{"report_id":"2b35a078-536a-42ee-8311-1994b28e7e13","version":6,"status":"done","tags":[],"date":"2025-11-05T11:51:34Z","url":{"schema":"http","addr":"icewerx.com/auth/xf-auth/index1.php","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/index1.php","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"title":"Sign in to Xfinity","dom":{"size":91759,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60351)","md5":"aba8184878874cb1b6ab2e4cd97ea0b9","sha1":"04f8322834e074f83e70b2b5b70f2a6e1fcef5a2","sha256":"ec888f7382373013c8b1c736a4f739df6e563387d779f4c3f47ed5d43623ea98","sha512":"59e4a71b57a99917c4dd32e0e1669ca9c7c1b75b05dc098b059ee0a448a558b0c4103bb1519074b3f4e667e6acaca77e5e96b5d0ec74bb26168dd6a08ac699e6","ssdeep":"768:8wDZUU9csniHKHd62d6D2d6rd6PKPRf0g2aKsy:8w7cQiHmE2EiErEPKV06Ksy","tlshash":"0d938a59b501823f3c03a5fcd35ce0aa725321d0fe798af7ad862011dbdabf698a3155","dom_hash":"domhashab123c43984fe51dfb5159c2df054afa","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"icewerx.com/auth/xf-auth/index1.php","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":0,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-10T11:51:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":8}},"detection":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com/auth/xf-auth/index1.php","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-10-30","alert":"Phishing - Other","trigger":"icewerx.com/auth/xf-auth/index1.php","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null}],"urlquery":null},"summary":[{"fqdn":"static.cimcontent.net","ip":{"addr":"23.49.28.112","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"domain_registered":"2008-10-17","domain_rank":228070,"first_seen":"2018-06-06T22:15:44Z","last_seen":"2025-10-31T21:58:58.672868Z","alert_count":0,"request_count":3,"received_data":147819,"sent_data":1627,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"icewerx.com","ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"domain_registered":"2010-12-27","domain_rank":0,"first_seen":"2025-08-28T19:28:36.835101Z","last_seen":"2025-10-14T02:29:41.981381Z","alert_count":73,"request_count":12,"received_data":677803,"sent_data":6205,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"login.xfinity.com","ip":{"addr":"95.101.10.128","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2003-01-23","domain_rank":28072,"first_seen":"2018-01-15T14:52:54Z","last_seen":"2025-10-31T02:31:34.263857Z","alert_count":0,"request_count":2,"received_data":4460,"sent_data":931,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/js/comcast-common.js","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"71cdb47571f4acc45a95181fd917147b","sha1":"53279319e3c597e08b37c9a6f2e3fb4dd158c9ea","sha256":"14500096a5ad4d9d53e232c14928d3d60232a29f26c2c09aac5fc89ad23c2e09","sha512":"5478ef1dbc96b39b5d6692f2e995ece6b641ac88bba8130e65277277a885c8f82fa65366fd22ce455c9afd414ffbc0883ecb924f18b9afcc932726999eb1e805","ssdeep":"6144:1VmxgwiMPNCI60TiguQuQXlwP2O1TMTOK5xQdIBTncp96o:vUgwJ3/iguTIlpOK6K56mBIP","tlshash":"73347d4aebc843fdc19839d2585e134694fda8221cd8f1186176e4fb6f78f38a47c91a","size":242760,"data":"","first_seen":"2025-04-09T12:14:49.167086Z","last_seen":"2026-05-29T00:51:14.150272Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/js/bundle-cef2f07.js","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bc28393a81e68f7b33e0aa6ad91cbaa2","sha1":"3a7c1f50c0cd49b8219adfe78431018a3040e5fd","