{"report_id":"13099c9b-83e2-4450-b5a2-4bad6b70fb38","version":0,"status":"done","tags":["paypal","phishing","financial"],"date":"2026-06-11T00:35:08Z","url":{"schema":"http","addr":"aicopmtrade.click","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"172.67.196.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"aicopmtrade.click/","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"title":"Log in to your PayPal account","dom":{"size":37237,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (813)","md5":"46e6fdd5f32588895e2ac10c7749d605","sha1":"06e8dbc5d8893bba2a07e88dc79936057e3d62a9","sha256":"81480c46b369270e8d968898ca75cfcf6bfc1d9ef2f9a148db5efbae5522bd61","sha512":"12a0ce5b241ebfed22c69937e9d2a0a8318b831c3658d769fbe2bb0a497895018c34517c2ac531c5df11ea3d2088c3564add389010e60a1c99c89cb212d8a0b9","ssdeep":"384:DXO5AcEFoQHGpjbe37QfHg13Y+DNlDHmkd05l8YwWaOXPJXui4:cAcHQHSP923DBcTqp8M","tlshash":"24f2625060f809334293d2da7ea5af067e95d607da0969093afc87dd0fe3d83dd071aa","dom_hash":"domhash06980e821e76e39f38dc632cec76dddc","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"aicopmtrade.click","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"172.67.196.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-16T00:35:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]},"summary":[{"fqdn":"aicopmtrade.click","ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":49,"request_count":7,"received_data":272692,"sent_data":3800,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"www.paypalobjects.com","ip":{"addr":"151.101.195.1","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-05-12","domain_rank":19317,"first_seen":"2012-05-30T06:40:21Z","last_seen":"2026-06-04T15:26:46.649166Z","alert_count":0,"request_count":4,"received_data":62487,"sent_data":2243,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"aicopmtrade.click/","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d30d18d254b805efb9b2f4862ccccdc3","sha1":"f3962c6d2a81a22f22294f83c8c8c00a1a3fbce7","sha256":"43cd9f061005bdba9e106b401217c7d5384e0338ce70460552cee1644c4ad40b","sha512":"a0f17c4f40f7299a728791f192300f288da6ba2f351c01ea7ebc6939bc91f66b4d84f6fa33cdb20829bb1324376cdf7890726ad0e2d5305ccb218bb0aafd6bc0","ssdeep":"","tlshash":"9081ce2812f04974077bd2eb76ea87c52431409ffc56641b3ebc8a0c1f92eb697a16d7","size":3985,"data":"","first_seen":"2026-06-09T12:32:49.211507Z","last_seen":"2026-06-11T00:50:39.926828Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"aicopmtrade.click/images/shared/icon-PN-check.png","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:45.468Z","timestamp":1781138085468,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET /images/shared/icon-PN-check.png HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:45 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 14 May 2026 04:36:32 GMT\r\netag: W/\"417-19e24c5a080\"\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZZt5vCdFHioZiwIYtJ7yauNcWOBdBnYIKAE2gt0s3VFrqVNrYepjCY6i7ZEBXpYMfpT3%2FWkKaue6IN886DowGTRgE83qIpCXZl1bLrhSe7q8TVOnR%2BC1rK3VP8iryKJ5yR1Eig%3D%3D\"}]}\r\ncontent-length: 1047\r\ncf-ray: a09c882a3d0e56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1047,"size_decoded":1806,"mime_type":"image/png","magic":"PNG image data, 121 x 133, 8-bit