{"report_id":"46848e36-cf85-43ce-9f54-772f2b77df24","version":6,"status":"done","tags":["wellsfargo","financial","phishing","dyndns"],"date":"2026-01-31T15:47:40Z","url":{"schema":"http","addr":"net1f1ix.com","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":0,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"net1f1ix.com/auth/login.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"title":"Sign On to View Your Personal Accounts | Wells Fargo","dom":{"size":912000,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (62694)","md5":"710e1f7ff25f427cecfeb72dfd943d18","sha1":"34091127b896cd88ff450af1b496130238c558b0","sha256":"95ee8c145ac947dc1c24f60f09360b9298a3190c9abb56f57dddb3e33338acae","sha512":"04a221ac30760b2d984fa340132dc63a1ecc25b676ed241fa0c5fe99bca4178623eae7f8ff5d564611f7b8be7a2c25d728149d73b8cec0b36c6074698b16abd1","ssdeep":"12288:6duw/xBVcqwSelOgU5YnCcNEv2uI/SRb3suUrXZbOU4wuTJ2075FSa761Su:UuMVcvlQBYnCBmuUrd34lJPj7Ru","tlshash":"b915232046a12c6a8564d31530d7563b3be72fa7e051479bf2ec96db0bf9ec19c2342b","dom_hash":"domhash4616cdb2e6ff5a894056eaa880db1bd9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"net1f1ix.com","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":0,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-07T15:47:40Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":3,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"telegrambotcheck.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"summary":[{"fqdn":"net1f1ix.com","ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"domain_registered":"2026-01-30","domain_rank":0,"first_seen":"2026-01-31T09:14:47.352155Z","last_seen":"2026-01-31T09:14:47.352155Z","alert_count":150,"request_count":30,"received_data":3134192,"sent_data":16717,"comment":"","tags":null,"fingerprints":[{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-01-25T22:25:20.721908Z","alert_count":0,"request_count":1,"received_data":88547,"sent_data":442,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"chacktgbot.duckdns.org","ip":{"addr":"102.165.14.26","port":7001,"asn":397423,"as":"TIER-NET","country":"United States","country_code":"US"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2024-11-27T12:04:49.171033Z","last_seen":"2026-01-23T21:33:04.244382Z","alert_count":1,"request_count":1,"received_data":114,"sent_data":536,"comment":"","tags":null,"fingerprints":[{"name":"Python:3.12.6","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]}]},{"fqdn":"telegrambotcheck.duckdns.org","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2013-04-12","domain_rank":0,"first_seen":"2024-05-03T19:21:27Z","last_seen":"2026-01-26T23:23:24.913976Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":542,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"net1f1ix.com/auth/login.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"f06cf6ebc160844ace6252aa87e02c97","sha1":"3e5238d333272fedb7f290abf13c8f1b44ef5a5d","sha256":"3786540def1bcf1edfc874d853d1174be2eff181920ed5f28f9d7d16ceec95e0","sha512":"985f082dc3c8388bc492b0573c749dd49709d113da177dbcfaf3ffa85704a9ea9679871331b3a5e5448b871fb9c2313119fce11019413d9be0d64de2efc9c796","ssdeep":"","tlshash":"2c31e040383877585793a022059f184591303e21aa1fdd97c983ec552bf352a3b6bc9f","size":1830,"data":"","first_seen":"2025-08-29T06:00:45.922807Z","last_seen":"2026-06-03T13:53:33.100295Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/login.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"e46f417d030c5546d95edbb441d62eab","sha1":"89923899a129642fb75ba746736d25d846f19036","sha256":"7a925c661677734a14b7ea742702deba864e4063487d6645ca5ab30d252f4a7f","sha512":"9ef6948bb84cd858edf98f2a88200c0fa0c16c5647a1d1887ba51791519d57257bdf55e3dfb725b89b4989c24fdc87c803f9c2c074010d9407268ada8a0d1230","ssdeep":"","tlshash":"7911cc632a1900edcef554e60dbf29c38cb5af720d48e0985b12f84396f47d261aaf24","size":916,"data":"","first_seen":"2025-08-29T06:00:45.9239Z","last_seen":"2026-06-03T13:53:33.09956Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/res/jquery.js","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"722c84ca80aa254c303d1b8756fdba8b","sha1":"d676c6cc4f84221837c1f62c5bdf952117e895c9","sha256":"39bac2602588beaff490b26748dbb792ac7eac1f895adbcaf4000d5bd51ed3a9","sha512":"85ad0c9035a3bb534baac4555b8f72ebc1cdfdb7155acf4a58466f75971e315ce19cef93dae8d055436d4a3bbd0744569d2bde6269f37c8929f4e772fa3d946e","ssdeep":"","tlshash":"03510bc0fb601388a205048cce5ea6e12d027ed55d3fc4f26ea5b541a76c1b9155bf1d","size":2809,"data":"","first_seen":"2025-08-29T06:00:45.912763Z","last_seen":"2026-06-03T13:53:33.084773Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/res/cdn/jq.js","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ccf212eddc3506318c557182e8297ac6","sha1":"83cbb4c131ec92ddb4b4ac004a692ab5de57e22b","sha256":"7f8c83527958acc94204177932f4af82490579bc49a8410feda8fba5e8947815","sha512":"87ebad74c1e2b547c989593bf3cfa0c5ed905c10d0a599b7251ab948a2be061fbb076c623ff4135bc50a9e562d07619910213f1fe037548942962a59eadb1763","ssdeep":"6144:VpkhNVlJ+TC1lFhTzeKpTcYmD2zK8U1Js3Px+WK+N7TFyygRWL/IaLgeNTIPfgy8:kjTcYmD4I4Px+WK+N7TFyjeTiPf7Aqqt","tlshash":"1284f8d8f78d212e433231aa982f11ceb77dd175550444aafd4d987c28a482d83bbf7a","size":386150,"data":"","first_seen":"2025-01-29T01:32:25.483201Z","last_seen":"2026-06-08T14:22:05.805649Z","times_seen":718,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-08T15:29:57.205059Z","times_seen":166536,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/login.