d147999f35426eb333342cc2","sha512":"a1d47f0318a1daf6db52b421115b0e63a7d70e98ddf5f9833699a4852718b298d4996526d8df0fc035663d45d44fc9a318af8e00b806cac7ff4e738dad19d946","ssdeep":"","tlshash":"66510080c8000c00808000b82c82003020202020c00080000800808022080028a0080a","size":2549,"data":"","first_seen":"2026-04-22T18:26:39.820524Z","last_seen":"2026-06-01T14:39:11.95704Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"5b802191f5c15cd7512f28978db6cab1","sha1":"99652c1b4f3bffb8472a38f83e170579f3be52ea","sha256":"a989644e59b4fff37f3049585aacdab66815b6ca932d412c94a950d4998ba2e6","sha512":"e2207946de2afdf9a5c94214e01368f422308100a8c99133ceef41fb0912ec31cb4ed3aff1b68f17c34ace11931505c45e42e9d80fa6fdf7a0da9d45bc8e57c0","ssdeep":"","tlshash":"c15100f0c0000c00c0c0303c0cc0cc0030330c00c000c0300c00f0c0000c033c00cc0c","size":2584,"data":"","first_seen":"2026-04-22T18:26:39.825331Z","last_seen":"2026-06-01T14:39:11.948777Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/jquery-2.0.0.min.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e22f82a5194d1f03ecb712baad2df66c","sha1":"6a9afa00acf537cbdede4aea27f01f8ef6ab165d","sha256":"ac1b82725819fba761d03c03a208214a9157bb026cc5e843d43105970407603a","sha512":"141dcfb31585ad569e19e7769d32a5544219fc1a010611337777f093b1c7143cd8de374b1b50484709a7f42fa472561bbb8976510d06f62f2cf34e3426bde0d7","ssdeep":"1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa97:oNM2Jiz6oAFKP5a98Hrq","tlshash":"f583d6d9b2c27062977734b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","size":84284,"data":"","first_seen":"2023-03-07T12:26:50Z","last_seen":"2026-06-07T05:09:58.084292Z","times_seen":830,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe84461ac265684cd4e8443a73684daf","sha1":"5c59114051b6d142275570fb4d72f248a1e5b86a","sha256":"70651d0618a2be83cae3596fa3a0cf04d1ac661569c3ff0d826a225c1793c637","sha512":"e74fdb07daba61c2b5f1a489f3e4f8bbf2502982078817687e81f5eacfcc3e00a3f815e54b7f2e6b388644dcfdad9a3910ca0ffc70d79b319a50e65a7f04a892","ssdeep":"","tlshash":"ce11b16cb557106a6c5324119baf114038eab7478f45d40437aca8836f58109f5a6ade","size":935,"data":"","first_seen":"2024-12-24T17:17:56.741028Z","last_seen":"2026-06-01T14:39:11.955786Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"a7f62e1d9908c256a320ee5fc026eb8f","sha1":"a981fc357123dfd6e71a62a09cf57831da43e428","sha256":"642649706ccd4f644d46432f0d25d54bccfdd0739e14617b74243c5b9003f79d","sha512":"4e66194179da0452e52811796d113af77e70621f052a8a7da49f971e647b0f4a86d6059aa4ce1e7939b38fbbdc897de0710678a922f31b71b50023cd88b62ebb","ssdeep":"","tlshash":"4311d469b553105c7d932411afaf254034e43647cb49d424beaca8923f4810de9beede","size":947,"data":"","first_seen":"2024-12-24T17:17:56.743928Z","last_seen":"2026-06-01T14:39:11.956404Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c3f02f6d67f72b39526de45f99887f5","sha1":"0ce53d46b8f83f30c994e427e89db57d224fa03e","sha256":"9f47123bbfc2f11ad77796f85911e688279150f8dada01c0bd73c7407cffe602","sha512":"d47498ec8cb9ec3bfb3526186702add9a4db2aa968640a460018fe5a806079f094439508000702b8ce435c109c49fecf78356b85f747620fdc547e4bafa1082d","ssdeep":"96:zUH9w/iICyLGH9w/aICy3eH9w/8ICyxDdwH9w/mICy5+HdwH0IyC:zM9w/iICyL29w/aICy3u9w/8ICyxDdIY","tlshash":"eca1e668f893245d7c5328259faf058038e47547cb49d8157abcac826f4820ea5fafde","size":5011,"data":"","first_seen":"2024-12-24T17:17:56.745193Z","last_seen":"2026-06-01T14:39:11.957912Z","times_seen":80,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"230dfa9d563e8cecff99cf1ecb6d11e2","sha1":"9d5a1ea4b2b2895dedaf0d8ab2927e641e153471","sha256":"36a54f99265f3c3b8f533538c4ae1dcc8847fca78322ea6bd85a7c64e1383564","sha512":"112917bbec71614d2890ef5258af7e61cb24a54f535d768c80bb671d0acb749111368a278f645ce6a0bd4736eadc99cfb9b8f423c8b7e1645727adb0665a3eb9","ssdeep":"","tlshash":"f65100a0c0000c00808000382cc8002030288800c20880000800808220080028200c28","size":2555,"data":"","first_seen":"2026-04-22T18:26:39.834774Z","last_seen":"2026-06-01T14:39:11.951079Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-06-01T14:39:11.948161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/js/jquery.flexslider.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"242034cacf5d08f9a4f4df40208f830b","sha1":"56cffde8b9ca0b7e3161714b786651ac2b87a953","sha256":"487639627bd943c11e40764b968904c921e505bb73f0ae5d7367c8c8ff84a526","sha512":"fcbb4ccb030b5d9dbd4c96c44de7387ba9dd4963f14034ddb2a0ae77ef10e08167290d56565afceebd03e68a3d40d3bdceea903490e6bd0c509afa9ef034582c","ssdeep":"768:oILMsh61e6anxUS1cdeAzMuwskDkg9iPFi2PU1SFzuLdu:kynN8P1PU1SFzuLdu","tlshash":"3043ff1a61b2166589a372ae2f5fdc14eaf78343901dc969fddd030cdf4442806b6bf9","size":57384,"data":"","first_seen":"2023-03-07T17:01:43Z","last_seen":"2026-06-08T01:04:57.184182Z","times_seen":770,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/layer/layer.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","size":19831,"data":"","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-06-08T11:10:22.725576Z","times_seen":13775,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"6762eabd88d58866ecdbe3f555bfe6dd","sha1":"4a56070bf0816ad79bcdaab2cbc4336a88079585","sha256":"991f79902d13b7113ca49d4355ee044f6584d231681399694b2359c804c67d38","sha512":"463d26672ee7256df66dcd64253744e674906e78327d8f447513694060fc8f46ba78c5d0192c3ebaa040851dfceba1e088dca59845453787e26b79d453b88ab3","ssdeep":"","tlshash":"95410351a3476cd568f3a96f1f5390120c3924232947c9183f5ed7e08ffae93a064ead","size":1894,"data":"","first_seen":"2025-03-15T05:55:29.604071Z","last_seen":"2026-06-01T14:39:11.958503Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"fbbb012e519b910a02da83ac6d3112da","sha1":"a03af70ac8200203516bb605834e1e3a1a061948","sha256":"b3f004b5887b020f0abc7d1046d655e1b275a9eb354f05212175561521105a47","sha512":"5c76b4a0f8abfa543ae0c28835d8685715b0899a787e39f251d28a06484c9f51a0de7dc1fc258b4891080768550ee830e5b0594bbac8a8e61594d117ce751b80","ssdeep":"","tlshash":"6cf0c96e0a1ed7ff70a80235532aa2ef70cd4baa90076807fe87021716ac118bc01ea1","size":527,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-06-04T15:30:27.669974Z","times_seen":6997,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/bootstrap.bundle.min.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8831aa095cdec88f66c2e46c339cf352","sha1":"5db4c40dbc6bd3d9623ee98a2061dd265885cf2e","sha256":"79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9","sha512":"b07f093e128951e03d3d693778e70e97c53e95f65382d0570f8d6ae9c3bfb25c311870b129c5b8e4ae283c25211c6ecd301e266ca11d75598fb935eda5b09b14","ssdeep":"1536:GaPTJR2t4PqiiyuL5FehgTr1voCBZx6wVlLBkS:4OANBZVV5","tlshash":"0f73c5493254b87309ee15a68037460bf7256d94b14b802cb5bdacde2b3dc8672b7f78","size":78748,"data":"","first_seen":"2023-03-07T01:34:42Z","last_seen":"2026-06-08T14:06:36.056532Z","times_seen":7770,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"9efd226d0221b065cc125456f5881d2e","sha1":"5a3aab17085722efbd72b0fb88fa77cffa4766bc","sha256":"536167be9affbd8d39d5afddd7ba6660d34e7796c5a81f0ca8bc40657c0a11d6","sha512":"81847457937451cf4f1ecfc6e2714051c38f4af0abe0f3a003e250ea8006f97e69010a16bf43b28e68857061f02346b45dc38c9e20b373bf50d7be05ccdba69c","ssdeep":"","tlshash":"95511f8deb5d046c89fb83d81e2c55cd42ba2e201c63ec369cf54e4676095b8a939d3d","size":3050,"data":"","first_seen":"2026-04-22T18:26:39.839095Z","last_seen":"2026-06-01T14:39:11.960145Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"565216956bacfaf2e46213ed6b38549c","sha1":"106df23b7992e68ce57e2a1668d62c7fcff79721","sha256":"c4926aea646e632ad2bdd3a4d5668163d5f6513755e71706b3566f23f8251c40","sha512":"9ac5e100fb0c1239d821d6c5c5b8658fa316918ce4df2fad3c2da7a4b7e1327c5d9d0d29c3b3520f9b45790784fecc8da4b477e256c8c981b8241adf05ee7baa","ssdeep":"","tlshash":"6a510080c020cc00808000382cc2000220300000c00288300c008080000c823c0a8808","size":2547,"data":"","first_seen":"2026-04-22T18:26:39.831806Z","last_seen":"2026-06-01T14:39:11.949314Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"5b802191f5c15cd7512f28978db6cab1","sha1":"99652c1b4f3bffb8472a38f83e170579f3be52ea","sha256":"a989644e59b4fff37f3049585aacdab66815b6ca932d412c94a950d4998ba2e6","sha512":"e2207946de2afdf9a5c94214e01368f422308100a8c99133ceef41fb0912ec31cb4ed3aff1b68f17c34ace11931505c45e42e9d80fa6fdf7a0da9d45bc8e57c0","ssdeep":"","tlshash":"c15100f0c0000c00c0c0303c0cc0cc0030330c00c000c0300c00f0c0000c033c00cc0c","size":2584,"data":"","first_seen":"2026-04-22T18:26:39.825331Z","last_seen":"2026-06-01T14:39:11.948777Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-06-01T14:39:11.948161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/scripts.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"48477ea73f8709a6c29d7cde0cc83e55","sha1":"5dc30fab107725dd71ab343d70b9e6267ea68cf1","sha256":"fd67e1f083236a6c171d2275401174ea62a6f24fc81193d55653080a236a209a","sha512":"0932287b99d7c96929e7464b6684fe399dfcaaea787dcab28fa0879094b5eb4d92139260fecde4ffe430eca3986430f98a72fc523332c4e476bee9ea2226b1b3","ssdeep":"","tlshash":"1ee0cd91761d4f9d1ccc3257996092c576841524e401f06790374c6c0a9584225fb7fc","size":298,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-06-04T15:30:27.648543Z","times_seen":6129,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"3141c18a9605b1422295c9e48d668c9d","sha1":"0e035fdbc893334e85d674527229f5d2fd9c8036","sha256":"1c439327512b5147799af88283ca39d0f13d331bea70d2ec3e479177c6c595c9","sha512":"9de6cc7247eb894a1a5a05a3cad42883bb7478bd38bb37e22c7ac97ae476b6a843adb97e0ed0c1ba44db35687a637a8ada2d6197fdf51b66ac1e46fb0d0863d0","ssdeep":"","tlshash":"05d05ec3ab4d2058587f319784eb15cc005c467288920d89bc3d91908ca01ec5371f2d","size":255,"data":"","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-06-04T15:30:27.672196Z","times_seen":5231,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"ec6f0514e803d311042f2037513da586","sha1":"6db1786357d8692aa41d0334b7112c18ea9ff429","sha256":"4c17044adb8e1565a98c0d5b6a468bab624c492291d4dc3d222754eba1093171","sha512":"fb1c8a75f630fd9f9f9b4400a0ddb6c67042d3af2af7afd4c05530a2911953861522e1e93562c7424d1716373ea9b490a96bdc48370dc1ed50c2e613559e67c8","ssdeep":"","tlshash":"62510080c0000820808000b80c80003020200000c080c020088280c022080028828c08","size":2539,"data":"","first_seen":"2026-04-22T18:26:39.823818Z","last_seen":"2026-06-01T14:39:11.951627Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-06-01T14:39:11.948161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"introduction_type":"domTimer","is_inline":false,"md5":"b6fe158d2b791f630e7021cb11fe814c","sha1":"0b8efae5ef40c4cb36f6ac0e20929f4ee7bdcd7e","sha256":"41bbae33b51e4efabb54ffa8d9c9c9f6c24adabd11a670ec9f778597a7098632","sha512":"d0b1b343c46e7f9a314411ef04b7886314289960cecf28ba2d6ccfe71a14772283986bb87961aed3b6d4b735857a4642b129468ae802f4d07645eb0314df7159","ssdeep":"","tlshash":"ac5100c0c0000c03f0cc003c0cc0c00030300000f0c0c0300c00f0c0000c0c3c03cc0c","size":2541,"data":"","first_seen":"2026-04-22T18:26:39.819208Z","last_seen":"2026-06-01T14:39:11.948161Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"gcxchoog.com/xm/1INCH.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/1INCH.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3a8-2970\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"15d97161b65ddac5d4abad667dcddff6","sha1":"cc213aa8e905bee08ba0cb391d9ac525111270b9","sha256":"5c15c5889ca614021ec4458b6fa8180585a9d648161788206ab69a1173ddb780","sha512":"0a0d2b8f8262476940647be1d45891434d1f3ed1169161e2f5d6eb333f8168e89beb7719c846c4efb495a628a9f4fae810183b4ce663adddbcf6aa1e14b71d37","ssdeep":"192:5fSoETndenJtcoAPbMYjSVrz5pnYSPQcOGslchh4hplrk5M:hSHTCmu5yJfjBplAM","tlshash":"0a22bf4abc657815814f24db81a6cd1d86ff8dc17926c12d248ed22803daca7f8ba683","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.932379Z","times_seen":312,"resource_available":false,"data":null}},"time_used":1929,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1929,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/scripts.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/scripts.js HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 298\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\netag: \"62c3214c-12a\"\r\nexpires: Tue, 02 Jun 2026 02:32:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":298,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"48477ea73f8709a6c29d7cde0cc83e55","sha1":"5dc30fab107725dd71ab343d70b9e6267ea68cf1","sha256":"fd67e1f083236a6c171d2275401174ea62a6f24fc81193d55653080a236a209a","sha512":"0932287b99d7c96929e7464b6684fe399dfcaaea787dcab28fa0879094b5eb4d92139260fecde4ffe430eca3986430f98a72fc523332c4e476bee9ea2226b1b3","ssdeep":"","tlshash":"1ee0cd91761d4f9d1ccc3257996092c576841524e401f06790374c6c0a9584225fb7fc","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-06-04T15:30:27.648543Z","times_seen":6129,"resource_available":true,"data":null}},"time_used":2177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1915,"receive":262,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eth","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:25.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:25 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":242,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d706411374fb5d09384f1c2bbedb95a8","sha1":"01de7247abc16d750841a287326c8198de12a515","sha256":"6b2f91f9a0c272794d081e96e2975bea259991a82514b8a47321f7b7caa1f765","sha512":"d195ac86172033a66faf3241831e368e7b0dfadc9b0cff0db92192cd2a398b93ec10a08bf56ae0b8a302a7f9b155fbb6ffc53703f703af52693a9d8e0453b3f6","ssdeep":"","tlshash":"bbd0a7a87e3e182d5e72f7d2b4e5277e184e088ad041430a66ff4d7c35a920d7326833","first_seen":"2026-06-01T14:32:52.690276Z","last_seen":"2026-06-01T14:32:52.690276Z","times_seen":1,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:26.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:26 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eth","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:34.