sha256":"686a33f005c28796f3dd0a3fc0b63f9c4103e33b71c8f1d4551d219ee4138903","sha512":"baeade20e2155e2a3c4d2e1f165a2a880f29f756379da5abda76960e7f98b686bdfb0f2741a16dc16bbe8cec4119e2e28d5924c3ed663e14502cddcaf2d74ea1","ssdeep":"384:92MSonnyQyBt7vwC5SHch51Y6s1u5EAVsZWRyiEst5d4uX3hJDzN:92MjiEs75uqVsBKd4QTN","tlshash":"a362b78ab691b87203a3a476917f510bf23a2da4741e90d0d669c8d17cb888e417ff6d","size":14877,"data":"","first_seen":"2025-04-09T12:14:49.173799Z","last_seen":"2026-05-29T00:51:14.151549Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-bold.woff2","fqdn":"static.cimcontent.net","domain":"cimcontent.net","tld":"net"},"ip":{"addr":"23.49.28.112","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.cimcontent.net","organization":"Comcast Corporation"},"issuer":{"commonName":"COMODO RSA Organization Validation Secure Server CA","organization":"COMODO CA Limited"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C9:96:BA:CC:3A:6E:16:07:34:F6:2E:65:E1:80:BA:5F:7A:C1:4B:3E","sha256":"57:7E:26:1A:D8:C7:8B:09:B0:3E:AE:94:B3:41:F9:FA:13:B7:ED:EA:77:42:3C:0C:49:75:B8:B0:E3:AD:CB:7F"}}},"request":{"raw":"GET /common-web-assets/fonts/dm-sans/dmsans-bold.woff2 HTTP/1.1\r\nHost: static.cimcontent.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://icewerx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 29872\r\nlast-modified: Wed, 07 May 2025 17:42:38 GMT\r\netag: \"5f8fa708197e8666b28fecf16ab5c7f9\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: HftgflcdxPkkngwbcCwqHydsdLguA4t3\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: J4K-cQORI538AyQFsIMERnGsjMc7Sk5rsr_OEDgiwUPcR6IUewJ4KA==\r\ncache-control: max-age=31536000\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":29872,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29872, version 1.0","md5":"5f8fa708197e8666b28fecf16ab5c7f9","sha1":"cf1789b9debe417b1bf3d97e4fdb34584ec6f77c","sha256":"f4fc8ea1d0db62d19b2320e0299afe1c60abc0aacb7ba34d4169d56bcc828fe2","sha512":"18a73b963f0bd2142bb4d6a24e14f1b4f223b87dfc52c2e1aab73d743a555eab9bece1a2dc4692e0eb083d3c523931816a09c31f6cb52d7e9da7d6b18135a0a2","ssdeep":"768:J7ClyHjz6WfDoWPfAW2EhywNRDxFn9UBWvyC:QwP6WxI3I1vxFn9UByyC","tlshash":"86d2e1cf54a70fd2c52888b86090e91c6deef375f3e9648c035ee88ead4d5623b21653","first_seen":"2023-07-14T01:42:30Z","last_seen":"2026-06-13T02:21:16.302585Z","times_seen":174,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":172,"dns":137,"connect":1,"send":0,"wait":31,"receive":2,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/css/android-icon-192x192.png","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/css/android-icon-192x192.png HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 2569\r\ncontent-type: image/png\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2569,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit grayscale, non-interlaced","md5":"4d5a72cfafe8a0e67a3a4e3684ae379f","sha1":"2140780ff72470e5a9d63fdf950d7b816ce804be","sha256":"b8bbda2990b5611317f747bf13de3a78e1de77fd7d864a27d845194988490375","sha512":"a2323abb4342312eeaf8cb9d5003287a64665dcc859424f84a80868fc9cc3d684464627e728ea9d688d9af50fea2d55a849ed753615667f4226bef751345776f","ssdeep":"","tlshash":"86513a75d7229ed994c95bbcb11d230ae425841c3c60899bd73f84ae8a92c16bad8fc4","first_seen":"2023-06-04T02:44:54Z","last_seen":"2026-06-14T01:11:40.060459Z","times_seen":1471,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/static/images/global/xfinity-logo-black.svg","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /static/images/global/xfinity-logo-black.svg HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/css/bundle.css\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncontent-length: 0\r\ncontent-type: text/html\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-18T02:31:18.345974Z","times_seen":16499189,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/css/prism-ui-cef2f07.css","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.578Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/css/prism-ui-cef2f07.css HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 13791\r\ncontent-type: text/css\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":67968,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"cb5c0ce049ae586b381128adc222e578","sha1":"862f7765781f6faba5759f4effeb692d1250d03f","sha256":"4d0d01d5e95e4904e89cab34bc4439558f20e3de3677990f53f8885508c71afd","sha512":"c585377e1c2523d2455f9ad21604c1c5ee4109b7fe913566f270bdcf358dc61c557caf572061624d52a0bf45df5ab5f2e7e63a9c99cde12ae00d434b94f5eb26","ssdeep":"768:keIxIZIAIGIGIpIPIxIZIAIGIGIpIVhDI8zwdiw+Ub6PhvLtA5xi:zIxIZIAIGIGIpIPIxIZIAIGIGIpIS5xi","tlshash":"eb632210fb01921fb82a4aff10adb5e395271147c76b86f9f38b100bb59facb5197246","first_seen":"2023-07-14T01:42:30Z","last_seen":"2026-05-29T00:51:24.513122Z","times_seen":1276,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/css/bundle-cef2f07.css","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/css/bundle-cef2f07.css HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":90549,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65472)","md5":"440160c5b1b460a156f7780ec1c4d60e","sha1":"eecf6690b2ea5c5a0019a82296cf985a19b7cd81","sha256":"a9adb899c167f01d969696a58403d3089cf6cf452df0a53ab42afe90000fbc52","sha512":"f3f03d39a548d01991fec6ed641a9f07446fd9e23d9c9433baa157817e89f304dbff3d813e8b495aa0fd70379889b6574cde0cfde66c53105502ebf9ac75d257","ssdeep":"768:VI5IhIHIYIhIhI1FlDI8z7F3riw+Ub6PhvLtma+Ax6r5+sR:VI5IhIHIYIhIhI1V97a+Ax6d+sR","tlshash":"37935314ff01811fb8164aff50acb6a395274547db6b86f8f647000abbef6cb5297206","first_seen":"2024-12-08T16:59:48.253651Z","last_seen":"2026-05-29T00:51:14.147082Z","times_seen":46,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/js/bundle-cef2f07.js","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/js/bundle-cef2f07.js HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 7019\r\ncontent-type: application/javascript\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":14877,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14840)","md5":"bc28393a81e68f7b33e0aa6ad91cbaa2","sha1":"3a7c1f50c0cd49b8219adfe78431018a3040e5fd","sha256":"686a33f005c28796f3dd0a3fc0b63f9c4103e33b71c8f1d4551d219ee4138903","sha512":"baeade20e2155e2a3c4d2e1f165a2a880f29f756379da5abda76960e7f98b686bdfb0f2741a16dc16bbe8cec4119e2e28d5924c3ed663e14502cddcaf2d74ea1","ssdeep":"384:92MSonnyQyBt7vwC5SHch51Y6s1u5EAVsZWRyiEst5d4uX3hJDzN:92MjiEs75uqVsBKd4QTN","tlshash":"a362b78ab691b87203a3a476917f510bf23a2da4741e90d0d669c8d17cb888e417ff6d","first_seen":"2025-04-09T12:14:49.173799Z","last_seen":"2026-05-29T00:51:14.151549Z","times_seen":43,"resource_available":true,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/css/cookie-consent.css","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/css/cookie-consent.css HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 16226\r\ncontent-type: text/css\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":55562,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text, with very long lines (1846)","md5":"b9feeadfb853a8bb5a375d84ec0fa9b2","sha1":"6f162a510d1879ea69932b8e30af836e67127468","sha256":"1db596d64a139ee0b14e98dfe183c8cb7e7ef5e528649b3f51991a8bc42eab7f","sha512":"596d17334012415ff7ba536d64bb915d91956d696f87dfa60c78f108cee00ce08d21015280d036bdc2ee1e58c240f54baa1a154ffd8ae588f90467bcbe0b8cd1","ssdeep":"1536:AIUINI6IsIZI9IeImI5ItItIzIxIRIFbnIDmZ26aKY+rEv/PmMUOK4ddGBjXLw:dpGfRq2rjKmmcSyFbqmg6M+i0BQ","tlshash":"844345e55eb5115471179c96ba8e2b577b28cf26840eedbbebe1340cefc41489c63388","first_seen":"2023-04-15T05:38:27Z","last_seen":"2026-05-29T00:51:14.152154Z","times_seen":1275,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":242,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cimcontent.net/common-web-assets/fonts/xfinity-brown-optimized/xfinitybrown-regular.woff2","fqdn":"static.cimcontent.net","domain":"cimcontent.net","tld":"net"},"ip":{"addr":"23.49.28.112","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.cimcontent.net","organization":"Comcast Corporation"},"issuer":{"commonName":"COMODO RSA Organization Validation Secure Server CA","organization":"COMODO CA Limited"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C9:96:BA:CC:3A:6E:16:07:34:F6:2E:65:E1:80:BA:5F:7A:C1:4B:3E","sha256":"57:7E:26:1A:D8:C7:8B:09:B0:3E:AE:94:B3:41:F9:FA:13:B7:ED:EA:77:42:3C:0C:49:75:B8:B0:E3:AD:CB:7F"}}},"request":{"raw":"GET /common-web-assets/fonts/xfinity-brown-optimized/xfinitybrown-regular.woff2 HTTP/1.1\r\nHost: static.cimcontent.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://icewerx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 86524\r\nlast-modified: Wed, 07 May 2025 17:42:40 GMT\r\netag: \"7852867d778f90102ccdec973b475759\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: gw7wjuR4opXGeqv20283quaergq0iUvk\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-amz-cf-pop: CPH50-P1\r\nx-amz-cf-id: ocD4MuE9g-nT3U4foISbyMd14f_Ga_lwer-u4dzTywuPsegaYx-NlQ==\r\ncache-control: max-age=31536000\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":86524,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 86524, version 1.66","md5":"7852867d778f90102ccdec973b475759","sha1":"17a64dacf2c9e594cc4a6f5d49492a54a88b5193","sha256":"ac7ab1854db99c8278486132a7cef4a5d4f2992fd59488d02b4a5c5a071407d0","sha512":"31114c84767199aa085e0d6f285296154f9006d5ecdf794c72af34f4dc2508d90f53786329e85e6915eebc1f83ac622749b498b3ac8650072537c3aef5f9eae4","ssdeep":"1536:/Ocqyvx5/JtUBWeYL5CIKTcEXV1ULAQcq8UMeTbbGUbfwT9DiROYFaAC:/FHbYBO5C3tej8RUIsOY8D","tlshash":"76831273b4a34856cc36e8ec9a2ed8b15b79c78ff2080d95b95c84b8d22f691873594c","first_seen":"2023-04-15T05:38:27Z","last_seen":"2026-06-13T02:21:16.325687Z","times_seen":1450,"resource_available":false,"data":null}},"time_used":343,"timings":{"blocked":164,"dns":130,"connect":1,"send":0,"wait":9,"receive":5,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/index1.php","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-05T11:51:10.