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"27b9268e35f09eab0bb2c597e114c4fc","sha1":"4bb55f289fe6af15e5ae477cd040bae4971639ba","sha256":"2793ed6f1a67f79aa6dfb5faf8caeb30a49a6a09084da98ab4b20ffdffa8ae19","sha512":"84b1585ebdb996ebc18edb2942ae82717a0f789c4b3428cdf6884896f7458bb52117563a1814e761c879bf4fcba156630749633a241a74b425195e3871dd8fb6","ssdeep":"","tlshash":"aa70008800800880002cac220808882000000800ea82000a08220ac00c3000acf838c0","size":23,"data":"","first_seen":"2024-12-23T12:05:45.462681Z","last_seen":"2026-05-08T05:54:32.442432Z","times_seen":78,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/login.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"04f0f6a647aaf830dc8b6ee8bd070a25","sha1":"98bbeceb83532ef68e210e9228f7a1e01fb447c4","sha256":"88dc6e6c61a885f3756f07884b553f92d34d52f515f65844cef68d47a8b0ce33","sha512":"3be7b8f9d754817cbe49803372308be2e79b9ed08b3bef7a64e9c5e63522c6cd75d607ff9e99a7043214210ff25962434207a8374f13a065979f0224e3dbc325","ssdeep":"","tlshash":"ecd02b8ee7e6c0c0793324024c8f20191c6604a34acbcd053d4ca181cf96a8aace864e","size":285,"data":"","first_seen":"2025-07-18T03:24:31.652514Z","last_seen":"2026-05-13T07:41:15.238816Z","times_seen":19,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"net1f1ix.com/auth/login.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-31T15:47:18.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"GET /auth/login.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 31 Jan 2026 15:47:18 GMT\r\nServer: Apache\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":914215,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (62529)","md5":"354f19e6dd94685f2e6b56e520c22801","sha1":"8dc7d2a5b19a215905e978626fe3ed48b1bc48d8","sha256":"ac3f8c4da75f58ef928e1d181f95bcd6cbc61c02b38e3372665b912621ce965b","sha512":"bd38627550574d946e081549d05cfd5e372d7b3e2e57fdb1a347356a95ab29d44d8d3ebec2a3827351b4d0ef965e764825682d40201ab7f21e89bbe2b7080466","ssdeep":"12288:oduw/xBVcqwSelOgU5YnCcNEv2uI/SRb3suUrXZbOU4wuTJ2075FSa761SS:auMVcvlQBYnCBmuUrd34lJPj7RS","tlshash":"b215236046a5186a8564c32530e7162b3be72fa7e051475ff2ec96db0bf9ec0dd2342b","first_seen":"2026-01-31T11:50:02.746838Z","last_seen":"2026-03-17T15:18:45.800023Z","times_seen":7,"resource_available":false,"data":null}},"time_used":844,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":121,"receive":723,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:31.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:31 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=94\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:32.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:32 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=84\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:33.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:33 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=83\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:28.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:28 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=88\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:34.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:34 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=82\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:29.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:29 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=87\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:21.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:21 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:23.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:23 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/res/jquery.js","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:19.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"GET /auth/res/jquery.js HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 31 Jan 2026 15:47:19 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 11 Sep 2025 10:06:46 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 2809\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":2809,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (2809), with no line terminators","md5":"722c84ca80aa254c303d1b8756fdba8b","sha1":"d676c6cc4f84221837c1f62c5bdf952117e895c9","sha256":"39bac2602588beaff490b26748dbb792ac7eac1f895adbcaf4000d5bd51ed3a9","sha512":"85ad0c9035a3bb534baac4555b8f72ebc1cdfdb7155acf4a58466f75971e315ce19cef93dae8d055436d4a3bbd0744569d2bde6269f37c8929f4e772fa3d946e","ssdeep":"","tlshash":"03510bc0fb601388a205048cce5ea6e12d027ed55d3fc4f26ea5b541a76c1b9155bf1d","first_seen":"2025-08-29T06:00:45.912763Z","last_seen":"2026-06-03T13:53:33.084773Z","times_seen":34,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":140,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:19.