colormap, non-interlaced","md5":"45926ac99bbd8ef62285ce85da5104d7","sha1":"bd1f094d5479e7dedf5e32fc94780f35522785f8","sha256":"e2a6be390f51bd3f55617abbf1b9e6427b90e9c06298d021773d6bcc23e3699f","sha512":"3b396af4d8a43d644b67745faa1c8f07af824732cbd553aab82bb360f08fede45dbe78d22a1f914272290a035b383b69dbce961eef06c54e051f96641220746b","ssdeep":"","tlshash":"861172ba77bf92219b397835d2718e3bcf1bccd02e0b8c163a4f8806c5a106b8502741","first_seen":"2025-03-04T12:48:27.631188Z","last_seen":"2026-06-11T00:50:39.926341Z","times_seen":215,"resource_available":false,"data":null}},"time_used":332,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":332,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/images/shared/glyph_alert_critical_big-2x.png","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"151.101.195.1","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:45.471Z","timestamp":1781138085471,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 23 Mar 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C5:00:18:97:B9:56:2D:A2:02:A9:4D:5F:A6:BD:CF:EE:71:7F:9C:70","sha256":"64:BB:91:23:34:C5:83:1C:FA:85:2C:6D:1A:14:E6:E1:AB:9D:84:06:AE:2E:45:D4:68:B7:F4:BD:6B:F2:50:A2"}}},"request":{"raw":"GET /images/shared/glyph_alert_critical_big-2x.png HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 1709\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-type: image/png\r\ndc: ccg11-origin-www-1.paypal.com\r\netag: \"06e7g2A2uh9gOtrAR/AAX1pvXevadwBfhbhh/bNOQEI\"\r\nfastly-io-info: ifsz=5828 idim=224x200 ifmt=png ofsz=1709 odim=224x200 ofmt=png\r\nfastly-io-served-by: vpop-haf2300705\r\nfastly-stats: io=1\r\npaypal-debug-id: 83073096eb56a\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\ntraceparent: 00-000000000000000000083073096eb56a-c85c1f69e5015c8e-01\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 11 Jun 2026 00:34:45 GMT\r\nx-served-by: cache-sjc1000122-SJC, cache-bma-essb1270024-BMA\r\nx-cache: HIT, HIT\r\nx-cache-hits: 24549, 1822\r\nx-timer: S1781138086.505862,VS0,VE0\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31557600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":1709,"size_decoded":2544,"mime_type":"image/png","magic":"PNG image data, 224 x 200, 8-bit colormap, non-interlaced","md5":"01f70242c93a7a45b8fd6ee1a56aba6b","sha1":"396950270473fe9149c24a251885f7ed7efd6134","sha256":"4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139","sha512":"ff6fda356ab6d6e1810eece2409d92e7441fd32568c03cbab94365ac0405f9f4c45b0760a81cae986c9d5bc0fb4ef029cde84efc31456daebabbe1d6428269bb","ssdeep":"","tlshash":"8231d8b1ff9a7481549681d6c0f6f29754103cfb9676a043ee8898380967102d1bb07d","first_seen":"2023-05-08T19:27:30Z","last_seen":"2026-06-11T00:50:39.920645Z","times_seen":268,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":13,"connect":16,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/paypal-ui/logos/svg/paypal-wordmark-color.svg","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"151.101.195.1","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:46.052Z","timestamp":1781138086052,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 23 Mar 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C5:00:18:97:B9:56:2D:A2:02:A9:4D:5F:A6:BD:CF:EE:71:7F:9C:70","sha256":"64:BB:91:23:34:C5:83:1C:FA:85:2C:6D:1A:14:E6:E1:AB:9D:84:06:AE:2E:45:D4:68:B7:F4:BD:6B:F2:50:A2"}}},"request":{"raw":"GET /paypal-ui/logos/svg/paypal-wordmark-color.svg HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 756\r\ncache-control: s-maxage=31536000, public,max-age=3600\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\ndc: ccg11-origin-www-1.paypal.com\r\ntraceparent: 00-0000000000000000000381116d06a1a4-0891646195ab8dff-01\r\netag: W/\"67da3cd6-8f3\"\r\npaypal-debug-id: 381116d06a1a4\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\nlast-modified: Wed, 19 Mar 2025 03:41:10 GMT\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 11 Jun 2026 00:34:46 GMT\r\nx-served-by: cache-sjc10069-SJC, cache-sjc10041-SJC, cache-bma-essb1270024-BMA\r\nx-cache: MISS, HIT, HIT\r\nx-cache-hits: 0, 1100, 