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:34 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d706411374fb5d09384f1c2bbedb95a8","sha1":"01de7247abc16d750841a287326c8198de12a515","sha256":"6b2f91f9a0c272794d081e96e2975bea259991a82514b8a47321f7b7caa1f765","sha512":"d195ac86172033a66faf3241831e368e7b0dfadc9b0cff0db92192cd2a398b93ec10a08bf56ae0b8a302a7f9b155fbb6ffc53703f703af52693a9d8e0453b3f6","ssdeep":"","tlshash":"bbd0a7a87e3e182d5e72f7d2b4e5277e184e088ad041430a66ff4d7c35a920d7326833","first_seen":"2026-06-01T14:32:52.690276Z","last_seen":"2026-06-01T14:32:52.690276Z","times_seen":1,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_fil","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:37.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_fil HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=fil"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:37 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"125c3faa4104a2db37c8eaa2d14f66d6","sha1":"9734e3d982579d6d4953075be7332276959a68c5","sha256":"2a921c3f46c9590043f0fd438eaaa3a4a630a1f200ab220bc87b4cc02fd07e84","sha512":"253d1fb767d185160433e64271695189792e652ed3e84917a57526c709fa8e484aef1f2ee00618795bada44423f733c59052aa4d09fbef66e78943d9bf391f1a","ssdeep":"","tlshash":"5cd0a5d0397cc9190c31b7d558d53b5d549d4447c041730a59fe8d68115c70d3171d23","first_seen":"2026-06-01T14:32:52.692372Z","last_seen":"2026-06-01T14:32:52.692372Z","times_seen":1,"resource_available":false,"data":null}},"time_used":305,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":305,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/css/base.css","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Home/static/css/base.css HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-64a5\"\r\nexpires: Tue, 02 Jun 2026 02:32:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25765,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (846)","md5":"8739b7f6cc1db5ea89afe0a14afacd7a","sha1":"f7dc32e9b67f5a0190cdb0d641f141294522fe46","sha256":"446377cfd8abce9140615cc2df1cfd3c2e8f908f179cbe1c7bc6209ef1bd2f3e","sha512":"8daa0f9ebd76dc9e94f4c5cf0acd3380b91abe7186648e41574d747c9cd0bfc2a6c28ba80c0e34ce2aba079782d9061d73bb37010cd77f7f59bc5879a19612a6","ssdeep":"384:BpFiOVTjRmNi2RoLy6IbRiWc2FDwFxYorvRnEkEZ58s8BXR8G8LrB888t7jL5ZBe:Y4cN39FDwFx9EZS9YzqtRB8TF3MDdu","tlshash":"12c295a7dfa30901b81bc5a41ff9ab55236c8017910bdebd7fc53648cf462d898a27c6","first_seen":"2023-06-09T02:38:16Z","last_seen":"2026-06-01T14:39:11.898486Z","times_seen":2237,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/trx.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/trx.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536463-1735\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5941,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"273ef6386ba9fa5f898cb287fc158b2a","sha1":"ca3836d219eec81150b468190f6464294f577acc","sha256":"7f169dcdd6e34e9107624b12b34d930f3c9e6dac99af40e5658d917070d23add","sha512":"199f641aef0c7476c655acfc42d23357898219c844424c611f92bc6591de05a74f8810955d0290440d18d729d4b8fc91e851fdcfb62e03dd09cf5e8fdced53ce","ssdeep":"96:evTBOSuvec7k5dzzcNMMDHrQ02VMpyD/qSjiq15njHDKOfALKHRqzH0DzgG8qzu5:0TB8odMTrzpybVjiq11jHW3QRqwDzpbC","tlshash":"ecc1bf3aa1d11b7b0acee31b430c8804d20ef253d225cd59c8af9065bed17e7406f813","first_seen":"2024-10-23T13:33:33.42136Z","last_seen":"2026-06-04T19:35:45.199323Z","times_seen":280,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_bch","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bch HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e94cd2976e9e79615a5244cbd41fcd68","sha1":"7f017b83ac37795721df340b2745a2cdafcd7734","sha256":"db0bf91bd8094417412df15e96fa2715110b7da34ef5c20366db1fcf8f2364a9","sha512":"93e4292da1b98f8ee902df81709a15205c15d63a67e32a9b97563a368d08f01673b77c0b01c48a999db8c4ad5389526603b2ec8ffb4b3b40fdd8b981c99bc0df","ssdeep":"","tlshash":"25d0a7a0bf3548160c6293d1f4d62fbe24de4157d095410d17bd8d65147c21c3517d21","first_seen":"2026-06-01T14:32:52.698729Z","last_seen":"2026-06-01T14:32:52.698729Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2924,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2924,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_chz","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_chz HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=chz"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":250,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a12833049684c3edfa7468706663b687","sha1":"83a8a2459980cb722c491576edab71ffe7333a83","sha256":"bc85f17bd21752ffe8bbfe3cf9c49a7908b4d9d9eacefb753be7c20bd4e601c5","sha512":"4fa50538c67edf802357d91e11c0e35deb699766f8a3df9ac1bbfaa6ddf6735afb2c10b22f038f5f06b8ee417dd86fafeeb3e9aecf98206308d85b025a030e77","ssdeep":"","tlshash":"11d05ef03e3d48191cbaa7d2a8e5376e94ce488188c4120a66fd8e7d496ca0e3d52922","first_seen":"2026-06-01T14:32:52.70017Z","last_seen":"2026-06-01T14:32:52.70017Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2912,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2912,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_usdc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_usdc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=usdc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":233,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1b6b99e5ac447f3e73d9099307de3790","sha1":"a52ae67565c0f0693a8b765a43e0ab422769ccd6","sha256":"8e6b0c8da71f960b62202e510a607561fd3ba834143a576ca50cc59ad2fb96b3","sha512":"52e88d95a68ccb0c6a467ad5c7c44fe2e69608cca65d0ec80514fe819c2f46613b5d162d345d4c6c47d1f04e261192199fe264aa9a5058989af0767173feb839","ssdeep":"","tlshash":"29d05ed03f79c4290832e7d1a8ea176f684e4486c085420a5abe4e6c15ae2093312862","first_seen":"2026-06-01T14:32:52.701882Z","last_seen":"2026-06-01T14:32:52.701882Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2903,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2903,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eos","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:32.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:32 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-01T14:39:11.901324Z","times_seen":318,"resource_available":false,"data":null}},"time_used":548,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":548,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/3.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/3.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42496-2dfb8\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":188344,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"c12f13b61c3edfb632087956e12dd0c2","sha1":"dcb8553bc0b998f9b52d9bda68f7ac64f86c8fa6","sha256":"3b8f0c9dcbfcd1aec87b77a6447fb9175b84231b75f8e6e0393120e0187be13e","sha512":"55971e6fe584c23ba19783017e04403c3f861741dd00556b853a5572af6e44931ff9a310606b32bdb57b581c01408632cebedc745ae0a025de401bca9e8c72e2","ssdeep":"3072:/0hKygulsxe7wEQABIXUOCUWmLEbeZmeBLvsVNe/brFqRDZM6yYfJrKHwW5pbF8p:/0hN+e7wEQABIlWmLEbec2bb/brKK6rH","tlshash":"bc0412fd9221572ba244377c7a7cdd36e90561bdf89c28a10337b7944aa347278baf40","first_seen":"2025-08-19T12:54:30.85607Z","last_seen":"2026-06-01T14:39:11.893074Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1931,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1931,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/BAL.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/BAL.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-922\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2338,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"434f95cf398ff96a140cbd3cae92cac1","sha1":"14ec93193a85de4ae155b6ad0f2a3edef58cf9e5","sha256":"920c160bd3dbb09de22b942672c48a724c389143c6347f841d60e6b938f82923","sha512":"e90d9eca88e37b4d2f5f7291ee9b3184868b6c8cc22f8a31f5190fc4359c209b6203d3feb696540111e1d8e543942446d0f1750eb8e1c58f9945e6f0aa042f1f","ssdeep":"","tlshash":"a2419854d2b8e49add276bf7a4159f33956bd129f6c80a40f5a87a3c0903f449dc52d0","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.88255Z","times_seen":322,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_bsv","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bsv HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bsv"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":248,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aed3fd4f5e3bb08ffd5259cf91751e30","sha1":"d206601bd19095394f631e3afebfdacc1183fa77","sha256":"9dc671dd871c05badbc7aea3017a4a2ac24c70942cba9210bbcc4b2b721ccc5a","sha512":"f03345037580af8c0b78f95178aa4ea055d90f20d1f6bbbc86bf73fc0d3054c8876d2d0972ba66009bb01b1bbd89c7cd0225d86fb33e9ba8d9b8b5be0cc8d959","ssdeep":"","tlshash":"f0d0a5e03f394d251c139bd2d4d5175d54de44599145470d16fd4f7822dc60d3323d35","first_seen":"2026-06-01T14:32:52.705825Z","last_seen":"2026-06-01T14:32:52.705825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2893,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/LTC.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/LTC.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ac-c3b\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3131,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"84781027c925a2d375db76b3d8ca9f3a","sha1":"7c5ae250e9e462c030e465d931744015af21d357","sha256":"03b779d3a4dad6d2c4fdcc972695892cf8d308facc05ed8bcd194cab0fc5210b","sha512":"b2ba2c600ee1942df7ac64e5dbf161f0e209fd2f008236963756ed797c463d1a15045d5d5f722f7929cd3c7496cea60a99191039eb141da3bdd8e2b465a23699","ssdeep":"","tlshash":"e5515cdaf30c1aa93ef410be4686030e4ea35d5a99e8d05800c70d77f494989ac7fb0d","first_seen":"2023-05-28T01:03:43Z","last_seen":"2026-06-01T14:39:11.904507Z","times_seen":335,"resource_available":false,"data":null}},"time_used":1929,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1929,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/FIL.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/FIL.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 07 Nov 2022 05:50:05 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63689c8d-4879\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18553,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"41173f1fac2d8fe9fcf0285d0e7d6acd","sha1":"2262cedafbeddfe8d47ffbd2ac442b0b92e681fa","sha256":"25f2ced7253fac8937192733091dc789301446bb306bdda4e7814999d03dc692","sha512":"73354a1dab8eec7ae4d2ea5c65ae235c9b9fe2860806f1a4825284a6971a001754649f868c91bd9e29e4141e6ac8bbad092296439678b02a26e9d3463e0ea070","ssdeep":"384:ci7lfIt9MsjkET7AlZaxL9qiCH5cAWs0IMzz9zgDlV52smW7NZorx:lRfTstPSa9SDIzVgbkXWAN","tlshash":"c682e0aee2d37c184a5bcb144be634b26cd23e694b636c43703dc70c9e5481963a327b","first_seen":"2023-05-22T05:59:44Z","last_seen":"2026-06-01T14:39:11.934408Z","times_seen":328,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/xmr.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.823Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/xmr.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-a8f\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2703,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"dd806331c821d34fd7e91bfc6897211c","sha1":"24b3825bf3a8f8b5e604bf6b444d7c2d97aded69","sha256":"b24a76bd9854df525b90521299de92ac4afd44f57d801e4aae184f9bca41b3dc","sha512":"57357fbe03f5e9d7d4235beca8a5e6b052f9f941797b3d094e55646d18d26fa48973067f69164c307dd7a4fbf399ccb0bb533984f59074217da0b2da0d44475b","ssdeep":"","tlshash":"91513c320899d51cd650d53d30cb94e2ad311c7e5b88b999d6d9d1b1096a4f5543dd20","first_seen":"2024-10-23T13:33:33.483221Z","last_seen":"2026-06-01T14:39:11.932931Z","times_seen":217,"resource_available":false,"data":null}},"time_used":1924,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1924,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_xrp","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_xrp HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=xrp"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d8a831e7105c23704f75e235a79950d1","sha1":"967f9e4daa7ea2eb1c1e6f7fa4587f424b3ccb33","sha256":"76791d1672cbf3625557af3a0335aa47208b198c93be7b291bd77cbd2b70ddea","sha512":"8d0ce32a8d793156815e5109c7b132d256c39b93c131efbc5b42e3b195291c1798e17a08cc2298dbde9d53ca656adee556e5ebd464734bf4f9d81d754432baea","ssdeep":"","tlshash":"e4d0a5b03f7d88151c32e7d15cd5175f6c4d48c39050d2055efe4d7a64a890c3315c31","first_seen":"2026-06-01T14:32:52.714354Z","last_seen":"2026-06-01T14:32:52.714354Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2931,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2931,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/4.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/4.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42496-216b4\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136884,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"46ef3425ec53f6643ec9b85fbebd74f4","sha1":"a55514d9c1c9a47d079881ba132b38cc0505351a","sha256":"ffa5550e8494706611447bc613e27d390b5ee209a593b0dbc8e897ff5b387c70","sha512":"4f43839415c93257a8c98e15e82964d5e524bfaf91f62f28ab67ff832054e0cc6cbcafaf25f42d4b5155ac27c1712524e7b23241bc1900ccec0d030750a88cf9","ssdeep":"3072:dT1ZHDhXAoJZs9QxmeJ0Y0v0Qk2+h1h1PnBj+WuqW7:dTvtXAMWQxmdPQvP1PB7uqC","tlshash":"98d3123094a0ae7cee4f445b0da1f37ee370c043569429382e1da5a41bed45fb926f67","first_seen":"2025-08-19T12:54:30.882636Z","last_seen":"2026-06-01T14:39:11.931828Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1931,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1931,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/CHZ.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/CHZ.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-13f5\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5109,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"2b457b22e9dd64aff296943ce340e39b","sha1":"1a6df942d2444ffe89314234db270f625e99b04c","sha256":"5cb03d2a32e3eb095ff58017138d1dd83cbb535bc62800c4fc9079bc4a5eaf28","sha512":"8043dea1d186d07a7d18aaae7ecf65d4f1731f14a85e7a96efe9fe67969b9154cd978a175274f475a1882f031a45a5ec36b1cbd9273c15bcd49b6c627990b205","ssdeep":"96:rKMGADzM6KSkXoJi+qQFxda8WP2mdVyHTkR6I9RapHhQe52sg:3GADA6hkXJ+qgxdIxjyHQM0apHKe6","tlshash":"6eb17d7f1860523e53680e3112c187e411e20c937e984b568cb19a1867bff5c17f49fb","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.928868Z","times_seen":321,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/dash.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/dash.