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/index1.php HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\nset-cookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2; path=/\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":91802,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (60351), with CRLF line terminators","md5":"5eb2f87a3ec5e1dcbda3245fd3df0abc","sha1":"7abea035eb421bafa45a0cdc0b04182834371c51","sha256":"70ec67a58e50194b93d54201ae535a2b547bd47909b204f6a81e1063981e6394","sha512":"4a88e7ace22ff6310c7a921696c41bc6ce98878062e15a3a73d559233b92c4395259e00331e2c7168bcb8a509f2815f18fedb9417ba003bc6fce75fb9b3c33f2","ssdeep":"768:8iDZUU9csnhzfGd62d6kad6rd6FMPRh0c2aKqP:8i7cQhz+E2ErErEFMv0eKqP","tlshash":"7c938a59b501823f3c03a5fcd35ce0aa725321d0fe798af7ad862011ebdaef69893155","first_seen":"2025-10-14T02:29:44.230979Z","last_seen":"2026-02-15T15:17:05.17021Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1165,"timings":{"blocked":458,"dns":212,"connect":116,"send":0,"wait":249,"receive":0,"ssl":126},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com/auth/xf-auth/index1.php","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-10-30","alert":"Phishing - Other","trigger":"icewerx.com/auth/xf-auth/index1.php","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/js/comcast-common.js","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/js/comcast-common.js HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":242760,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71cdb47571f4acc45a95181fd917147b","sha1":"53279319e3c597e08b37c9a6f2e3fb4dd158c9ea","sha256":"14500096a5ad4d9d53e232c14928d3d60232a29f26c2c09aac5fc89ad23c2e09","sha512":"5478ef1dbc96b39b5d6692f2e995ece6b641ac88bba8130e65277277a885c8f82fa65366fd22ce455c9afd414ffbc0883ecb924f18b9afcc932726999eb1e805","ssdeep":"6144:1VmxgwiMPNCI60TiguQuQXlwP2O1TMTOK5xQdIBTncp96o:vUgwJ3/iguTIlpOK6K56mBIP","tlshash":"73347d4aebc843fdc19839d2585e134694fda8221cd8f1186176e4fb6f78f38a47c91a","first_seen":"2025-04-09T12:14:49.167086Z","last_seen":"2026-05-29T00:51:14.150272Z","times_seen":43,"resource_available":true,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/css/bundle.css","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/css/bundle.css HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":108837,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (383)","md5":"c811877c687e09e14bf950d15eae27ff","sha1":"5d2c230141661e167ef0d5e030541cbbb1db2ba4","sha256":"55ebcc68f8185eb8af8000a1cd4a4da5643ff026873d5753183ce452bc6df75a","sha512":"d3e496ec80d1edd79d2855b6a41cd58d291427d15ff553d56ad840d850a6c7f9ed076e3cc216828d31d355a7f1e3b62b90c7af46f42dcde902b4685bcad6296e","ssdeep":"1536:XHDB555GIxIZI7IGI9IpIbIxIZI7IGI9IpIrT4oQDAAk:XSqUD260SqUD26b","tlshash":"20b30f44aa00121f787f46fb315ea2867277510adb27dfe4bdca00099fce7caa6d6345","first_seen":"2025-04-09T12:14:49.172793Z","last_seen":"2026-05-29T00:51:14.150953Z","times_seen":43,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.xfinity.com/static/images/global/xfinity-logo-black.svg","fqdn":"login.xfinity.com","domain":"xfinity.com","tld":"com"},"ip":{"addr":"95.101.10.128","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"login.xfinity.com","organization":"Comcast Corporation"},"issuer":{"commonName":"COMODO RSA Organization Validation Secure Server CA","organization":"COMODO CA Limited"},"validity":{"start":"Thu, 16 Oct 2025 00:00:00 GMT","end":"Fri, 16 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FC:AE:B5:13:FA:D2:2D:2A:C0:B7:8E:29:95:DC:AC:2E:8A:1C:9D:E6","sha256":"5E:03:92:9D:5B:E4:F4:0C:83:CA:FC:B1:31:E5:D4:49:AB:A1:5C:D5:19:38:84:AD:F0:7A:41:C6:D6:F1:6F:D1"}}},"request":{"raw":"GET /static/images/global/xfinity-logo-black.svg HTTP/1.1\r\nHost: login.xfinity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 09 Oct 2025 01:44:16 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nexpires: Wed, 05 Nov 2025 11:51:12 GMT\r\ncache-control: max-age=0, no-cache, no-store\r\npragma: no-cache\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\ncontent-length: 536\r\nset-cookie: AWSALBTG=Z/vRB9Q5HPmfkyQFoh1pbGI+lkUTYGI67tClSvwwHdBZqVuJzpw7BLADsH28vBHD1vDAwyV94pw4jOKVTSh9tcRQS7oZh2kFsnFiUVmV95YV/K7b+2S2ofJrpfVUtAyyJSkLImw1cqOBoGVrS85aqgZQ8khTyCXmPX8dGfnhE1Ut; Expires=Wed, 12 Nov 2025 11:51:12 GMT; Path=/\nAWSALBTGCORS=Z/vRB9Q5HPmfkyQFoh1pbGI+lkUTYGI67tClSvwwHdBZqVuJzpw7BLADsH28vBHD1vDAwyV94pw4jOKVTSh9tcRQS7oZh2kFsnFiUVmV95YV/K7b+2S2ofJrpfVUtAyyJSkLImw1cqOBoGVrS85aqgZQ8khTyCXmPX8dGfnhE1Ut; Expires=Wed, 12 Nov 2025 11:51:12 GMT; Path=/; SameSite=None; Secure\nAWSALB=FBs4ingX6Dj6zkEPe4+4LBrz+i2/jr8IkR9n2DzwKw3XpSW5YxK7eTe3u4GSTTLn5v4ihewTshZgLnyTnctMsySn9d/CSUTjHnS/nnKgFfWVKwa3fbec2PsMBrTF; Expires=Wed, 12 Nov 2025 11:51:12 GMT; Path=/\nAWSALBCORS=FBs4ingX6Dj6zkEPe4+4LBrz+i2/jr8IkR9n2DzwKw3XpSW5YxK7eTe3u4GSTTLn5v4ihewTshZgLnyTnctMsySn9d/CSUTjHnS/nnKgFfWVKwa3fbec2PsMBrTF; Expires=Wed, 12 Nov 2025 11:51:12 GMT; Path=/; SameSite=None; Secure\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":939,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ad0169683d32ded98ee715cf453e4033","sha1":"94e5de676c41f5819be4510c8dc852a0e5b629f1","sha256":"f831f28eea507b3e762cc59806bb6c8b6f2101cbf56f4689981055d77a7bffb5","sha512":"7eff6aac74551a729f091e6d615c61edad582c91e5d2a925155d32ae8f59878c6dfe4e00d5e960ea0e10f2e58d629117ab291297df0c54f916da19c548edfaa2","ssdeep":"","tlshash":"6811dc3a032f17cdbbc89b106060e0a66476603a73b490a89fc3e814ac009f30076975","first_seen":"2024-03-03T08:20:16Z","last_seen":"2026-05-29T00:51:14.137992Z","times_seen":1131,"resource_available":false,"data":null}},"time_used":810,"timings":{"blocked":218,"dns":157,"connect":0,"send":0,"wait":362,"receive":0,"ssl":67},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/static/images/global/xfinity-logo-grey.svg","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /static/images/global/xfinity-logo-grey.svg HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/css/bundle.css\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncontent-length: 0\r\ncontent-type: text/html\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-18T02:31:18.345974Z","times_seen":16499189,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/static/images/global/xfinity-logo-black.svg","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /static/images/global/xfinity-logo-black.svg HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/css/bundle.css\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncontent-length: 0\r\ncontent-type: text/html\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-18T02:31:18.345974Z","times_seen":16499189,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"icewerx.com/auth/xf-auth/css/favicon-16x16.png","fqdn":"icewerx.com","domain":"icewerx.com","tld":"com"},"ip":{"addr":"192.185.146.230","port":443,"asn":19871,"as":"NETWORK-SOLUTIONS-HOSTING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.565Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.icewerx.