4672\r\nx-timer: S1781138086.058489,VS0,VE0\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31557600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2291,"size_decoded":1592,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b40b8498ed9de0b5cc68df968183c833","sha1":"276409ef0de6ff80af749877a5f650db78f7804a","sha256":"f766ba6d9471acc787c0808b8c30f38494d12b287ccfb2ff610fd617cfa2a432","sha512":"a79c51326b7c6bb1e694f5c85041b6ee014e8a7fb123996d070f8acd744529f06420d5d751bf1d808e40a833ed9b21c48e2a6ad8b9d340e46e9cf2a293915d45","ssdeep":"","tlshash":"c241f2e2a214e39829178a54ce7250e0165ff4fef7af33a191bf5b70a0425e0ca11e74","first_seen":"2024-09-19T18:53:11Z","last_seen":"2026-06-11T00:50:39.921296Z","times_seen":607,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Medium.woff2","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"151.101.195.1","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:46.075Z","timestamp":1781138086075,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 23 Mar 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C5:00:18:97:B9:56:2D:A2:02:A9:4D:5F:A6:BD:CF:EE:71:7F:9C:70","sha256":"64:BB:91:23:34:C5:83:1C:FA:85:2C:6D:1A:14:E6:E1:AB:9D:84:06:AE:2E:45:D4:68:B7:F4:BD:6B:F2:50:A2"}}},"request":{"raw":"GET /paypal-ui/fonts/PayPalOpen-Medium.woff2 HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://aicopmtrade.click\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 27633\r\ncache-control: s-maxage=31536000, public,max-age=31536000\r\ndc: ccg11-origin-www-1.paypal.com\r\npaypal-debug-id: 4bf6d79974bfa\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\naccess-control-allow-methods: GET\r\ntraceparent: 00-00000000000000000004bf6d79974bfa-3e384d3b650d92b2-01\r\nlast-modified: Thu, 11 Jan 2024 20:08:22 GMT\r\netag: \"65a04ab6-6bf1\"\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 11 Jun 2026 00:34:46 GMT\r\nx-served-by: cache-sjc1000099-SJC, cache-sjc1000099-SJC, cache-bma-essb1270024-BMA\r\nx-cache: MISS, HIT, HIT\r\nx-cache-hits: 0, 12166, 0\r\nx-timer: S1781138086.079884,VS0,VE1\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\ncontent-type: application/font-woff2\r\nstrict-transport-security: max-age=31557600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27633,"size_decoded":28498,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27633, version 1.0","md5":"38178232099be6c278a39fdcfe2db243","sha1":"abf44e1e4a3cd12be295b8361dc488784259fb53","sha256":"8d0e74dfe39c809f2dde1119f404841405d107fa40165669ea74fca51722311b","sha512":"307cb0a013088bc87c392dbe0c084ada953beb01b902c988a97a46894bc85b81eb93bea0436186f09deccec7bcc58b9b63cad9d4c5783fe37d5968a90bdc94f3","ssdeep":"768:4qq1uwAN5VyeAAL7ddHIavOnPMpz6dmP6wfzVUsl4bDA:4q2BAN5HrLHaUpz66n4bk","tlshash":"f5c2e1ca04025970e53356ff439f28dfc0b1d2e3ae199c9dd49f59a8c4ff38512950a6","first_seen":"2024-07-23T00:03:56Z","last_seen":"2026-06-11T00:50:39.924042Z","times_seen":395,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aicopmtrade.click/en_US/i/icon/pp_favicon_x.ico","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:46.094Z","timestamp":1781138086094,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET /en_US/i/icon/pp_favicon_x.ico HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:46 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vuBq5blBysz3WgxYL4CTnR8zPJX4kQ3D2EGgmw0cwab4MoDZxgBFNMqcpzU4BuZ8OzQZ%2Bh%2BCJcVhs%2FY2GzP4YTBhMH2Mnzt8yQlNzm5IQq4pEtHmIHNYE9AoklIDDLaU6NDrVw%3D%3D\"}]}\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 14 May 2026 04:36:36 GMT\r\netag: W/\"1536-19e24c5b020\"\r\ncf-cache-status: EXPIRED\r\ncontent-encoding: zstd\r\ncf-ray: a09c882e1d2f56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5430,"size_decoded":2219,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel","md5":"e1528b5176081f0ed963ec8397bc8fd3","sha1":"ff60afd001e924511e9b6f12c57b6bf26821fc1e","sha256":"1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667","sha512":"acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212","ssdeep":"48:++/pSKnJ/3cCXndBlr9aPZ0M0V+2hDTGlpFRlcPgCOfU:+ASKJPcCXjgZ03Gre9","tlshash":"18b1dc641694e0d8d690567ed3bcd9fbc415de02e9a50bcf078dfdba77340a0a0c6887","first_seen":"2023-04-06T18:53:38Z","last_seen":"2026-06-12T13:44:14.122145Z","times_seen":1489,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"aicopmtrade.click/cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/bootstrap.min.css","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:45.250Z","timestamp":1781138085250,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET /cdn/cd/199f4dcf55b9dafd6ad41cbcfb237f87/9f89c84a559f573636a47ff8daed0d33/bootstrap.min.css HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:45 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V5xfuJBOXIFhuQMj194Z36GUVFx6Dw33SrgqFtwFrn%2Fv2HdTuko8PpZmzdidlsu3GJEsX42ApfuJuEU7ap5HOltbFSuw6p9dGnMREYScGmhsRhmFF1v0WUVrcWB1P4FH4yXm0A%3D%3D\"}]}\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\ncontent-encoding: zstd\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: a09c8828dd0056af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T07:33:43.83116Z","times_seen":16408102,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"www.paypalobjects.com/paypal-ui/fonts/PayPalOpen-Regular.woff2","fqdn":"www.paypalobjects.com","domain":"paypalobjects.com","tld":"com"},"ip":{"addr":"151.101.195.1","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:46.073Z","timestamp":1781138086073,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.paypalobjects.com","organization":""},"issuer":{"commonName":"DigiCert EV RSA CA G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 23 Mar 2026 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C5:00:18:97:B9:56:2D:A2:02:A9:4D:5F:A6:BD:CF:EE:71:7F:9C:70","sha256":"64:BB:91:23:34:C5:83:1C:FA:85:2C:6D:1A:14:E6:E1:AB:9D:84:06:AE:2E:45:D4:68:B7:F4:BD:6B:F2:50:A2"}}},"request":{"raw":"GET /paypal-ui/fonts/PayPalOpen-Regular.woff2 HTTP/1.1\r\nHost: www.paypalobjects.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://aicopmtrade.click\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\ncontent-length: 27457\r\ncache-control: s-maxage=31536000, public,max-age=31536000\r\ntiming-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com\r\naccess-control-allow-methods: GET\r\nlast-modified: Thu, 02 Jun 2022 17:26:24 GMT\r\npaypal-debug-id: b42895292a6be\r\ndc: ccg11-origin-www-1.paypal.com\r\ntraceparent: 00-0000000000000000000b42895292a6be-cc377a6dfdd50433-01\r\netag: \"6298f2c0-6b41\"\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 11 Jun 2026 00:34:46 GMT\r\nx-served-by: cache-sjc1000144-SJC, cache-sjc10020-SJC, cache-bma-essb1270024-BMA\r\nx-cache: MISS, HIT, HIT\r\nx-cache-hits: 0, 555, 0\r\nx-timer: S1781138086.078912,VS0,VE1\r\nvary: Accept-Encoding, Accept-Encoding\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\ncontent-type: application/font-woff2\r\nstrict-transport-security: max-age=31557600\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]}],"data":{"size":27457,"size_decoded":28318,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 27457, version 