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-e44\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3652,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"d9ae624ec75f54e7a472e706c50f6171","sha1":"8f1595d2790ab5212dad31ae8e825929abf4b90c","sha256":"b064ad396c5b7bc48b0a1c14743d779d468486fddfd41fee9a740f7a416f89b9","sha512":"9d887e629e815f75cea198674023d507e52245932594bff5be082e1b535fae19f4dcdf6c54cb72bef6bdcbac605df7deb0662b365213c498033693c62f798902","ssdeep":"","tlshash":"35716d29ad337c98fca805e1d283a01ac97b653ac04d9dd353ed753b404a058a7c768f","first_seen":"2024-10-23T13:33:33.371625Z","last_seen":"2026-06-01T14:39:11.873839Z","times_seen":224,"resource_available":false,"data":null}},"time_used":1922,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1922,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_fil","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.023Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_fil HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=fil"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":241,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"125c3faa4104a2db37c8eaa2d14f66d6","sha1":"9734e3d982579d6d4953075be7332276959a68c5","sha256":"2a921c3f46c9590043f0fd438eaaa3a4a630a1f200ab220bc87b4cc02fd07e84","sha512":"253d1fb767d185160433e64271695189792e652ed3e84917a57526c709fa8e484aef1f2ee00618795bada44423f733c59052aa4d09fbef66e78943d9bf391f1a","ssdeep":"","tlshash":"5cd0a5d0397cc9190c31b7d558d53b5d549d4447c041730a59fe8d68115c70d3171d23","first_seen":"2026-06-01T14:32:52.692372Z","last_seen":"2026-06-01T14:32:52.692372Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/bootstrap.min.css","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/bootstrap.min.css HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-2f0fa\"\r\nexpires: Tue, 02 Jun 2026 02:32:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":192762,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65184)","md5":"cb46b85888b78de64c1f51bc7797aacb","sha1":"e57147e69810b9ee63af657969ddfd6c456957e3","sha256":"652650f2c09a63e822932e07d79583c64a996e44ff680e2a9183c2a7c5b2531e","sha512":"cdf48d3e0b60cd162995316ce921e3285248d481378251f13403c39302baba3efe6332a537cccf255e2261b8c39d719ab1a9efd83e97111ed321e11dd0eefdb1","ssdeep":"1536:rQGFA+QbGwz48MIEtQ12c2Jsj+aeHYAVmJz600I40Yw:rQGqAVmJz600I40Yw","tlshash":"311492a7f581201ee493c10995d2bffe057f9586d3021baaf42737b44b452eb8a63e4c","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-06-04T15:30:27.620392Z","times_seen":3266,"resource_available":false,"data":null}},"time_used":284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":284,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/6.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/6.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42495-32a1f\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":207391,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"670ecaecfff72572e89a339d91a08e3b","sha1":"4b1816f239c121542c68fc139ca857ff209b88bd","sha256":"958ba7b0f46edb40e8a5bdc204cb275f2bf4e4c6f8e23653cf0ae871c9289308","sha512":"da4f2bddccb6f4864a7b6adb63534625219fdef47d7406ca3595a03a4df83d87a73352c0ba77879b483c3546e8894955108dd21411781f4df1de18eda9c53044","ssdeep":"3072:XH4NNTrl3D6lyiiXrJ92w3ImKcStCkEWb7Z9Z7I0wzBRavyqWnqv/8s35671L3xI:XH4H9DbpJgw3IWSwidwzjpPu3QphNpTI","tlshash":"781422a47e53801ee12e50132fade20c84697ca79b45a7b45f89360ac7effa151e1fd0","first_seen":"2025-08-19T12:54:30.883822Z","last_seen":"2026-06-01T14:39:11.937753Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1931,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1931,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/02.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/02.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:29:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94c4-1774\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6004,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 164 x 164, 8-bit/color RGBA, non-interlaced","md5":"427f187da485ae1eb8b37166ea4bdb52","sha1":"e563c994b0b025e87e59c6f05119290af8200766","sha256":"f5a54d35e121d6b7927803c6b3e9740ef66e19b0a3271be1f78fbbfdd7258ac9","sha512":"3004c92f5edac978b91b586b519a03e0a4ab40319517bedd8039278b3683a25ea0c0d1c8f927478ab80558bdb92a7a5ba7669bf6c7aff54de4e3f07166dfee26","ssdeep":"96:UZdW5NqbiSYZC2RX/QHvfQnLREVXEECneHcE4P1A1fzqqHPTEhf2N0l1NlwW/D:ULECVYEI/ofQLRUjpHKPSzbG2N0hl/7","tlshash":"23c18ed38302107f52f54f6140f990b7a57b04ae868532e8f67969c7c68df5c947a0cd","first_seen":"2025-03-15T05:55:29.528231Z","last_seen":"2026-06-01T14:39:11.88321Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1922,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1922,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/margin_background.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/margin_background.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:29:02 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94be-39398\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":234392,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2790 x 1144, 8-bit/color RGBA, non-interlaced","md5":"a65fa4327bd43d084905328e9a3e248a","sha1":"8d77ae6fc8c5fe40072d022ee7d6f4bc071afd0b","sha256":"e48087bc91d8faaade1a708aadc0759e6df3d9eadfcf14f28a1e5d25707342d9","sha512":"b3f299aae231ae8603b98af79a68805b2c2f1689ef95bd2d29c6844cffccc1efc4bcbd4304fd4e2fe58d097df77a91574ed948f07140f2fd6e19c762ee670b41","ssdeep":"6144:FtYMt5Si3X3IN6pg45n8A8cJUzl2BOQ4Hg57968zCHBsFU5x:FB3Hjuw8VC8mOQ4HW68TEx","tlshash":"34341266b1cd8c56d4bd48f150e9874d3ca63a9e06ad8e213ab1c684577fe2c6cb83c1","first_seen":"2025-03-15T05:55:29.56516Z","last_seen":"2026-06-01T14:39:11.925289Z","times_seen":72,"resource_available":false,"data":null}},"time_used":1146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_bch","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:36.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bch HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:36 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e94cd2976e9e79615a5244cbd41fcd68","sha1":"7f017b83ac37795721df340b2745a2cdafcd7734","sha256":"db0bf91bd8094417412df15e96fa2715110b7da34ef5c20366db1fcf8f2364a9","sha512":"93e4292da1b98f8ee902df81709a15205c15d63a67e32a9b97563a368d08f01673b77c0b01c48a999db8c4ad5389526603b2ec8ffb4b3b40fdd8b981c99bc0df","ssdeep":"","tlshash":"25d0a7a0bf3548160c6293d1f4d62fbe24de4157d095410d17bd8d65147c21c3517d21","first_seen":"2026-06-01T14:32:52.698729Z","last_seen":"2026-06-01T14:32:52.698729Z","times_seen":1,"resource_available":false,"data":null}},"time_used":314,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":314,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_ada","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_ada HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=ada"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":253,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5abb79d3587a71346895b5f5584ce5e5","sha1":"f5c7a3d0e245c9617a6d02c8139c8194a01e4f36","sha256":"17ed8cb234537c6db0f0ad4ee559a854d86f5e54a4d69eb74f1a55f95951d49b","sha512":"c5c1d37ec7604a5208b62a293f16314baca969889c9dec547d609e455a1e575ec36f6554bb51380ddd09c9ff5f82897aa71bbe645508d2072e0d9465d9de7c7a","ssdeep":"","tlshash":"b1d05bd03bb845363d2e77d9a4e5275f544e99459151560a16ef4d24189a21c3712811","first_seen":"2026-06-01T14:32:52.724661Z","last_seen":"2026-06-01T14:32:52.724661Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2902,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2902,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_doge","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:32.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:32 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"42bef929b2dfd127f1529ce6d6ee9a49","sha1":"e58cd1e9a8ce4af86f876faccb8ad6289b8f0a9d","sha256":"4e285805bc7e923b303e7da0b49535613bc5d5bd11bcda0d32299d3b654296df","sha512":"f24331d3171a8b9388c235ef129c59dd3ab0ee3f2afa95358396fe2c7c5231174a24ff60ac4ccb28b0742a06dd1e3a130e105c9658246fda6f952249d4d111dd","ssdeep":"","tlshash":"13d02be03a7840350c62b3e06ce51a1e548ec0a3c04086055afe8e250458a1d7213815","first_seen":"2026-06-01T14:32:52.725591Z","last_seen":"2026-06-01T14:32:52.725591Z","times_seen":1,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":315,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_etc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:35.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_etc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=etc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:35 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"89067a1155a53778bb28e9189691f863","sha1":"5fa6f215764b153313db11004c1b9e2181401c8f","sha256":"8c3ecdb421019401579929841c155df197af7ff90a6263479599760fcf0557ee","sha512":"3b4aa2dbaf64e84ed51688215435b617795e93edb2bd923943b97c2867ccdaafa1960a9c03d9a8e25011754700579634fbb8af0fa0cf5aaf364f35459b274016","ssdeep":"","tlshash":"77d0a7d07a3444750d71a3d5f8db1b3e289f8c86c084c34e16bd8fb8255860d3361826","first_seen":"2026-06-01T14:32:52.726364Z","last_seen":"2026-06-01T14:32:52.726364Z","times_seen":1,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":296,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/flexslider.css","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.788Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/flexslider.css HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 27 Apr 2023 15:17:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a9222-1b1c\"\r\nexpires: Tue, 02 Jun 2026 02:32:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6940,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"df757c10d61db76d72f3a1aa5ba02880","sha1":"1101f3bdad4263e0bc51fc7ed5b2644e01c038f8","sha256":"77f76910108b7062309dd6bfa310123a867fca01b12eef62c37e5d2d0d0cc794","sha512":"1d663c8bbee93cb2f6dec538a478fee62b991269a6bb661a89351c5ab057a81453a67eb251d0ef94518d986d2aca30e0fefa6df9858d3004a383d33478e53d0c","ssdeep":"96:KnSjtVxOrS1MWfviQzOCpfkcFQ2YOdJS5r:PjvJ3NJFQxYJYr","tlshash":"d5e1d17c16f40704a827c16cae42db1ea7acc002961ed85de5e11638ceea389c973bdd","first_seen":"2023-04-08T00:25:48Z","last_seen":"2026-06-07T05:53:45.269261Z","times_seen":835,"resource_available":false,"data":null}},"time_used":532,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":532,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/layer/skin/layer.css","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:21.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Home/static/js/layer/skin/layer.css HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-36e0\"\r\nexpires: Tue, 02 Jun 2026 02:32:22 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14048,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (13967), with CRLF line terminators","md5":"1673a003559ea1607dd77e6467a4baed","sha1":"954f4afa17e3d1c057101e62950f6c9506245550","sha256":"9748f440829e0b76d70f344e9c989f6d2302eba81aeea03211d40ef5f29fe62a","sha512":"5f9b8254fe18cdc329ca87a4852b7cb5520dcf3c406c5b3d755e99d0e7ddd618cd5ca2b455868ae14d896431cea2252b60d79d5fdd9e404a1fb8685a05ceb955","ssdeep":"192:9OcW0PmLeWVNrzztBm0T9zBKgwBnsY5Cb+RX:9PW0ijV1JbTyGY5CGX","tlshash":"1c5202e144811299b0278611d6dcbeba32f88d53e5630dbef2573c1f874c6dba2b6247","first_seen":"2025-04-07T11:37:37.344268Z","last_seen":"2026-06-04T15:30:27.63912Z","times_seen":3225,"resource_available":false,"data":null}},"time_used":2969,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2969,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/layer/layer.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Home/static/js/layer/layer.js HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-4d83\"\r\nexpires: Tue, 02 Jun 2026 02:32:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19843,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (19752)","md5":"666f4437565d197e9459e19a29f58315","sha1":"afc5c0a1369137e52b37ad5fb63f48202ce31368","sha256":"4a49651ad86a83ecbd9c2ad34e7f5c906b46ae2c4c93c1c8585148f936b7e100","sha512":"1e659ff6c47458dbbaf7e7561402c12441286c255ddec048bf654388e8666a9ceca344e166657c29fce4a08b46470b44c47e8f1c6f577adc2a4e4f4f0e7e1e90","ssdeep":"384:DQ8cuj0z4VfS7ShA3BMJOoM6bs7hwI9b4Zrxy:DQtu8CfS793QODbcI","tlshash":"5f92c85ab5503593216390a9911fa90f30f24d22eb078958f16bf1fd1ebcda562b3f0b","first_seen":"2023-04-11T09:52:52Z","last_seen":"2026-06-08T11:10:22.725576Z","times_seen":13775,"resource_available":true,"data":null}},"time_used":1917,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1917,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/imgs/hot-2.svg","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Home/static/imgs/hot-2.svg HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-1ade\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6878,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd9279cfb541640afabd1d33527f1df4","sha1":"6d828472cfaa863044b92e5c884ea8d658df4d36","sha256":"6466ed8936ba729058d7e2ae3bc93a7d8f3fb8ec385d7e3c29f21968cbd5aaef","sha512":"53a3ddf98f9ea97b18e73e5ca308a452a16142e672dcf3d1c86e61cc83e94729651eb41301bc902cc2510178e0c708fb5b66f3bf1e4ccde0fcf5f61aff77fcf5","ssdeep":"96:QRslJ3A7/H2wd9Qci3A7/H2wd9Qccra97a9tx+duKNBBbNwKDNlUs7vkSqD:QWS/Zd9z/Zd9ia97a9tKblLs","tlshash":"96e197f7e1b8b993d246c771ed52485528aa84fbeb810391c2e8ff9a6135cc04c4edd4","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-04T15:30:27.631321Z","times_seen":5062,"resource_available":false,"data":null}},"time_used":1603,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1603,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_doge","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:37.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:37 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"42bef929b2dfd127f1529ce6d6ee9a49","sha1":"e58cd1e9a8ce4af86f876faccb8ad6289b8f0a9d","sha256":"4e285805bc7e923b303e7da0b49535613bc5d5bd11bcda0d32299d3b654296df","sha512":"f24331d3171a8b9388c235ef129c59dd3ab0ee3f2afa95358396fe2c7c5231174a24ff60ac4ccb28b0742a06dd1e3a130e105c9658246fda6f952249d4d111dd","ssdeep":"","tlshash":"13d02be03a7840350c62b3e06ce51a1e548ec0a3c04086055afe8e250458a1d7213815","first_seen":"2026-06-01T14:32:52.725591Z","last_seen":"2026-06-01T14:32:52.725591Z","times_seen":1,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/bootstrap.bundle.min.