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Sep 2025 20:34:23 GMT","end":"Sat, 20 Dec 2025 20:34:22 GMT"},"fingerprint":{"sha1":"29:60:B3:35:E6:12:9D:4A:0F:D1:9B:C8:EB:DB:20:2E:76:D8:0E:B3","sha256":"62:65:6F:5F:FC:98:3D:96:CC:40:12:FB:8C:35:5A:0E:23:18:DC:0C:25:B4:9A:76:DB:92:C9:CF:07:B3:27:8E"}}},"request":{"raw":"GET /auth/xf-auth/css/favicon-16x16.png HTTP/1.1\r\nHost: icewerx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/auth/xf-auth/index1.php\r\nCookie: PHPSESSID=6vc968cuov1p1eg42hsq7e33s2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nlast-modified: Sun, 08 Sep 2024 02:25:42 GMT\r\naccept-ranges: bytes\r\ncontent-length: 184\r\ncontent-type: image/png\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":184,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit grayscale, non-interlaced","md5":"db142cad60d6acbf015835843f35071f","sha1":"56261a4d35ff1ad9c210376f025f8762e608494f","sha256":"1a819ccf88edbedbdce80f8f48844260c685edf389ba39ba92e42c7291522801","sha512":"73373b61b828ddc6223a9a48286efe5efc5610f3358738035cc347acecc1a98dbf6d8697b0e04131925a54cf97c4bb1f39de408ebddc69a2867a6391b63f5272","ssdeep":"","tlshash":"71c0c0ef73643c7de8080e3f6c0204b19c2543c1c6f1049013b48030e300f3c02b8502","first_seen":"2023-06-04T02:44:54Z","last_seen":"2026-06-14T01:11:40.059186Z","times_seen":1471,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-11-05","alert":"Phishing Block","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"openphish","sensor_type":"Blocklist","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-11-05","alert":"Phishing - DocuSign","trigger":"icewerx.com","verdict":"phishing","severity":"medium","comment":"DocuSign","link":"https://openphish.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-05","alert":"Sinkholed","trigger":"icewerx.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.xfinity.com/static/images/global/xfinity-logo-grey.svg","fqdn":"login.xfinity.com","domain":"xfinity.com","tld":"com"},"ip":{"addr":"95.101.10.128","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:11.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"login.xfinity.com","organization":"Comcast Corporation"},"issuer":{"commonName":"COMODO RSA Organization Validation Secure Server CA","organization":"COMODO CA Limited"},"validity":{"start":"Thu, 16 Oct 2025 00:00:00 GMT","end":"Fri, 16 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"FC:AE:B5:13:FA:D2:2D:2A:C0:B7:8E:29:95:DC:AC:2E:8A:1C:9D:E6","sha256":"5E:03:92:9D:5B:E4:F4:0C:83:CA:FC:B1:31:E5:D4:49:AB:A1:5C:D5:19:38:84:AD:F0:7A:41:C6:D6:F1:6F:D1"}}},"request":{"raw":"GET /static/images/global/xfinity-logo-grey.svg HTTP/1.1\r\nHost: login.xfinity.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 09 Oct 2025 01:44:16 GMT\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nexpires: Wed, 05 Nov 2025 11:51:11 GMT\r\ncache-control: max-age=0, no-cache, no-store\r\npragma: no-cache\r\ndate: Wed, 05 Nov 2025 11:51:11 GMT\r\ncontent-length: 539\r\nset-cookie: AWSALBTG=WmdkXTeU+1AMTvpNbkeoqN8rlNbeVRWwAWRMEE9ygUpBCxBkLxAvvZ0OwOMWhtrH+XEhkSQ/hegb5IPOJHBKeINS+Wpw2Xf4uD2dIXiTqtR+noXBwO/gCqDwpXePrQsbeWAFnO8vVR9dH3qwbIC9v2qrdigksLk1D/PAIjjih7WB; Expires=Wed, 12 Nov 2025 11:51:11 GMT; Path=/\nAWSALBTGCORS=WmdkXTeU+1AMTvpNbkeoqN8rlNbeVRWwAWRMEE9ygUpBCxBkLxAvvZ0OwOMWhtrH+XEhkSQ/hegb5IPOJHBKeINS+Wpw2Xf4uD2dIXiTqtR+noXBwO/gCqDwpXePrQsbeWAFnO8vVR9dH3qwbIC9v2qrdigksLk1D/PAIjjih7WB; Expires=Wed, 12 Nov 2025 11:51:11 GMT; Path=/; SameSite=None; Secure\nAWSALB=Zi3NEHybI4CK26J+lvlHTtGNftxrwO4jKRjgiBk+N3kYYyPesp7kXEvl+dp/IbN/SBSjKQfu7WCD0YM6md+5+Xi5idXBvH/aH4FCfOvApbZN9SZqoW4RaKp0vlg9; Expires=Wed, 12 Nov 2025 11:51:11 