1.0","md5":"49d49974386dc725656bc1a2bf32ed44","sha1":"26139d3425422f233dfccb09fca2edb36f01e390","sha256":"9ae7b95f034d76b21aaf8fcc0cdd39f4ba7ba59dd9751348a32c7e5cfdfdb6df","sha512":"440a101dc681e69275ab9c2bfa2e436b9d3500debfcf5c84f47b9796f6879e1021b4a6e797ea3c4b45052f68cb066c1bcc75b4a6ac204a40848cb4eb6731f94a","ssdeep":"768:rs41ijgVewvJ0P+BvnbXzmX07uu/pmawwzQ8Mv:rsaijVwP1bXzmX077zQzv","tlshash":"9dc2e0f975cfa310c31d315cbce08a7a010579a8ece47799c368999f195bc8ad1db13a","first_seen":"2023-04-11T21:56:01Z","last_seen":"2026-06-11T00:50:39.921876Z","times_seen":1354,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aicopmtrade.click/webstatic/icon/pp64.png","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:46.093Z","timestamp":1781138086093,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET /webstatic/icon/pp64.png HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:46 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 14 May 2026 04:36:30 GMT\r\netag: W/\"3d9-19e24c598b0\"\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3nPdsspaRWWUi7I3xq8DQuR1th%2F9oboTBccf0ZlFwomecMyfUMYFQimdgrY9qEgKQ6L8Y8LW9qiJA9ua99SjnjlLp7U7GqwjirLePYmYoodXT8wD5n135e7Q%2BVhIZpL9K97JGQ%3D%3D\"}]}\r\ncontent-length: 985\r\ncf-ray: a09c882e1d2e56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":985,"size_decoded":1746,"mime_type":"image/png","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 64x64, components 3","md5":"023075bc4303c2be95c07a3d6cb8c611","sha1":"2feff3517280158d53e64cb9d0786133dfa800e2","sha256":"88308c4c9a6c7accd4d8541939b6c6ff7b6cd035ebd6c5f00055a1d761348d37","sha512":"69369575b8185447c80db03aeb4cb588418729da4c2e08a10dbf6913cf48f05a32ae8219323b97d99b76dd7bd95b3b6c1e15b46306d4dac5df0e4cf33c87b288","ssdeep":"","tlshash":"c111542ee2a6986be73d3d749730232167272a515308c7c98284d76521a04e76e286c3","first_seen":"2025-09-25T07:13:32.21734Z","last_seen":"2026-06-11T00:50:39.922408Z","times_seen":68,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"aicopmtrade.click/","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-11T00:34:44.625Z","timestamp":1781138084625,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:45 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F3VUI%2BtU35Ao5NRcR%2F7zDwDCeA%2F4iR6eMWqnLW9Bl8%2FuGDjPjmb8cUTCTAS0kNYynYjhXD5tn%2FG3kW7q1toHQEJUnfk2aSSGa69x8871YDQPvjXgYxEY2ZVKoOWUu%2Fy2fzJMrg%3D%3D\"}]}\r\npriority: u=0,i\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 14 May 2026 04:41:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: zstd\r\ncf-ray: a09c88254cf156af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":37659,"size_decoded":9325,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (813), with CRLF line terminators","md5":"9ab8126b3b8cf874da7de021bf88d553","sha1":"e044a7a15a9f06b85fc36132b8528053eb1bded1","sha256":"4b4b187f23bbe1990152232591983452c1b8649e9fa42c2cf8e8990c4e3193c0","sha512":"c7656fdae7cf77457b922ac0292c44e254ddb85ec50f881193f054c0244357922f8068c05d270df628d1327990dc7d0b8f1dc70be31c15938892bf1e3e330ad1","ssdeep":"384:sNsEacaIQoHQ1EteEdJfefuDM+rE/T8Okd86lfaQvmBh7IjG6D:Uac4oHECH7DPADHCOUv","tlshash":"df03515060d4193342b3c2cabea5af45fd958207da05a9093afc97df0ff3d82d9171a6","first_seen":"2026-06-09T12:32:49.210267Z","last_seen":"2026-06-11T00:50:39.925271Z","times_seen":4,"resource_available":true,"data":null}},"time_used":406,"timings":{"blocked":-1,"dns":38,"connect":18,"send":0,"wait":347,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"aicopmtrade.click/web/res/775/21d686e15c3cb7641725b712ce308/css/contextualLoginElementalUIv5_1.css","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:45.242Z","timestamp":1781138085242,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET /web/res/775/21d686e15c3cb7641725b712ce308/css/contextualLoginElementalUIv5_1.css HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:45 GMT\r\ncontent-type: text/css; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FXfZ%2FMBs55HYqu9sNEY0X0DU4%2BmR0rbSUwJm4DCE1wV9%2BZ%2FIcgNofPTu2J1UwfIPebYBJ6hQmcgJ7L5rwN49MWfgjdyhoX%2BW3kH12aQGS461HNUBRAreTV%2BQ1yPEazjPBKcIxQ%3D%3D\"}]}\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 14 May 2026 04:36:36 GMT\r\netag: W/\"3640f-19e24c5b020\"\r\ncf-cache-status: EXPIRED\r\ncontent-encoding: zstd\r\ncf-ray: a09c8828ccfe56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":222223,"size_decoded":39288,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (586)","md5":"42308300e02e988e45fffa0f80f23353","sha1":"4ffac6b7c4a5ac67686a373c4e4b35dd1b0975be","sha256":"953991355b69addb144b9a875c630c89eae165d89f6d43dbd36ac51b8e360354","sha512":"4add505e6bfee521b79dee0bfac9acd57e8e10ef4e8e17dfc387cb2a458c0011ba1d84156f0cb63ec5e9dd4ac83d33718acfaaa26792bf007eb703def7bdafcd","ssdeep":"6144:gMI6E4hKNeI6E/I6EtI6EAI6EJI6EELQdb6HrImfha6I6ExI6EEI6Ea6I6EXI6EG:gMI6E4hKNeI6E/I6EtI6EAI6EJI6EELc","tlshash":"c524a3ea9ae40501b91bc56475667b90a32d8003c94fdcbdbbe5306cefc92d992b334d","first_seen":"2026-03-17T13:52:37.577289Z","last_seen":"2026-06-11T00:50:39.922953Z","times_seen":20,"resource_available":false,"data":null}},"time_used":772,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":450,"receive":322,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}},{"url":{"schema":"https","addr":"aicopmtrade.click/cdn/cd/style.css?bz1lYzA4MGVlZjkxMzkwZmQwMjVkZDBiYjg1Y2ZiZjYwZSxhPTlmODljODRhNTU5ZjU3MzYzNmE0N2ZmOGRhZWQwZDMzLGQ9ZWMwODBlZWY5MTM5MGZkMDI1ZGQwYmI4NWNmYmY2MGUtTi9BLHVybD1odHRwczovL3d3dy5wYXlwYWwuY29tL3NpZ25pbixwPXRydWU=","fqdn":"aicopmtrade.click","domain":"aicopmtrade.click","tld":"click"},"ip":{"addr":"104.21.21.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aicopmtrade.click/","date":"2026-06-11T00:34:45.245Z","timestamp":1781138085245,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aicopmtrade.click","organization":""},"issuer":{"commonName":"YE1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 07 Jun 2026 08:31:57 GMT","end":"Sat, 05 Sep 2026 08:31:56 GMT"},"fingerprint":{"sha1":"6A:A9:6C:08:01:E6:3B:50:19:67:CB:8F:47:2A:19:D2:9B:F0:4C:BF","sha256":"55:BF:E5:94:FB:5C:A0:7F:1B:D7:CD:51:FE:25:9F:46:8C:A8:36:99:EF:C7:6B:75:10:40:52:B9:B3:4D:0D:7F"}}},"request":{"raw":"GET /cdn/cd/style.css?bz1lYzA4MGVlZjkxMzkwZmQwMjVkZDBiYjg1Y2ZiZjYwZSxhPTlmODljODRhNTU5ZjU3MzYzNmE0N2ZmOGRhZWQwZDMzLGQ9ZWMwODBlZWY5MTM5MGZkMDI1ZGQwYmI4NWNmYmY2MGUtTi9BLHVybD1odHRwczovL3d3dy5wYXlwYWwuY29tL3NpZ25pbixwPXRydWU= HTTP/1.1\r\nHost: aicopmtrade.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://aicopmtrade.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 11 Jun 2026 00:34:45 GMT\r\ncontent-type: text/css; charset=utf-8\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=14400\r\nlast-modified: Thu, 14 May 2026 04:36:32 GMT\r\netag: W/\"0-19e24c5a080\"\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4enumpQRp1YunAb9YdJnD0%2FcAgzkSLXLuS%2FbM94Ypyo6I%2F9GHn7wTShBduKQ0fNvTrKDVJNTHgkLypaFpRK%2BLHOYVzf7LQJL3Zp3OzB1pzyhaUu9yLDozZKxMtGL1kfTf%2FSQRA%3D%3D\"}]}\r\ncf-ray: a09c8828ccff56af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":761,"mime_type":"text/css; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T07:33:43.83116Z","times_seen":16408102,"resource_available":true,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-11","alert":"Phishing Block","trigger":"aicopmtrade.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-11","alert":"Sinkholed","trigger":"aicopmtrade.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - PayPal","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with PayPal phishing","tags":["paypal","phishing","financial"],"meta":null}]}}]}