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/bootstrap.bundle.min.js HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-1339c\"\r\nexpires: Tue, 02 Jun 2026 02:32:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78748,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"8831aa095cdec88f66c2e46c339cf352","sha1":"5db4c40dbc6bd3d9623ee98a2061dd265885cf2e","sha256":"79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9","sha512":"b07f093e128951e03d3d693778e70e97c53e95f65382d0570f8d6ae9c3bfb25c311870b129c5b8e4ae283c25211c6ecd301e266ca11d75598fb935eda5b09b14","ssdeep":"1536:GaPTJR2t4PqiiyuL5FehgTr1voCBZx6wVlLBkS:4OANBZVV5","tlshash":"0f73c5493254b87309ee15a68037460bf7256d94b14b802cb5bdacde2b3dc8672b7f78","first_seen":"2023-03-07T01:34:42Z","last_seen":"2026-06-08T14:06:36.056532Z","times_seen":7770,"resource_available":true,"data":null}},"time_used":1915,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1915,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/06.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/06.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94ad-1b7d\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7037,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"531f22459b2267c88d4c764feca7ed0e","sha1":"98056833a55cfbd4b2db51079fdda11733fe04ea","sha256":"ef86b87d812b9f2fa27fd2d349366318ad2c796877a8eea2fcae343f039fbdbb","sha512":"63cabed822d2357caa6f1cdfb6e5476e6bf34f23745e55ae9cc8cfdb840c0ffa2bc023b5db6759e72aed52b36df9c805b8a4c1f560bd1ddf1204d2f61ec2f91d","ssdeep":"192:QJzQ8aT3YqoWbksgOZceIP/J7o+6YEg31NvexLIb:WzzaT3c+cp/9933Sk","tlshash":"10e1aeffa9243523208d1187598e05aae65579e98e55ec0593e60372b42de1ca832b25","first_seen":"2025-03-15T05:55:29.57181Z","last_seen":"2026-06-01T14:39:11.902381Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_doge","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:27.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"42bef929b2dfd127f1529ce6d6ee9a49","sha1":"e58cd1e9a8ce4af86f876faccb8ad6289b8f0a9d","sha256":"4e285805bc7e923b303e7da0b49535613bc5d5bd11bcda0d32299d3b654296df","sha512":"f24331d3171a8b9388c235ef129c59dd3ab0ee3f2afa95358396fe2c7c5231174a24ff60ac4ccb28b0742a06dd1e3a130e105c9658246fda6f952249d4d111dd","ssdeep":"","tlshash":"13d02be03a7840350c62b3e06ce51a1e548ec0a3c04086055afe8e250458a1d7213815","first_seen":"2026-06-01T14:32:52.725591Z","last_seen":"2026-06-01T14:32:52.725591Z","times_seen":1,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/indexP.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/indexP.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 26 Jul 2023 14:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64c12e4a-27244\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":160324,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 990 x 1320, 8-bit/color RGBA, non-interlaced","md5":"69a92f1afe2ba588733b9f91a0870957","sha1":"7f80a5d786fab18fe038f728f822204038f1103e","sha256":"e19e126f75a2c3520bf7633ab9ab5fb49e071f82d83a9465f9da46caa73c51ec","sha512":"b8ff35ef5972d3aa65e6c01fb3910846ac1ab6af43c70c16dcda9cd47cd31f99dadf49b3ace9fa3b6f6e129ad0a9771fcb7d42db3d8d448db9a81ed2ef1a2492","ssdeep":"3072:sHonhhgzVEoTBlYy+0LE8f+bKXrdytx0VWi5I1InamfLIq8UqLTRQLE6auxFvdt:sIwjTBdHAjsZy4VWi57fUkqLNaOuxft","tlshash":"70f312aba4b2f8381da3603195373fcb700b70171ae46aadc554ef9d7d5ae0685cc18e","first_seen":"2025-03-15T05:55:29.569873Z","last_seen":"2026-06-01T14:39:11.925843Z","times_seen":64,"resource_available":false,"data":null}},"time_used":1614,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1614,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/05.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/05.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94ac-1909\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6409,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"e002b0ae266b131f28f491204c9dd839","sha1":"77dae3fb93ddd56d003a0b6d57b4c57dfa6f48fc","sha256":"052368ff965c4c65e69ddc97c452d04b0f220a8309607ea1d7249c89a9d80ffc","sha512":"3670da28afed6d7a8bb27a2beafb51858626e7895ddd87b416dc0b3860cec91fc11bd0f727450f7518056a5d6a90aa51edd62fdb6559cbe1337161483ad17ff4","ssdeep":"96:7eeJGUxxQWBGmerw7+xzUPvZRdwSChV7dCBBrvy89EJlZ0RJAp87ay9:7ZZxtKrC+xz+RKBhHKFvTWJkReC7aG","tlshash":"ddd19dc667ad7a5f5e112a1b6c12da8ac0aff1b1a932843ab43e590bc5a6010e0bd745","first_seen":"2025-03-15T05:55:29.560362Z","last_seen":"2026-06-01T14:39:11.946727Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Nunito:wght@400;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Thu, 07 May 2026 15:53:15 GMT","end":"Thu, 30 Jul 2026 15:53:14 GMT"},"fingerprint":{"sha1":"19:42:B0:56:3A:E4:79:BF:8B:69:E2:50:F4:76:BF:1E:A9:D7:7A:49","sha256":"D7:FF:C1:46:95:F3:5F:08:04:B0:E1:A8:FE:14:FC:60:19:58:D6:C7:D3:6E:82:B3:64:07:E9:E1:CB:9A:27:8C"}}},"request":{"raw":"GET /css2?family=Nunito:wght@400;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 01 Jun 2026 14:32:20 GMT\r\ndate: Mon, 01 Jun 2026 14:32:20 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5463,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"721a040ea564a6f1097d3c9fc78e4478","sha1":"969b3a763c65bbea8dd653387efe6482fd53f614","sha256":"1eab5e802b5f0457aaad88e630b825da8ed3ba340a35a34b5f6901d9d84bdad1","sha512":"44cce6feb92211ced4be081e6a2c9c0c63b0fc22a7243396544d0d88b4736d6e6d62ee3cad5136dda1b21e3f4eac55d6b465a0b28922df3565bc5bef366db625","ssdeep":"96:BOEabTxOEa7FZOOOEaKOEaQJc+uaOEaENqOxMabTxOxMa7FZOOOxMaKOxMaQJc+m:OH+yptkUkH0yXLkeLHbywkkdH","tlshash":"5eb17891045bd400aa432cc667cf7f37ed4e62113464c57aebfd9898ecabd272264b1e","first_seen":"2025-09-17T11:57:27.939025Z","last_seen":"2026-06-08T14:02:30.487484Z","times_seen":1442,"resource_available":false,"data":null}},"time_used":366,"timings":{"blocked":167,"dns":1,"connect":15,"send":0,"wait":32,"receive":0,"ssl":148},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_uma","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_uma HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=uma"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"146773fa225752302c04401282e808b7","sha1":"e6f6c97dce0dd5d2e13cc4062b90fd5753725457","sha256":"a740ce9965cd45075841569f743d31b0b8141d9dc2c0a8e5617f7433910b054c","sha512":"4afac565e76cdcae8e9538ab2446e0a72093773cc3267a8cfc4f346b2d7b140f6d3407b3e3fedfeaf004923f4d2eb5484163e87ca2a0a0f20c78ab9662a068c7","ssdeep":"","tlshash":"4fd0a7fc3f7a040949a2bfc2f8f81bba644cc45881c4664d77ffce302659208711ac12","first_seen":"2026-06-01T14:32:52.733436Z","last_seen":"2026-06-01T14:32:52.733436Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2915,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2915,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/01.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/01.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:29:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94bf-1a42\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6722,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"11d9836d37472e8a23062fb4228d1802","sha1":"9ce4083635466ffc6913a39f28c54d27613be700","sha256":"9d74621b1ec2fdc911ae973cdafb756b385c7cff75f93b568cc3ac6f73e30e63","sha512":"ff94ad35cae4a83a518acf4e97241ccee8e9494801051e7e2d0d814f79dce52c34791bb7044d390b589f8207560b3a972c81397284bb11b09ebe876a761b0733","ssdeep":"192:9YJ+hpu52rEFt1XZ3TIbo78Xwp9mt9bXL:9cYpu52rKhj8Xd","tlshash":"bbd19ef7eb7490f1c58841e96c78b82828cacbaa7d5a80604f385d556c019f2c0af46a","first_seen":"2025-03-15T05:55:29.562133Z","last_seen":"2026-06-01T14:39:11.871397Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1922,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1922,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.556Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.3.0/font/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 14:32:20 GMT\r\ncontent-type: font/woff\r\ncontent-length: 106812\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.0\r\nx-jsd-version-type: version\r\netag: W/\"1a13c-GxDOCA4lYqi36DlQRNPKg9wRKZk\"\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-eddf8230120-FRA, cache-bma-essb1270030-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 4002464\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XPvVImdf6w4bmksphgI6fy3pUfmzhEL%2BHEF4q7K2NYADlKwDszeU03oPfdfmn7DCyhbpoSPmJ3eEQQRsZXXp5eNq8jPG3O2ODMH8vttu9TP6mH6MlNvItuAdcoW9KmKUhco%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a04eed588c7db4ee-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":106812,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 106812, version 1.0","md5":"df7de9fe96a30f78c7f652f5b00ae016","sha1":"1b10ce080e2562a8b7e8395044d3ca83dc112999","sha256":"011ae1fe8e56c310d82ec3795cb8f86b9dea521dd0bc560a0ae0c2e87baedd4b","sha512":"d8cd580ed4119b0d31c9f3b7ea1b2002ccef31ba26cc6791114e5017e9ccffbfbf57b8611aafa52a8b3e76fc8f77b0d51d333dfcd5b293ddde61da3bbbbda47e","ssdeep":"1536:IEGBxy7wyLnYmvpdgacZtaiLBug50yslpdHfaKoGS3MUt7jCP/KgpL+HoEf7HhDt:0zy7pnYm/zcZta+UNoGS3gpL+Zwul","tlshash":"8fa302c0688d7e9ade37df31a226826373d3094a637c2d6f26997852c946e0f7637341","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-06T14:42:22.497672Z","times_seen":10412,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":11,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_ltc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_ltc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=ltc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8a91cdaff336dd96ed9ab3c1fab24df5","sha1":"8493929cea782ae5dc722d85ca6e2eb2b4a970a6","sha256":"4b8c053b8152a04e90c1104f4a30299e64444820953f691dc42fa2e533459887","sha512":"c5a3514b78dc50d7c4ccc874515efabeed6eac8f7f9af8a1ddc65d146fba1eae3460a42583d22dcc431e4f1cdd5082886c4340875deecbcf14d9a0c8aca52da5","ssdeep":"","tlshash":"8ed0a7d07f780a7e1c2197d1d9ea176e5c5d4982c085c2896bff8a7c145920d3522c16","first_seen":"2026-06-01T14:32:52.735825Z","last_seen":"2026-06-01T14:32:52.735825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2931,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2931,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_xmr","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_xmr HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=xmr"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8eb4830f11b9ddef8bfc4d3617e5dd3d","sha1":"7ec7089d4fede5f32559ab8e822951591ce88a4c","sha256":"39ba5375e35d2d2c7f117db48fbcda8a18135a69dc37d2207f57204ad6a4fe74","sha512":"1a70916cdace5b30ffb94ae5c175fc9a3e901a50444ef295aa9588bd85f237f694a8ca424a8738d3778eeaf94ba6a44422029c9278479e610cd104d415357847","ssdeep":"","tlshash":"1fd097e02f3444000a63fbc368f92b6fe44e8088c0d28203aaeedb202d6c10cb103e22","first_seen":"2026-06-01T14:32:52.736732Z","last_seen":"2026-06-01T14:32:52.736732Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2893,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/5.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/5.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42495-15c11\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89105,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"ca97cdbe6830a8b6faa6356525070edd","sha1":"81ef9103cf75b4f521ce353e23fd038e76e1e375","sha256":"0f2c40d8f0961e778fb76d0d573e41e5807bcf525be9a983ab6d27db9df8c33e","sha512":"11c3d7be0df39fa37d722cb9065bcb436d9028aec7d3ec96d01a20111e3dfe15d7641d6d89bd94dd290354867b5765e53b43a04db63be1808ce3ac2dc4c577c0","ssdeep":"1536:WUt9qGQoTeitkXjyxbdKY063z4evhLagpq6+OASj0na47h22Swqb:V9rdtEgxKY0FmhJZ4tQPb","tlshash":"f593010578a0d527da56333e6e1cd1806b80d4e2562fce1d6a3bfbd08ecd1bd5e90687","first_seen":"2025-08-19T12:54:30.895691Z","last_seen":"2026-06-01T14:39:11.894154Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1931,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1931,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_comp","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_comp HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=comp"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"58f8009d4979b6424eb7b9bbe1fc63c2","sha1":"4b3c1e15917ef5c713cf8c3ad0ffc4b7fece6d33","sha256":"2159e1eb334bdd711637e2073c545b7bb8bf117d87f97021d240937f5ef464f2","sha512":"552bf4f62f0e2d1883de4d448a6adfa1c11332c55ef8457a22cc1b4af157846b31f28d6e79dceaa9ece2af10ed95bab4539e1be272006d4745a1bed75c16cc28","ssdeep":"","tlshash":"c8d097d02f38042a0833b7c2a8da2f1d04ce08428246820903feef2904d8b0c3322c27","first_seen":"2026-06-01T14:32:52.738553Z","last_seen":"2026-06-01T14:32:52.738553Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2912,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2912,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/1.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/1.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:33 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42495-2c9e6\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":182758,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"d6edaabf7cc4eaee8b42ffb6096d45e4","sha1":"7c05196cc41fa42552dd635ec828e253742bc4a9","sha256":"d50fa7953c5ad30e42a9e9fd44b9ddf1222ea52646ab6251ea0de841f57c1122","sha512":"4e1f5b9012d8c3d98579158677e054610e3ca1123f7ba937325b85bc7fd03f820cb2f1fb84ab9b4b0ad54a4081bae7a496112efdf15b3bdeb830db421f809d49","ssdeep":"3072:oF608QzKuOSgaNYOlyJCJa+Yf2K3rjRcDiYtldI5tmAEkBUwCxe2i8Zv:o41QeuCROleCJahjutldI5tmwpCxaO","tlshash":"ba042351f5ce24a28642c050cf0979bfb72cbb131fe62618ec4999918bffc5e314ab58","first_seen":"2025-08-19T12:54:30.835112Z","last_seen":"2026-06-01T14:39:11.887677Z","times_seen":7,"resource_available":false,"data":null}},"time_used":1932,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1932,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:28.006Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:28 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/img_map.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/img_map.