GMT; Path=/\nAWSALBCORS=Zi3NEHybI4CK26J+lvlHTtGNftxrwO4jKRjgiBk+N3kYYyPesp7kXEvl+dp/IbN/SBSjKQfu7WCD0YM6md+5+Xi5idXBvH/aH4FCfOvApbZN9SZqoW4RaKp0vlg9; Expires=Wed, 12 Nov 2025 11:51:11 GMT; Path=/; SameSite=None; Secure\r\nstrict-transport-security: max-age=31536000 ; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":939,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ab5a5950fe0ba1d4ebd5d6c482586e08","sha1":"b92792cd903f5fc0d0d8ae54fdc4c50d33b0d74f","sha256":"15334e1a1a24d9f0f0a3daaedc6f438e3bdd6ef11d7fefb7d37e3208094c7089","sha512":"cd6b48aefff26646fed9215e5d5081d581b9ddf5baa61a16adfbde490d3b2560699bccf2863fdbd9ce55b2e29374defa2fe6c95263f40b2d19e9aa1b5e3ae97f","ssdeep":"","tlshash":"b011dc39032f17debbc85f106060e0a66476503a73b490a89fc3e814ac009f30076975","first_seen":"2023-05-09T23:35:06Z","last_seen":"2026-06-13T02:21:16.308864Z","times_seen":1134,"resource_available":false,"data":null}},"time_used":624,"timings":{"blocked":219,"dns":158,"connect":1,"send":0,"wait":172,"receive":1,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.cimcontent.net/common-web-assets/fonts/dm-sans/dmsans-regular.woff2","fqdn":"static.cimcontent.net","domain":"cimcontent.net","tld":"net"},"ip":{"addr":"23.49.28.112","port":443,"asn":16625,"as":"AKAMAI-AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://icewerx.com/auth/xf-auth/index1.php","date":"2025-11-05T11:51:12.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"static.cimcontent.net","organization":"Comcast Corporation"},"issuer":{"commonName":"COMODO RSA Organization Validation Secure Server CA","organization":"COMODO CA Limited"},"validity":{"start":"Thu, 06 Mar 2025 00:00:00 GMT","end":"Fri, 06 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C9:96:BA:CC:3A:6E:16:07:34:F6:2E:65:E1:80:BA:5F:7A:C1:4B:3E","sha256":"57:7E:26:1A:D8:C7:8B:09:B0:3E:AE:94:B3:41:F9:FA:13:B7:ED:EA:77:42:3C:0C:49:75:B8:B0:E3:AD:CB:7F"}}},"request":{"raw":"GET /common-web-assets/fonts/dm-sans/dmsans-regular.woff2 HTTP/1.1\r\nHost: static.cimcontent.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://icewerx.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://icewerx.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: font/woff2\r\ncontent-length: 29920\r\nlast-modified: Wed, 07 May 2025 17:42:38 GMT\r\netag: \"b9d5e5cad821648da76e2fedb6c6a680\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: B6Y2UPZ8HumiPBqb9Tc2GO2DjkgxwQ9e\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: kiRb3_fcIZxr9bmRlYm5Ffsd5Oq6J7LRr_nJN20VIg3Jk6d7rmVvcQ==\r\ncache-control: max-age=31536000\r\ndate: Wed, 05 Nov 2025 11:51:12 GMT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":29920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29920, version 1.0","md5":"b9d5e5cad821648da76e2fedb6c6a680","sha1":"f99e9d4c60c524dfb2e5015dfc754ae325773ff9","sha256":"40aefc09f33205666c2c42f20d54285147ae9434ef5f8018481950fd67ddcb68","sha512":"4a94b57c36cef25992c4324289e3ceb6fd5e22cb053d1d6a0c81749d421192c4cd9f8abeed548fd716492674b0cf568dd1182fe402a0f36c77b21a37cb0aca7a","ssdeep":"768:YUyDoffo32x6g0X+TIhsqOGmalsmzanisIZFk7:qmKcksqOGmJsg","tlshash":"1bd2e189fbc2b957ca45816c2e707da9061d8500a5afeb3499d31f3d83e24b7b880d5f","first_seen":"2023-04-06T07:47:01Z","last_seen":"2026-06-14T01:11:40.071554Z","times_seen":1528,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":169,"dns":133,"connect":3,"send":0,"wait":13,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}