{"report_id":"456e51f6-e58e-4a20-9014-1c06fbd829c3","version":6,"status":"done","tags":[],"date":"2026-04-16T14:55:00Z","url":{"schema":"http","addr":"xpmarketeligibility.info","fqdn":"xpmarketeligibility.info","domain":"xpmarketeligibility.info","tld":"info"},"ip":{"addr":"104.21.77.252","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xpmarketeligibility.info/","fqdn":"xpmarketeligibility.info","domain":"xpmarketeligibility.info","tld":"info"},"title":"xpmarketeligibility.info/","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xpmarketeligibility.info","fqdn":"xpmarketeligibility.info","domain":"xpmarketeligibility.info","tld":"info"},"ip":{"addr":"104.21.77.252","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-21T14:55:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-16","alert":"Sinkholed","trigger":"xpmarketeligibility.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"xpmarketeligibility.info","ip":{"addr":"172.67.214.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-16T14:55:01.624196Z","last_seen":"2026-04-16T14:55:01.624196Z","alert_count":2,"request_count":2,"received_data":5135188,"sent_data":938,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xpmarketeligibility.info/flux-chain-v2.7.min.js","fqdn":"xpmarketeligibility.info","domain":"xpmarketeligibility.info","tld":"info"},"ip":{"addr":"172.67.214.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xpmarketeligibility.info/","date":"2026-04-16T14:54:37.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xpmarketeligibility.info","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 14:33:14 GMT","end":"Tue, 07 Jul 2026 14:33:13 GMT"},"fingerprint":{"sha1":"2B:C8:A5:3D:FD:9C:43:24:36:BD:DE:FC:C3:20:D5:67:5F:E0:62:C7","sha256":"DB:1E:51:71:B9:AE:02:41:05:50:15:1B:54:AE:2A:78:90:A2:DC:41:04:DA:71:D9:CF:5C:9F:E0:9A:E9:A5:74"}}},"request":{"raw":"GET /flux-chain-v2.7.min.js HTTP/1.1\r\nHost: xpmarketeligibility.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xpmarketeligibility.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 16 Apr 2026 14:54:37 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Wed, 08 Apr 2026 14:53:10 GMT\r\netag: W/\"69d66bd6-300f37\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e02nHmyu5ElwOjosl0NMrJ%2BuAK2vHmYn0I7eBGgrytJKbUys0lpsinkwOeZQpv89fN%2FXrkw5OxfQ%2Bh%2F5Uf%2FoptKJWlz5Xk0FIrBxTKR3AXpfvQg6z9C3pHAFum%2FNXd4wA%2FPio6tFJemRRho%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ed406b99a4756c5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3149623,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d1ee0d532d81e14fd158b9a46e1e964b","sha1":"1d6a452fa9e6394151f53f246b2c82ffb0e29e26","sha256":"6e73592ad8fc952bb82a395d5529113da90b69c8b96c91e2ef274c4c04f073e5","sha512":"cdb615e81dcfe6a47ba0ca733e74996a7bcaa4f5fa77b05436b7dce6e8e9d32a33103e4e714a2319b5d75c504b7c535a15445515b3d82217090043c15ad56eab","ssdeep":"24576:ioXZEmguO+uue+uq6c6/XUqod+51KtpZFdRx1R7kf5Tz9Nv4l8qfFEH93/Gv++Qj:iwQkjZ5TuQt6mnhA","tlshash":"a7258413a2d038d651d75eb1b62750dafc2d4bafb48c9afa998cf834bce1054e5d8630","first_seen":"2026-03-13T03:25:22.783538Z","last_seen":"2026-04-16T14:59:26.506183Z","times_seen":45,"resource_available":false,"data":null}},"time_used":443,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":233,"receive":210,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-16","alert":"Sinkholed","trigger":"xpmarketeligibility.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xpmarketeligibility.info/","fqdn":"xpmarketeligibility.info","domain":"xpmarketeligibility.info","tld":"info"},"ip":{"addr":"172.67.214.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-16T14:54:36.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xpmarketeligibility.info","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 14:33:14 GMT","end":"Tue, 07 Jul 2026 14:33:13 GMT"},"fingerprint":{"sha1":"2B:C8:A5:3D:FD:9C:43:24:36:BD:DE:FC:C3:20:D5:67:5F:E0:62:C7","sha256":"DB:1E:51:71:B9:AE:02:41:05:50:15:1B:54:AE:2A:78:90:A2:DC:41:04:DA:71:D9:CF:5C:9F:E0:9A:E9:A5:74"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xpmarketeligibility.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 16 Apr 2026 14:54:36 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 08 Apr 2026 14:53:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nKtwMSAfOhCIu%2BMz2SJKuFPKAe%2Fixokj8hZKJrvzn8O9mXtYww%2BGj36xkUY4AufohL%2FMchaiG5wCsLH%2BiTeR%2FQcjvDGRLAeoTp%2BpkxDgIazxBJPC1ZibHx9bEIgmX0Sj2Up%2FIHKdbqKN514%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9ed406b768a35690-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1983712,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (30832)","md5":"80b00fb4687ea570cba9aa6f081dc354","sha1":"0c77e16bfde8699dcf842298639c41c0b231e9d5","sha256":"04d0f16fc8f0bb088725073e7bcd2b4bc409d08bd2420f0aecae50ea300a2fd1","sha512":"2c0f9c6c58f4888ff7dcd9526cddff69d8fead2788198f0ae3d8aea7ccd5800a4eacbae2fa12ecbaf7e1cf80288fe1f1dc6321fa3fbbb683f38a0d583744f5d9","ssdeep":"12288:vkoL/koLhVyvXIBDreWk2fWVW5AfVyvnXBJreWx2fWVW5AsVyvX2BDreWy2fWVWf:8DmPwEeW5AMZFEeW5AOPmEeW5A4r","tlshash":"b82523b514ad19af1ca58c81e2552f2edfac3f63a440c2ee1fdd19c367d8c48d912a8d","first_seen":"2026-04-02T14:30:24.259209Z","last_seen":"2026-04-16T14:59:26.505472Z","times_seen":7,"resource_available":true,"data":null}},"time_used":288,"timings":{"blocked":44,"dns":29,"connect":1,"send":0,"wait":198,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-16","alert":"Sinkholed","trigger":"xpmarketeligibility.info","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}