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 10:31:08 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a4526c-705cf\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":460239,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1400 x 850, 8-bit/color RGBA, non-interlaced","md5":"d97e46e39c059f9906db4d22fa1c1898","sha1":"ec1d29be89cb9920acb1f7f4a9bc3140e57ed272","sha256":"2c0979d901899472ecb03090be9da836ba2a12bab2de7605593341fe26522a54","sha512":"96cec1d32ffed32708b407c7e6424a3aae3f945f9eb660e6559a7c945877167595410c7c76325ee2147ba18b42a3690519f285c52ee8e24c71098dce130659ce","ssdeep":"12288:XvrdZRvGppqzg+4fqHYdcFAlrjbgIR82uKHN2ff:/gpqzT2qHYdcWtbDR82Ltaf","tlshash":"28a423f1b62f84efdcaf7536c321821d92e4dac80a5bcbe57920ce520352a444edb759","first_seen":"2025-08-19T12:54:30.925938Z","last_seen":"2026-06-01T14:39:11.912364Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1146,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/08.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/08.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94af-665\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1637,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 88 x 88, 8-bit/color RGBA, non-interlaced","md5":"ad3e6d20dd722c9eaf3cd4cc0bd3583f","sha1":"6aa85a1de7497e038de7aaec06e60ef2c83a434c","sha256":"cab305eca6f6aa45c6cfd463068ef215fe94fd338f69e8746632d3e61dd47f60","sha512":"f98110aa5e2513cb81f5732fa82b6c3326485ac7d47e3d2f9a38599b92d6733fcf9f42ffbb196115b53df211edd59bc1468d1b29b5ec7fefe6e19e1cb5802dd7","ssdeep":"","tlshash":"e8310a823235e4bdd40e1bb92b0e3270924a5a6c20c7c0fc1b1b2da141a66159869fd1","first_seen":"2025-03-15T05:55:29.519201Z","last_seen":"2026-06-01T14:39:11.917027Z","times_seen":68,"resource_available":false,"data":null}},"time_used":1918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/js/jquery.flexslider.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/js/jquery.flexslider.js HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 27 Apr 2023 15:40:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a9760-e028\"\r\nexpires: Tue, 02 Jun 2026 02:32:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (325)","md5":"242034cacf5d08f9a4f4df40208f830b","sha1":"56cffde8b9ca0b7e3161714b786651ac2b87a953","sha256":"487639627bd943c11e40764b968904c921e505bb73f0ae5d7367c8c8ff84a526","sha512":"fcbb4ccb030b5d9dbd4c96c44de7387ba9dd4963f14034ddb2a0ae77ef10e08167290d56565afceebd03e68a3d40d3bdceea903490e6bd0c509afa9ef034582c","ssdeep":"768:oILMsh61e6anxUS1cdeAzMuwskDkg9iPFi2PU1SFzuLdu:kynN8P1PU1SFzuLdu","tlshash":"3043ff1a61b2166589a372ae2f5fdc14eaf78343901dc969fddd030cdf4442806b6bf9","first_seen":"2023-03-07T17:01:43Z","last_seen":"2026-06-08T01:04:57.184182Z","times_seen":770,"resource_available":true,"data":null}},"time_used":1916,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1916,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_crv","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_crv HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=crv"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b75add9e0285981d90a6a8c2c8639e07","sha1":"4a2b34fc04bafd00ff9d7514f32f70d5ad633eee","sha256":"018a4993d532e36bc1c8d466cb18538b6945f69c01c74b7acda76f67b7c17ebe","sha512":"8626330db2a0e239dc09751619591dc120873375427c4cd00a9930b987126df49f3595c7358dba7fe0820834cd5f525b5e639e9dc7b1b718e5638eb1d5d3f216","ssdeep":"","tlshash":"a7d097d07e3c88291d31b7e16ce613eeac8e0c4a8081420d1bbe4e3512ac10c3622822","first_seen":"2026-06-01T14:32:52.742742Z","last_seen":"2026-06-01T14:32:52.742742Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2906,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2906,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_dash","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_dash HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=dash"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":237,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f21bc0e0b935350b8472d427b34b7de7","sha1":"c3417bbbfa82625bd31cdf99b7b3e84cd0504a08","sha256":"b754337d63586cdb84cc9df5c9c8d046a1bc4924fe5a35786186acd34971b865","sha512":"d7d0554facfe7f8e84114768c779951cf8581aba15cfecefcf5a2456eb6be24dd9229ad7fd1b4589e65ec31ab09fc6f253cb5f69d14a6759930142d01ba6f7fb","ssdeep":"","tlshash":"17d0a7a0bf3c4a260832ebc198dd176d3c4e51868081c34857ff8ea9296ce0db62281b","first_seen":"2026-06-01T14:32:52.744101Z","last_seen":"2026-06-01T14:32:52.744101Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2891,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2891,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:24.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:24 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":943,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":943,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/fonts/flexslider-icon.woff","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:25.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/fonts/flexslider-icon.woff HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/Public/Static/bootstrap5Slide/flexslider.css\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:25 GMT\r\ncontent-type: text/html\r\ncontent-length: 504\r\netag: \"66541f8f-1f8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":504,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b7f6c24fcd751e5a437f9a3700aa7074","sha1":"7462bb1e33a7a761363945ff31ff3e2b3a58c04e","sha256":"d7ee9daf35876b1fd867a1bff334dd0a2bf441f47b2cb3b8c4b7e33723d58678","sha512":"0af608e297389b14ff920bdc9335b777dd8314abe14da03627c62cf672b4218c47f7a91de98bd4e59e0b978c1f9ec1cb6ba2758542e51b0044b7972a486b8cfb","ssdeep":"","tlshash":"54f09e8340e14429111041302e9060054f4b7d8bdb5b4d0138afb1bbefc6a84c5635cc","first_seen":"2024-12-24T17:17:56.68958Z","last_seen":"2026-06-01T14:39:11.88978Z","times_seen":75,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":286,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/ETC.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/ETC.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ab-a5d\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2653,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"15826e5fb164bf4513d121f8c6e7c5e3","sha1":"80f6393cc2db82bbf1b7fd6a941d2e4113815a02","sha256":"f8a590615ba750a27e905a047173734c8b0c58848566adfc54d4b4bfa2d431de","sha512":"7699c10a056fdca26c633f039462370271929b5ed33a414430c93b054935c30d0bef37ee244a445e5f5cccabd4c871f8f33fef2d4e6e0e3561e4a28a06bb419c","ssdeep":"","tlshash":"24514c7ec0d3d8708c54107e5bdd8d8e9128816c339f9d48b1d49b164b0319e687e149","first_seen":"2023-05-31T10:27:17Z","last_seen":"2026-06-01T14:39:11.901818Z","times_seen":489,"resource_available":false,"data":null}},"time_used":1927,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1927,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/laba.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/laba.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 657\r\nlast-modified: Thu, 27 Apr 2023 15:28:59 GMT\r\netag: \"644a94bb-291\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":657,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 41 x 30, 8-bit/color RGBA, non-interlaced","md5":"9922ce5610e60c1b36d997c0a1e19f3d","sha1":"de825176c21b98e6f80ad0821374b33832087686","sha256":"a958b6d624b2d1320fb2a3831b68ed1665208db708aced2868aee7bad5257206","sha512":"7505d8c2edea3e033c0148ae9099333a7f39ce6d77bb7ab2e78e8c9292efed5a563b23e0c34bfa8b3e2d6d3721d9948c5322742dfa99828e33262d24a96a4f33","ssdeep":"","tlshash":"a20128d7417320bd6a8921e34c814447da733fff06555951103cc76650f755e627a642","first_seen":"2025-03-15T05:55:29.555381Z","last_seen":"2026-06-01T14:39:11.928348Z","times_seen":72,"resource_available":false,"data":null}},"time_used":2711,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1932,"receive":779,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/UMA.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/UMA.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ad-64a\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1610,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"86655dc1b940596005b726a83c1a777a","sha1":"8abcf0da5e278a567bc8abf65e34e41df4ec8505","sha256":"0954534406237d03692e20018a64b2e116795e70d2384f0d72d2df6617950768","sha512":"b60de2aa619eefe70375f04ecd2b912fb002118ca17119434e47f1272bd79c005325b17fa53c88b14bf1b28c2bef188620762b9756216ce1d6da66ba931c0caf","ssdeep":"","tlshash":"1931e7c3a908b05f14e24e1016dbd8c7f52be8530b166c60ac07b99f6edfd84a2bcb45","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.89904Z","times_seen":319,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/AAVE.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/AAVE.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:09 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3a9-1d26\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7462,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"1e4fb53364a553f65bd6ec3f3e023efb","sha1":"0b0709507914d48422e154e322ad67ad18bb4b76","sha256":"03579a2133847bd338e3e36c718ade13cb5beff8877c82e9792df2fed29e93a7","sha512":"531c3cb811e370eb0c3ee723087582ab226bfac6228ffbbe80deaa1b59f51579c9c6bb89a7f4c0a5c88034758cf457bc0a4320ba6ab0fdd560a64e21859b0f5a","ssdeep":"192:DJGYhMdsWTVDAtOW7NdIJ5kyKXgLnX/A1biUEEb17RXZsjX:DJGhieAAWZiienX/YbiUEG1xZsjX","tlshash":"ddf18effc1a105a3e60dacb08a74dbd8b6e1a425fa8c6652fdb6d3053d005335c75aa2","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.938891Z","times_seen":327,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_aave","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_aave HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=aave"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":244,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"271f60bb418017aeb305ebe99348777d","sha1":"9d89c536a027e456ec53ef0de86c81c47e7434a0","sha256":"2f6b95b9279aedeb681ff8e6b78103802bcc7acf5055a6a96421de3c6530b1f8","sha512":"70dc6acf497dbb34ad1ba99add905d3f86a2db4c7d1ee64f4d84016f912d4a1ca23f587382dff5bb077b179a615a975e6f569f52ba25f11ad33210682ac97efd","ssdeep":"","tlshash":"49d0a5d47e7d44191c729bd1a4d5177d154e4841d1c5420d17ff8f74349c70d3151c65","first_seen":"2026-06-01T14:32:52.749234Z","last_seen":"2026-06-01T14:32:52.749234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2913,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2913,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/BTC.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/BTC.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-a83\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2691,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"2edf1ef8b333c40979976d1a49bc234c","sha1":"d75ac12795b4a9575c874e1b190712cd62a87afc","sha256":"50a1901684f223bf26594dd3415b1e50f184820a16daa810cc5452911e9117a9","sha512":"f697a1fa0786316fc01003f72621920932e2657e4acf5a471e35d02717c42c9db5a12df311895a776a563dcae9b8fc0b6721833529a054b9dbfff4c52fc564d3","ssdeep":"","tlshash":"2b515ee60252267980d32438616db1e178beabb2c3021ded6c1444954acc4b62555cfa","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-06-08T17:29:55.947136Z","times_seen":21674,"resource_available":false,"data":null}},"time_used":1930,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1930,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.3.0/font/bootstrap-icons.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.3.0/font/bootstrap-icons.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 8018\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.3.0\r\nx-jsd-version-type: version\r\netag: W/\"edbb-Du3MPQ7GnRobCfGvnAP4Uqb5QVI\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220103-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1683763\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nKDUnxGYw8phst2ZBH0EfIEjyRUM%2FHEWxU4DLrIY065QTI5zRcdERV7tA200k2hCcQyQ6Xr6eQCaMyQ%2BW1pbyVNy8qxOsD%2BwFDJQ4rsfAuAdn%2FXb0bEh5nQBfPCWak4HqwM%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a04eed538957dfec-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60859,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"dbf1248779dc682a91ba529b5efe0ffc","sha1":"0eedcc3d0ec69d1a1b09f1af9c03f852a6f94152","sha256":"32cc4a47b370e278072a6440249872e681efa1d992600420c03a9631da885d70","sha512":"2e96320bb785273c91c136a4aba02268e2c9ebcc92998c24160331ec14f0f902132d21f4ac4cb130771dd20758bef407d589b1f8e3175796622edb162a517098","ssdeep":"384:vaqJVm8OAL1M+hQokEYm47U7yH2CYEjOnm4zH7fZ6aXoso1v/:Sqnm8OAL1Mzocm4KyH2CYEjOnm874soh","tlshash":"2c53cebad18f05f59341e4d92743674293a9ba7ce1817c7ad342399ee3c06188ad73ec","first_seen":"2023-04-05T06:29:21Z","last_seen":"2026-06-07T14:20:27.280475Z","times_seen":15008,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":1,"connect":3,"send":0,"wait":6,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/ada.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/ada.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-13dc\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5084,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"3c630d48e25b4f76cb67e3f9b29a1840","sha1":"21ff7adeae4705a1b0ecb571f5fa98b5aa9da916","sha256":"ac43f42d0252a1d32196142ede6fd9a0b18f009f6bebd2255a2e493737d92058","sha512":"d7dd64616a88e4f53e4bea6b6a7e2fbbb3e6d2cc6a8f312244146f72e017c7465e0133c8ef73b14f714237cbb322b50f172d588ed7f617d16a35ab73ead6dcbf","ssdeep":"96:S4dRPCKnXlROlMKTVr34gY1vVutJSXc5he38/lBrc7Wx1U+uBCrba1:xn6aXDOlb2vVums5Ys/LruJCre1","tlshash":"a9a18e826c61b4d9b6428479134df5ac8d92c218ccd046dd7f87cd38ab101e8ca1e9ab","first_seen":"2023-05-27T03:32:48Z","last_seen":"2026-06-01T14:39:11.905241Z","times_seen":278,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/04.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/04.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94aa-1886\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6278,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"129d347ccadd5ba894e065094c2d0d2e","sha1":"66c9c7aa0580f9df7120b4a4c329a51004952a3f","sha256":"f11e4ff7def251986be5a1448f152d66e015e9cfa33badc89e8c1b6b4b8ec7ee","sha512":"6838dd37a3be23682a2d1809f3d9bce9854450048df2dbe4b40f852363932810010c481abe770f1b651cc5c2950f626d8d96e31b3d972ab62dbd8b806d1f0011","ssdeep":"96:uHcuVkytbFJuTLKo5rtW2MnVR/khwCpvBVSPTfHdSvPVjU4zuX1E:uNa4ruXLFsvOXpZVSrfHdkVjrulE","tlshash":"abd1ae14cbc1f99bdbd2152e2abd00190af1429815c27244eab76e5fa8fc4883e0d2dd","first_seen":"2025-03-15T05:55:29.531991Z","last_seen":"2026-06-01T14:39:11.939465Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1920,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1920,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eos","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-01T14:39:11.901324Z","times_seen":318,"resource_available":false,"data":null}},"time_used":2902,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2902,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:36.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:36 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/03.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/03.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94a8-1a9a\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6810,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 166 x 166, 8-bit/color RGBA, non-interlaced","md5":"56cbeed439c47886d857bf2c36468714","sha1":"f1085c8cf5686c184ecfd383788b38aab1428a42","sha256":"9e57dec64abf89817fab6d672b352f9c281a42cc0ebe50810d2e550135eb59b3","sha512":"1080479fd7faad224f868223a8e1d257b95f0cce824ff4c88fd3050f3d6b38a54efc9f5f459dede1ea14cf7c1608bb66f71dbc30fddd9f0b0e7c391100f8ef9c","ssdeep":"192:mN4ScWnJjgwGAdnWrQA11CSTttFqU2fOk0tk:AvlnJkXUnWr/ttMUEO+","tlshash":"6fe19eff5bde6dd54e3a18aa4d6020cbb88e80285b10c90a834e4149d3c3ce08e299d4","first_seen":"2025-03-15T05:55:29.570582Z","last_seen":"2026-06-01T14:39:11.895004Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1920,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1920,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_trx","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_trx HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=trx"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"3e143deb17915c140c23cf5b1475a881","sha1":"c6888a6fd07bac002209d53ff3a46bffee7b3ee1","sha256":"ccc8bf9c3df11a349606c34e5926e2e96a81878f1fb98f3f68bd2a544c3bc7fd","sha512":"8e9c9143527d48cfdb26dba485411d2365192c8b7c507ca5fa7557fd1e9738b6c02a11ee512f8c43b007e9970f6834d102dd1d658ba0c5ec497275c356c3bbed","ssdeep":"","tlshash":"f6d02ba03fbd48210c22f7d168c5065d94cd0041d0405708aafedd781d6920e3511452","first_seen":"2026-06-01T14:32:52.754403Z","last_seen":"2026-06-01T14:32:52.754403Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2901,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2901,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@4.5.0/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.208.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/bootstrap@4.5.0/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 24869\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 4.5.0\r\nx-jsd-version-type: version\r\netag: W/\"27293-TxSgmmBsmaEfj9oVVk72b3BAKCY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220176-FRA, cache-bma-essb1270029-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1220545\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LAS%2F3m8J%2BVZNab0CZYsbJNFP8w4V0TbfCt64WmyrZo1BTDFfod4yEK7suq%2FBqsQz%2FxSLC9fOvjkudaHjCEoMEuOtL6T3HAg6C20UM1AdwiOoijk3mHg%2B%2BOYV2QExDnHfML8%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a04eed538e56b4ee-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":160403,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65324)","md5":"3afe15e976734d9daac26310110c4594","sha1":"4f14a09a606c99a11f8fda15564ef66f70402826","sha256":"680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c","sha512":"aced925c428148809afc07f28442b966a58508ea24d6b7203d87c63aab57df93b28ab68183a5dae0d9c12705e0a484685de5a370099c42788c869db686d0dcea","ssdeep":"1536:2THqIJOT7SyEIA1pDEBi8yNcuSEeA1/uypq3SYiLENM6HN26H:YH9vGGq3SYiLENM6HN26H","tlshash":"03f353a6f5a0312de4a7c61964d0bafd152f8245d7224bfbf8273b6447892c70a73e4c","first_seen":"2023-04-05T04:00:44Z","last_seen":"2026-06-08T17:53:57.253148Z","times_seen":24679,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":9,"receive":2,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/BCH.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/BCH.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:10 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3aa-e86\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3718,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"ceb22af48692db74ae22f6892bd8cc7d","sha1":"a169f22c6828df50428b9c044ccd8f92834c122e","sha256":"1ba1c59bbd92737d720f5d5df59d2674830fe6c09deb757e23540dccecb5310a","sha512":"22d0b05dcb30a9fdd4554da487b9558fe945d89e0c969a932f07fe783e06449cfc5b8e5c15d9839e8ab0a46377b3e55a71263b6afac7a586aeb04f2bbac2c1c6","ssdeep":"","tlshash":"14717ed19717ea53fa27439331241f3759afc6950e902580879292d51215ac711962ac","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.878872Z","times_seen":364,"resource_available":false,"data":null}},"time_used":1930,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1930,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/indexbg.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/indexbg.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 26 Jul 2023 14:31:35 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64c12e47-136a8\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79528,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 3840 x 1200, 8-bit/color RGBA, non-interlaced","md5":"904e6661e9d634a8dfc9912271119428","sha1":"61935df66dfb1bd6dea41ac7e8aec64f28994a17","sha256":"666f335115a73061107ae4ae905e05a80401c6eb453d75bdc1b1adef925c0047","sha512":"cba2515d59a8b2cc91621deea0e1967ddb4b754caee9be1f0f2e9b00e81932a37861208b0d6af168457167993c7583c9aa5b225fa3956caa3548ca66c5a8f5d0","ssdeep":"1536:pkWb2/hO6MJ7TzqrNeDHvs7LW/X05tdmL/ZU/KQ:pko6szqrNeDHvs7LlLH/KQ","tlshash":"1673d0bd9e774ac8f87841be3a3f0f7576240d960840031653bafd71edaade98a424d4","first_seen":"2025-03-15T05:55:29.537323Z","last_seen":"2026-06-01T14:39:11.899674Z","times_seen":72,"resource_available":false,"data":null}},"time_used":1152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eos","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:37.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:37 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-01T14:39:11.901324Z","times_seen":318,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/usdc.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.821Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/usdc.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-8c6\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2246,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"34a0a93a76960505d00647f82a235bbd","sha1":"b8889c12217678bb8de7b60ba732bb00ef7eaf33","sha256":"98c9a5f555cda2c13172162655b6d2f9903fa6ba00a86b694dd628d45c5a5780","sha512":"5187eea1e6a1265fef0d70c4c1f03f63f3adcfcab98640be5d6d94ff9d83856049ecb0426d6c313126d9d9e7c9a35eac8c8f1347412e75d0af896ea6bcbd49a6","ssdeep":"","tlshash":"b5412c03b1f04d9ad29b1f3db919085ff02e09ea1949c87f45e7790ebd6aae1c345711","first_seen":"2024-10-23T13:33:33.452912Z","last_seen":"2026-06-01T14:39:11.888398Z","times_seen":288,"resource_available":false,"data":null}},"time_used":1926,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1926,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/fonts/flexslider-icon.ttf","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:25.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/fonts/flexslider-icon.ttf HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/Public/Static/bootstrap5Slide/flexslider.css\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:25 GMT\r\ncontent-type: text/html\r\ncontent-length: 504\r\netag: \"66541f8f-1f8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":504,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b7f6c24fcd751e5a437f9a3700aa7074","sha1":"7462bb1e33a7a761363945ff31ff3e2b3a58c04e","sha256":"d7ee9daf35876b1fd867a1bff334dd0a2bf441f47b2cb3b8c4b7e33723d58678","sha512":"0af608e297389b14ff920bdc9335b777dd8314abe14da03627c62cf672b4218c47f7a91de98bd4e59e0b978c1f9ec1cb6ba2758542e51b0044b7972a486b8cfb","ssdeep":"","tlshash":"54f09e8340e14429111041302e9060054f4b7d8bdb5b4d0138afb1bbefc6a84c5635cc","first_seen":"2024-12-24T17:17:56.68958Z","last_seen":"2026-06-01T14:39:11.88978Z","times_seen":75,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/jquery-2.0.0.min.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Home/static/js/jquery-2.0.0.min.js HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 06 Nov 2022 06:04:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"63674e81-1493c\"\r\nexpires: Tue, 02 Jun 2026 02:32:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84284,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32061), with CRLF line terminators","md5":"e22f82a5194d1f03ecb712baad2df66c","sha1":"6a9afa00acf537cbdede4aea27f01f8ef6ab165d","sha256":"ac1b82725819fba761d03c03a208214a9157bb026cc5e843d43105970407603a","sha512":"141dcfb31585ad569e19e7769d32a5544219fc1a010611337777f093b1c7143cd8de374b1b50484709a7f42fa472561bbb8976510d06f62f2cf34e3426bde0d7","ssdeep":"1536:DPEkjP+iADIOr/NEe876nmBu3HvF38NdTuJO1z6/A4TqAub0R4ULvguEhjzXpa97:oNM2Jiz6oAFKP5a98Hrq","tlshash":"f583d6d9b2c27062977734b850bf410bb17a98dab80c8c60f0a4d5e47eb4a8d517bf2d","first_seen":"2023-03-07T12:26:50Z","last_seen":"2026-06-07T05:09:58.084292Z","times_seen":830,"resource_available":true,"data":null}},"time_used":1917,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1917,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/kf.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/kf.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 01 Aug 2023 12:36:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64c8fc34-390c\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14604,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced","md5":"17d11eb3ed0a873fb39a2ed6c2d1e8b4","sha1":"01fe18d7706386bd60e4e6355c6e91753761cbc3","sha256":"d925429d915f6ee24fc67c4e8a2b4cfaec127fdd72bacb2b0f06706b3499c9c9","sha512":"3337170a5dbef72a49e8844f73d37bf731672af5315c4241b649ffc8c1568bd2ea9a008317278845b3ae69e9068d61919b2bfc52754969d54ac9e9b6c69171bb","ssdeep":"384:xbhVPI1QVjKBMR8J3JfGEe84XJPGmna4WnN1iae7Zr:1hVPIWBKQ8n+QqEmnkNT0N","tlshash":"3a62e01cab00f62c490058aee1732722de2d1f5d804549a75e2b25f97f3b6be026b3f5","first_seen":"2025-03-05T02:11:03.931384Z","last_seen":"2026-06-01T14:39:11.922625Z","times_seen":368,"resource_available":false,"data":null}},"time_used":1153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_etc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_etc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=etc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"89067a1155a53778bb28e9189691f863","sha1":"5fa6f215764b153313db11004c1b9e2181401c8f","sha256":"8c3ecdb421019401579929841c155df197af7ff90a6263479599760fcf0557ee","sha512":"3b4aa2dbaf64e84ed51688215435b617795e93edb2bd923943b97c2867ccdaafa1960a9c03d9a8e25011754700579634fbb8af0fa0cf5aaf364f35459b274016","ssdeep":"","tlshash":"77d0a7d07a3444750d71a3d5f8db1b3e289f8c86c084c34e16bd8fb8255860d3361826","first_seen":"2026-06-01T14:32:52.726364Z","last_seen":"2026-06-01T14:32:52.726364Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2927,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2927,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_uni","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_uni HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=uni"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":253,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"23f65f29d0f0ae19e32943263da4ae14","sha1":"3adbcbd6b545683b6c3d5c014a1ab0e32efd7d39","sha256":"2999f6ef2966626b6fd11d838f23b48218b2ba31900fd688c8aa64389fc63428","sha512":"9925e14c48b42db38c26f4bdb48459aef2625a2e91a8417c424f986cb6d2c6ad67decae1522592d9371045929e8c7ef597092a8e4de995d16098d161ae6d9678","ssdeep":"","tlshash":"e9d05b903fb545150c639fd2b8ed1719544d80829149428aabbe5e38549875d3522d15","first_seen":"2026-06-01T14:32:52.782542Z","last_seen":"2026-06-01T14:32:52.782542Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2920,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2920,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:30.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:30 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-01T14:32:17.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/html; charset=utf8mb4\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: private\r\nx-powered-by: ThinkPHP\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:2.0.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"FlexSlider","description":"FlexSlider is a free jQuery slider plugin.","website":"https://woocommerce.com/flexslider/","common_platform_enumeration":"","icon":"FlexSlider.png","categories":["Widgets"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Bootstrap:4.5.0","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"ThinkPHP","description":"ThinkPHP is an open-source PHP framework with MVC structure developed and maintained by Shanghai Topthink Company.","website":"https://www.thinkphp.cn","common_platform_enumeration":"cpe:2.3:a:thinkphp:thinkphp:*:*:*:*:*:*:*:*","icon":"ThinkPHP.png","categories":["Web frameworks"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":98142,"size_decoded":0,"mime_type":"text/html; charset=utf8mb4","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1018), with LF, NEL line terminators","md5":"49247c607df722d5630e95ce01094919","sha1":"45cc25e45234a723d3f8ca56b313e06eb89aec4a","sha256":"1cc1a6c4b9a6d7e501678cfcac31fae8d8176e44869619104ec4f41d981b00c9","sha512":"e519eb600dd60813c30e7f59e0cc4ae1629cb0a8ba7bb475c10a326bc6eb874548a09b75cd1f2356856a55bcc5dfde5473c810ab22fd8c8b591be6c57d26ded3","ssdeep":"768:NzXSBFbbFGFAtlr8We5sAdqBkiwESRqDlZA/zO/jRAalv/dBYHAY5KYgrY6d5JUn:dKdbM8wwFLpn8+jg4hD+zbd4a","tlshash":"92a39624b7ef0029345360409f75265630faa633ca0ac425bbbc2d917fcd94d6977aee","first_seen":"2026-04-22T18:26:39.778956Z","last_seen":"2026-06-01T14:39:11.937186Z","times_seen":4,"resource_available":true,"data":null}},"time_used":2727,"timings":{"blocked":922,"dns":376,"connect":268,"send":0,"wait":883,"receive":0,"ssl":275},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/2.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/2.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 07:15:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a42496-202c2\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":131778,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 856 x 400, 8-bit/color RGBA, non-interlaced","md5":"49a5713fd8d293a6e3bbdceb47761e45","sha1":"635358162098d8aac73ed39d3e84535874adcf45","sha256":"01c75289d4901e1e8a4b50fe4d0e4ac10de1c14633782bf639fd4bee6902c575","sha512":"0a9552dfbd749ad24334b2342d23e7c06a892aa60c721574786610e9e4c92ff50d267019d5b549a616c9e631d4a2f3fdcce744657dda3d309b208529960a014c","ssdeep":"3072:+jyIJRJiTfUg/DHyywuYHowX3ax19U0GlzZXW+lD9:+j9RJsUg/LfQTH+jLGlzZm+z","tlshash":"33d312d2c2f3b46a291d29627cedcf6dd2a1e50976bf0198c05097ce5a328da5df0b4c","first_seen":"2025-08-19T12:54:30.91726Z","last_seen":"2026-06-01T14:39:11.921586Z","times_seen":8,"resource_available":false,"data":null}},"time_used":1932,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1932,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/09.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/09.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:48 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94b0-60a\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1546,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 89, 8-bit/color RGBA, non-interlaced","md5":"2361bcc4e0bd2c84f9aff90f02fe2ecb","sha1":"cf3f148d3573a8dc67153b9c927c20e384cb1d51","sha256":"229ea4eca7c7bacd3eeb632e310109aeadfe7f6fff1bd0359b7b134a0b68ba12","sha512":"b058d493f924c3a255a25ad629695f913699ddea5da8a4b8c848145db7c81be975c687f59c9420bd035c43857aa75ad9cf012e8d644b350dbe35c6d5852a6e91","ssdeep":"","tlshash":"9d31da9eeb68f93c4f870217d14efa455b7b0cf97a02523958991a8d2ad94404cdc369","first_seen":"2025-03-15T05:55:29.543505Z","last_seen":"2026-06-01T14:39:11.940957Z","times_seen":68,"resource_available":false,"data":null}},"time_used":1918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/coinimgs/.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/coinimgs/.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: text/html\r\ncontent-length: 504\r\netag: \"66541f8f-1f8\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":504,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"b7f6c24fcd751e5a437f9a3700aa7074","sha1":"7462bb1e33a7a761363945ff31ff3e2b3a58c04e","sha256":"d7ee9daf35876b1fd867a1bff334dd0a2bf441f47b2cb3b8c4b7e33723d58678","sha512":"0af608e297389b14ff920bdc9335b777dd8314abe14da03627c62cf672b4218c47f7a91de98bd4e59e0b978c1f9ec1cb6ba2758542e51b0044b7972a486b8cfb","ssdeep":"","tlshash":"54f09e8340e14429111041302e9060054f4b7d8bdb5b4d0138afb1bbefc6a84c5635cc","first_seen":"2024-12-24T17:17:56.68958Z","last_seen":"2026-06-01T14:39:11.88978Z","times_seen":75,"resource_available":false,"data":null}},"time_used":5154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":3236,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eth","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:28.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:28 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d706411374fb5d09384f1c2bbedb95a8","sha1":"01de7247abc16d750841a287326c8198de12a515","sha256":"6b2f91f9a0c272794d081e96e2975bea259991a82514b8a47321f7b7caa1f765","sha512":"d195ac86172033a66faf3241831e368e7b0dfadc9b0cff0db92192cd2a398b93ec10a08bf56ae0b8a302a7f9b155fbb6ffc53703f703af52693a9d8e0453b3f6","ssdeep":"","tlshash":"bbd0a7a87e3e182d5e72f7d2b4e5277e184e088ad041430a66ff4d7c35a920d7326833","first_seen":"2026-06-01T14:32:52.690276Z","last_seen":"2026-06-01T14:32:52.690276Z","times_seen":1,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_bch","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:29.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bch HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:29 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e94cd2976e9e79615a5244cbd41fcd68","sha1":"7f017b83ac37795721df340b2745a2cdafcd7734","sha256":"db0bf91bd8094417412df15e96fa2715110b7da34ef5c20366db1fcf8f2364a9","sha512":"93e4292da1b98f8ee902df81709a15205c15d63a67e32a9b97563a368d08f01673b77c0b01c48a999db8c4ad5389526603b2ec8ffb4b3b40fdd8b981c99bc0df","ssdeep":"","tlshash":"25d0a7a0bf3548160c6293d1f4d62fbe24de4157d095410d17bd8d65147c21c3517d21","first_seen":"2026-06-01T14:32:52.698729Z","last_seen":"2026-06-01T14:32:52.698729Z","times_seen":1,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":306,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_xrp","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:33.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_xrp HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=xrp"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:33 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":247,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d8a831e7105c23704f75e235a79950d1","sha1":"967f9e4daa7ea2eb1c1e6f7fa4587f424b3ccb33","sha256":"76791d1672cbf3625557af3a0335aa47208b198c93be7b291bd77cbd2b70ddea","sha512":"8d0ce32a8d793156815e5109c7b132d256c39b93c131efbc5b42e3b195291c1798e17a08cc2298dbde9d53ca656adee556e5ebd464734bf4f9d81d754432baea","ssdeep":"","tlshash":"e4d0a5b03f7d88151c32e7d15cd5175f6c4d48c39050d2055efe4d7a64a890c3315c31","first_seen":"2026-06-01T14:32:52.714354Z","last_seen":"2026-06-01T14:32:52.714354Z","times_seen":1,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/10.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/10.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94b2-7cc\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1996,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 89 x 88, 8-bit/color RGBA, non-interlaced","md5":"cbeec0f8f7153d9ada12286cd320f9ff","sha1":"2f47344e6cd3507eb1910a92b9e6b79e0cf9c38b","sha256":"23bbb31ebd8c5d2dfc6d54e09e8b1ce67e08a632cc7fce4fd19d04721bc3da6a","sha512":"4aba7ea861f215d84de679e7898e93689a57a3a9919f15b73d2ffcf8414f7639a4d852cca74065964f59e88b4804033f8c98ab87cdc3fa5b4a7671430f481605","ssdeep":"","tlshash":"1c410a492b96646aa9a1425c42c15bf5fa3e34adacd87e80edd08658f08eb2805b8658","first_seen":"2025-03-15T05:55:29.544213Z","last_seen":"2026-06-01T14:39:11.922149Z","times_seen":68,"resource_available":false,"data":null}},"time_used":1918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/DOGE.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/DOGE.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ab-838\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2104,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 61 x 60, 8-bit/color RGBA, non-interlaced","md5":"ff0c62c872d877837881793431cf064c","sha1":"8ee9cdfe43cfba24078529fa23984ab9e9d99a76","sha256":"c146f8822178b5581dd5eb80071e9824e1634252a4cd0d25b9675b0cb3da570e","sha512":"2416ae2389993012befe574c4ee91c47b6101f3e89b7582d25ce214e248e5305f327183c2a7222259b9aeae09ff7315edeae1ff11c8be3304ca11d5cefeb09ff","ssdeep":"","tlshash":"b0416e07f3ddbe79ccd66bb71348e024d01ff7e1b8010b98a42a4c565258c6f215c44b","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-04T15:27:14.911715Z","times_seen":5359,"resource_available":false,"data":null}},"time_used":1927,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1927,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/footer_bg.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:20.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/footer_bg.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94b7-119d3\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72147,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1920 x 557, 4-bit colormap, non-interlaced","md5":"562cc9b1820c0ccdf37b791052e55f53","sha1":"4be74f05976a4a9c7799afed24ce8bb23d5d7242","sha256":"130e1e871953055ac817d46049a5c056e37947749334d77bb1f4f775463d8759","sha512":"8f082c1a4aba14f2c86c1f9e670500075e9404443136b3a305a321e7a169b7fe71aa12306458e95efbb14f2cfc9916e845f086d6983e7996c3bea7e4b6784766","ssdeep":"1536:Zoy+yCtXmthvjqKfolFq/KBszk15nMrbrEdXA5aKSlAg952ucBXDvKqQ1:ZoyFEQh7sO/K5CEdXA8K4Ag952uIzyqY","tlshash":"2b63021728ae31e007319a3a52ed4a93e85e4fecf749ec161df1704fa294aca5c2617d","first_seen":"2024-10-23T13:33:33.49242Z","last_seen":"2026-06-01T14:39:11.923247Z","times_seen":408,"resource_available":false,"data":null}},"time_used":1144,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_doge","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_doge HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 9\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":9,"data":"coin=doge"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"42bef929b2dfd127f1529ce6d6ee9a49","sha1":"e58cd1e9a8ce4af86f876faccb8ad6289b8f0a9d","sha256":"4e285805bc7e923b303e7da0b49535613bc5d5bd11bcda0d32299d3b654296df","sha512":"f24331d3171a8b9388c235ef129c59dd3ab0ee3f2afa95358396fe2c7c5231174a24ff60ac4ccb28b0742a06dd1e3a130e105c9658246fda6f952249d4d111dd","ssdeep":"","tlshash":"13d02be03a7840350c62b3e06ce51a1e548ec0a3c04086055afe8e250458a1d7213815","first_seen":"2026-06-01T14:32:52.725591Z","last_seen":"2026-06-01T14:32:52.725591Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2930,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2930,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_1inch","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_1inch HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 10\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":10,"data":"coin=1inch"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":258,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"91ffde129583bef7f40f472935017c0e","sha1":"58801fdad0c1f68046b9a35304552fb42505d9ec","sha256":"89b9f7ed81a56815c4f1185375655bf63812626dd441c4c0dac1f2899232b421","sha512":"a7ce4fc6e1bf2545a3bd6e5b1b19fdfcf075d28477f0eca389ecd3e61145866fa7cfe721b5ff7eb8ec23d06b2c26445dfa10a4e09a110d3a432700f6436f3645","ssdeep":"","tlshash":"0bd05ea03e394a761c61b7c2acea572e748d48428185a6095bff4d6a84a861d3332826","first_seen":"2026-06-01T14:32:52.788485Z","last_seen":"2026-06-01T14:32:52.788485Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2917,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2917,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/07.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/07.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 27 Apr 2023 15:28:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"644a94ae-746\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1862,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 88 x 88, 8-bit/color RGBA, non-interlaced","md5":"68d2998f48a4c12d128c3d1ad70b9a90","sha1":"381d95fe09181d30538ff1c9c5c0e7afd8a095bd","sha256":"ff62b0065cd9d07202222399a26977e59452771a0ec9e6abc21f2abb7ee558ba","sha512":"1533ed2c1f21ce53861cf40afdb54bfed134eeca2bd32262ed99194418898c797827425ba8563c4e81b36d1a242357788e2afd1cc2f6531c77945ee53a017054","ssdeep":"","tlshash":"b331f9c27bc09faeccd18707d9f8c95d5e3269ba884627405d73b106de0d4560fb8a51","first_seen":"2025-03-15T05:55:29.536588Z","last_seen":"2026-06-01T14:39:11.906621Z","times_seen":68,"resource_available":false,"data":null}},"time_used":1918,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1918,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Home/static/js/jquery.SuperSlide.2.1.1.js","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Home/static/js/jquery.SuperSlide.2.1.1.js HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"62c3214c-2c9e\"\r\nexpires: Tue, 02 Jun 2026 02:32:21 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11422,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10855), with CRLF line terminators","md5":"0b9bc63ab05e21e3830da5bbb4ccee67","sha1":"d162156bdaf14217d76d920e0e57b86d8feb1d97","sha256":"349e46b2c65028736d0bbff7b829c7fc6fbdebc1fb1e8b12365a0ca2e6e9e848","sha512":"bdfa220da1f08e29f05a9984c4999d7e742bea10ad86b7e497a0d112c7992cc52b7f1e9f5430b4286f14bb2336110f85cbdc3164a92121caaf5c91961f7e69c9","ssdeep":"192:j+K3bxH+nqfhD9VUVjIItpfg5uXG3+1tSCl+7flvSXwaHxImISLTNSfYXH7Le2HE:jNcnqflKFgEWulE8REcS3j/CkR1Xh3","tlshash":"9532c65fb66635ca4597b3f1107f940d222b5965fc8a8ca0b17082c0adb9a1c243bfed","first_seen":"2023-04-05T11:06:31Z","last_seen":"2026-06-08T16:12:48.656099Z","times_seen":13821,"resource_available":true,"data":null}},"time_used":1916,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1916,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/bootstrap5Slide/style.css","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/bootstrap5Slide/style.css HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: text/css\r\ncontent-length: 589\r\nlast-modified: Mon, 04 Jul 2022 17:20:12 GMT\r\netag: \"62c3214c-24d\"\r\nexpires: Tue, 02 Jun 2026 02:32:19 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":589,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (589), with no line terminators","md5":"df62cb99d119a66bcd5f06547d96ecb7","sha1":"a6d0e097db0919f47977c33510359bc08ec88a9c","sha256":"afca52e1c0203f27bf8165e8fcf92b2674f084f6372f12cc1e7bb3edaee35f03","sha512":"59d599c3a25a64cfae94e1b2f1328abffb199a503c0e8904a3e4a574c101cb6b72d09e94a7b2afaa3f8cbd1a55b92cb2b2bdc33b528ee6c953d30fa3b622cf0f","ssdeep":"","tlshash":"a2f07f42b71a596e5d872300a9d213abf10c7f319709097992f3211d8f29a85237df4e","first_seen":"2023-04-25T18:57:28Z","last_seen":"2026-06-04T15:30:27.621863Z","times_seen":6117,"resource_available":false,"data":null}},"time_used":534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/new/banner4-1.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/new/banner4-1.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\ncontent-length: 173\r\nlast-modified: Mon, 08 May 2023 15:51:41 GMT\r\netag: \"64591a8d-ad\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":173,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 6 x 33, 8-bit/color RGBA, non-interlaced","md5":"2653e42945c988adf2aab6f7e3289324","sha1":"39608eaf1689a30b10b9a9001ed5c70e88c8c39a","sha256":"7335286ca733e4efee02592ac0c458e4adfd116cfe1002147872a3086bcda75c","sha512":"00ee308a13377e81e585563f05301176385199aedcccca22906e5a3453dcb7cc531512a608e2d0cbb0e838a1515257c1275c184279d4335d659df50834486138","ssdeep":"","tlshash":"a2c0c0c941f0647fe04c002b260202c45cb70b6c0412080c04962420e1039c06489087","first_seen":"2025-03-15T05:55:29.528948Z","last_seen":"2026-06-01T14:39:11.891382Z","times_seen":74,"resource_available":false,"data":null}},"time_used":1604,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1604,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/ETH.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/ETH.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:11 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ab-adc\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2780,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"856bfdb63dc0d6fad6b92fc6a29719e1","sha1":"2fed2e3409ce1bbbfb37f6da4abeecc30cefc021","sha256":"eebe29898b8b7de5c9e47daab474152be8095e3ab42d768b84b085c5a12b95c6","sha512":"a61c0a108d63c89ae62a2b03108480b5c08bda0e80049089a2a84cd7973bd9e94dcd2902e166b92e1d7ad5b7356357c9b181cb1b6051dd25913e82d2420154f0","ssdeep":"","tlshash":"51518cc7a707f33a9c866161bed44509f244d80a8160b31c0f33a7572c8a83ea4f324f","first_seen":"2023-05-01T18:49:36Z","last_seen":"2026-06-08T17:29:55.966425Z","times_seen":21391,"resource_available":false,"data":null}},"time_used":1930,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1930,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/dot.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/dot.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:07 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536463-11a0\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4512,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3","md5":"9b80e332192b4501a7b2ea68cf81877d","sha1":"bd8c43b0e1efb07078383c223e36b044a84b9d68","sha256":"94c64a23926f16b8764163bb4bf4298ba5c81adbce05805874771b4935d7dda0","sha512":"618fd24497594ef2e20d482f9db8611bf4b5b7d79f48d9a4ac234a9f6b74a93bc284f45a4461fd6b403317d04f04361b6a3dcbc9cb729f5f0003d08f433eb9bc","ssdeep":"96:jeqJYPZyhFnZLOSpJ1ccOm358VK3Fs8SMBKWTvI+FYHEuRB:jUsZlpJ2lA5HBlvI+CLB","tlshash":"69915c2fa5084527feabcf354e30b1086710ac52d9446e1db93aea7fb05e46b2cd3004","first_seen":"2024-10-23T13:33:33.425393Z","last_seen":"2026-06-01T14:39:11.873165Z","times_seen":250,"resource_available":false,"data":null}},"time_used":1925,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1925,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_bal","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_bal HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=bal"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":226,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1bbf74a98f326f27f5c0470bdb738d25","sha1":"8d8db72e70459dba1c229c036582fc9db716f02e","sha256":"36e55be70abb36260df28a90df86430ab6e297800b9e733b5e95f56fbf0f6c26","sha512":"e218c0ab459aea92499309e6fe245526a63ea64f0c0699dc6af001898f0a3c624a625a10e9b1b3dd924a309999f334db294272fb6621102182d2d1210f255b5b","ssdeep":"","tlshash":"81d05ee02b3444111d6363c968e616fa984d8440a0e1560956adca6515a811d7305c12","first_seen":"2026-06-01T14:32:52.793922Z","last_seen":"2026-06-01T14:39:11.889088Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2910,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2910,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/bsv.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/bsv.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 07:53:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"64536462-ed9\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3801,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"bc6293370eceaba626a50801c27fc3ba","sha1":"671be576385defa1b197fcdb40059172894a2f11","sha256":"b5681eb2f2e568333b59fce2ea981991cef95d07fc1efe6f3f51c883456f9139","sha512":"e9e824c8682cf5dec4dc4a60f7781ae67c382dfbdccc5fe684ad26f6dad123141b59f4d97becfc9f904dd0d3ec03113cc4b469246c26b59b63fd4eef3a7c44c9","ssdeep":"","tlshash":"e5716d3fa38192166b9cc8985f2ff9da5cc39289f384592a6e93114a1221255141ff9d","first_seen":"2024-10-23T13:33:33.473747Z","last_seen":"2026-06-01T14:39:11.875277Z","times_seen":262,"resource_available":false,"data":null}},"time_used":1923,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1923,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/favicon.ico","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:25.360Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:25 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 16958\r\nlast-modified: Tue, 19 Aug 2025 07:16:29 GMT\r\netag: \"68a424cd-423e\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16958,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 64x64, 32 bits/pixel","md5":"89d8e39eda078521f04fdde4aaf1aaac","sha1":"1bce02b1a72840af48c42971bc67a61c8a88ce32","sha256":"74fca3da26e603855649dad4214c8f51da250e0f295194348ddfadae54f918b0","sha512":"40aa29c8a2e2325a8d5f553ad9df1d073dc8fd6376ebe9cd1c71244bfaa79a943b4a79281043deaf27b74201ad53ea6d868d7e2009f32f71119b26ed07a72b5c","ssdeep":"48:Gs5LJ6BrdfQw6YdqkIc70Y1SAVdn2LXwJqEPa2kdts:GsBJ6BFQwvse51iLXwJqEPa2kdts","tlshash":"eb7268c3bac070bbc72d0735e1d2df369e2d0ea86d5c866200c79d57bc46c9d5c59405","first_seen":"2025-08-19T12:54:30.927312Z","last_seen":"2026-06-01T14:39:11.914148Z","times_seen":12,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":279,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Public/Static/img/light.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /Public/Static/img/light.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:19 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 19 Aug 2025 06:29:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a419da-2936\"\r\nexpires: Wed, 01 Jul 2026 14:32:19 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10550,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 640 x 160, 8-bit/color RGBA, non-interlaced","md5":"93c7d8d11904f47c8478c2b7aff26267","sha1":"35af911036ef86b98d2d8933e2a0da8e806ce3da","sha256":"164be01dc3565dd768189c09d39867b3959cdf82c1701dd20dfbb64184f6e123","sha512":"23f202f8225d4e808ae2e4eac1a2c97aa786dfb6c3e8019b3c4b65256d8003cf291abbc234b178f38f482b1d18c3987a73b63e948b94ccc2fb245f406bfb7d99","ssdeep":"192:27ya7vsjNA9tp7Eg4A9uKieQ2Uch2i+l5U3Z8dzpsSgFlgmLFuR8o38ACS4BvG8R:tavJ9BiGeTbdzplgFl/FYMi4BvhR","tlshash":"e422b0d10571f910af9beaf3fa849f473c23c692f2e840f8e401ceac515ae09057652a","first_seen":"2025-08-19T12:54:30.851325Z","last_seen":"2026-06-01T14:39:11.884845Z","times_seen":13,"resource_available":false,"data":null}},"time_used":540,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":540,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_dot","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:22.059Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_dot HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=dot"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:22 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":243,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9dd5693a0249a4bf71f770873c40f3fe","sha1":"682173715abf23d839185853610a53351fae578c","sha256":"de97b9e0d50a370dc585c8a75e3d8dddb69951ccd93c4cdc1af9e040f4b5a0d2","sha512":"a205d6dd5d740ee848b42f34e95df082eb99926e484fb0489fbbcc37d23e3a53b41b25ff2c7296f2dce1c9b1e394c6f8d436626676b2d7a8c3fe604cf012d575","ssdeep":"","tlshash":"73d05e903b3a081618729bd6a8e61a9d684994a6c080830996ae9e78549a648ba17922","first_seen":"2026-06-01T14:32:52.7974Z","last_seen":"2026-06-01T14:32:52.7974Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2893,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2893,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eos","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:27.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eos HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eos"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:27 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":25,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"68ac40a84898f40747d958e0c0941c75","sha1":"a033ad6d2dddc4dcbabdf38740c1a8cd192dcf0d","sha256":"232ef71afd2e2d3a4a886bd164ac9ae400955e7f71505d3570e31635b2ecc00e","sha512":"0707d815ab13b1d6804fdee766d93c98b78e2ceddafbecda34f34372d1d689ada7e8777adf7264eb03a393dafa59e80ce9810cb74592580f0be1ac8ef4f453c2","ssdeep":"","tlshash":"ec70000002afa8a3028200288c0f000000ac28882ca080008c2822288a200028a00020","first_seen":"2023-05-02T21:54:45Z","last_seen":"2026-06-01T14:39:11.901324Z","times_seen":318,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_ltc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:31.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_ltc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=ltc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:31 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":236,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8a91cdaff336dd96ed9ab3c1fab24df5","sha1":"8493929cea782ae5dc722d85ca6e2eb2b4a970a6","sha256":"4b8c053b8152a04e90c1104f4a30299e64444820953f691dc42fa2e533459887","sha512":"c5a3514b78dc50d7c4ccc874515efabeed6eac8f7f9af8a1ddc65d146fba1eae3460a42583d22dcc431e4f1cdd5082886c4340875deecbcf14d9a0c8aca52da5","ssdeep":"","tlshash":"8ed0a7d07f780a7e1c2197d1d9ea176e5c5d4982c085c2896bff8a7c145920d3522c16","first_seen":"2026-06-01T14:32:52.735825Z","last_seen":"2026-06-01T14:32:52.735825Z","times_seen":1,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_eth","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:31.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_eth HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=eth"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:31 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"d706411374fb5d09384f1c2bbedb95a8","sha1":"01de7247abc16d750841a287326c8198de12a515","sha256":"6b2f91f9a0c272794d081e96e2975bea259991a82514b8a47321f7b7caa1f765","sha512":"d195ac86172033a66faf3241831e368e7b0dfadc9b0cff0db92192cd2a398b93ec10a08bf56ae0b8a302a7f9b155fbb6ffc53703f703af52693a9d8e0453b3f6","ssdeep":"","tlshash":"bbd0a7a87e3e182d5e72f7d2b4e5277e184e088ad041430a66ff4d7c35a920d7326833","first_seen":"2026-06-01T14:32:52.690276Z","last_seen":"2026-06-01T14:32:52.690276Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/UNI.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/UNI.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 03 Nov 2022 15:52:13 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6363e3ad-d98\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3480,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"05022933cd2233fd9dff586e2ff3c836","sha1":"492755f70f4072ea7e31ee85d8a72ce31b3c0334","sha256":"39d66dcc92b0d7921d64b7ad8786a5633e9d590969fa36ec338b6cc2e42ff3d6","sha512":"f7ecf237309e5dea124de18e1178066226a3d768425e3cb425dde756c7d0899e42f4453c47a0652fad10e527867e035bec8c8abc3d4c700dfb1d8f5488fb3807","ssdeep":"","tlshash":"2c716af6a80330f2eee62923c0089102800fb59269c308604f04fe6bd41adebe7d5ac2","first_seen":"2023-06-03T12:58:34Z","last_seen":"2026-06-01T14:39:11.946138Z","times_seen":336,"resource_available":false,"data":null}},"time_used":1929,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1929,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:32.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:32 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/Ajaxtradenew/obtain_btc","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:34.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"POST /Ajaxtradenew/obtain_btc HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://gcxchoog.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"coin=btc"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:34 GMT\r\ncontent-type: application/json; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":240,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"aaf16c6892dcc5b1acac12e4415364e4","sha1":"df373a8881f67618a7d6f3f4dce93158994cd2ef","sha256":"4951a5f3c5c152cecc828ef21d19cb91ba517ab6eb7607cf4694876cfe887eb0","sha512":"a1c7edf90dd2536b3ec545845aca172a532860528800376ccee71481128b9050934d8ad65703e6da5217fc771a3a4817355c8b08454988229a799db7cc5b3f07","ssdeep":"","tlshash":"a9d0a7f03f7945250d71b7e1a6d51b7e684e4491c084961daafe8e68547c31c3223f23","first_seen":"2026-06-01T14:32:52.691346Z","last_seen":"2026-06-01T14:32:52.691346Z","times_seen":1,"resource_available":false,"data":null}},"time_used":298,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":298,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"gcxchoog.com/xm/XRP.png","fqdn":"gcxchoog.com","domain":"gcxchoog.com","tld":"com"},"ip":{"addr":"112.213.108.93","port":443,"asn":152194,"as":"CTG Server Limited","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://gcxchoog.com/","date":"2026-06-01T14:32:19.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gcexx.com","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 May 2026 16:01:36 GMT","end":"Sat, 29 Aug 2026 16:01:35 GMT"},"fingerprint":{"sha1":"E8:A1:4B:2C:38:E3:BF:9D:67:5F:53:61:9D:9A:01:2B:64:EC:6E:A6","sha256":"DE:FA:6C:AD:A8:60:A7:E4:75:CD:57:2D:4E:3B:13:E6:7C:8C:63:92:64:9F:64:D9:DF:44:D4:6E:01:A2:1A:5D"}}},"request":{"raw":"GET /xm/XRP.png HTTP/1.1\r\nHost: gcxchoog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://gcxchoog.com/\r\nCookie: PHPSESSID=t8kd0k5p9h7dvgs5jrdhlua152\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 01 Jun 2026 14:32:21 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 04 May 2023 13:56:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6453b971-f61\"\r\nexpires: Wed, 01 Jul 2026 14:32:21 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3937,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit colormap, non-interlaced","md5":"7f4feb23b128c1683aa4bc450a625aa4","sha1":"4c022a2d5fd79660e39f614b0df8ce8bce9bcd90","sha256":"9b749ac3ebc1d5d7efb452e30695a43e340bafe8864abc48af63a548f607fddc","sha512":"e456437862ad7a67dbb471d853f738191e3f0fa372c87ac14e0e362270b8dce3b574b9302b9c33e4584eca98a8525490ef16b9442bf7cbff467fd361a9a345ae","ssdeep":"","tlshash":"7b813d97ef90cf2c66e7b7758baf5c45f4613820e0d7d1cc441a19a4618a693c9f2378","first_seen":"2023-09-30T09:31:08Z","last_seen":"2026-06-01T14:39:11.938327Z","times_seen":268,"resource_available":false,"data":null}},"time_used":1928,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1928,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-01","alert":"Sinkholed","trigger":"gcxchoog.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}