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/jquery/3.7.1/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 31 Jan 2026 15:47:19 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 27446\r\ncf-ray: 9c6a58cc6e7d56cb-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"64ed75bb-6b36\"\r\nlast-modified: Tue, 29 Aug 2023 04:36:11 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1408363\r\nexpires: Thu, 21 Jan 2027 15:47:19 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=i1kR2Rs0DfEyxPVqkjhy9mRKoIqDyfzQuaYwLWbZ2Vi92ebX95hYCHs8bpfNU%2BPmDHSPTn7RUHIxo8HJDxRmFyCdHhbCS8zcMD3mqcKfb6xpievKbKQhuwZtfU4E53dPhEetR9hy\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87533,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-08T15:29:57.205059Z","times_seen":166536,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":31,"dns":4,"connect":1,"send":0,"wait":12,"receive":2,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"chacktgbot.duckdns.org:7001/receive_token?referrer=Yogi","fqdn":"chacktgbot.duckdns.org","domain":"chacktgbot.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"102.165.14.26","port":7001,"asn":397423,"as":"TIER-NET","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:19.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"chacktgbot.duckdns.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 20 Dec 2025 20:40:23 GMT","end":"Fri, 20 Mar 2026 20:40:22 GMT"},"fingerprint":{"sha1":"9D:EB:4B:76:0F:39:8F:F3:75:D2:8C:90:48:44:85:6D:E7:7B:51:64","sha256":"41:37:AC:B8:4C:E8:DA:7F:C8:BB:F5:B2:47:39:DA:94:66:5B:D9:97:9B:BF:66:05:D9:48:57:86:71:E6:33:23"}}},"request":{"raw":"POST /receive_token?referrer=Yogi HTTP/1.1\r\nHost: chacktgbot.duckdns.org:7001\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://net1f1ix.com/\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 16\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":16,"data":"token=your-token"}},"response":{"raw":"HTTP/1.0 400 Bad Request\r\nServer: BaseHTTP/0.6 Python/3.12.6\r\nDate: Sat, 31 Jan 2026 15:47:20 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Python:3.12.6","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]}],"data":{"size":13,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"607e1d854783c8229998ac2b5b6923d3","sha1":"7ac1506119d660dbaca215d74b0768e238ddc6fa","sha256":"086efea7640e6806644960fcbf8c47eacfcc088aded900d68e6f38fcd40f16fa","sha512":"34711bcb29765e7d2bfe1379fafd0897dcf24c28a9962b7f38b33fe40566c15d14634be4dbb5e7af85adf22de1168ef8e2f13770dc62bba0e054a3290dbac4cb","ssdeep":"","tlshash":"e4600030300000000cf00ccc00c0c03300f0300000000c0c00000cc03cf0cc00003000","first_seen":"2023-04-28T22:59:02Z","last_seen":"2026-06-05T21:15:30.457749Z","times_seen":77,"resource_available":true,"data":null}},"time_used":1267,"timings":{"blocked":392,"dns":126,"connect":125,"send":0,"wait":482,"receive":0,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:21.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:21 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=95\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:29.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:30 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=95\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:30.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:30 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=86\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/res/all.css","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:18.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"GET /auth/res/all.css HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 31 Jan 2026 15:47:18 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 11 Sep 2025 10:06:46 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 901775\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/css\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":901775,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (29952), with CRLF line terminators","md5":"befa7910789404fcbbc02cf71a022214","sha1":"e8b9cb9455f24eb6b9ba6af0527cebfb81559011","sha256":"171ccd26a01cb5648b977c95d578cbd239985b953061a55d1fac17b9eb0ace64","sha512":"a0ab21e89336da5830b017688e97e5af39a28b0358c57c3df1e9742c268f6b66d8bbe2b36de3a33b989e138e67e228eb20043e911e9864105e74bc95bee2f042","ssdeep":"12288:ShuCN3dsxpBNCNXFc2GuXqfghuCN3dsxpBNCNXFc2GuXqfdhuCN3dsxpBNCNXFcP:SwIdsN4XcowIdsN4Xc1wIdsN4Xc9","tlshash":"381512b68e2379491872792e5a5744699f337763a10228ca7af477878bb43c400b7fcd","first_seen":"2024-08-19T16:58:04.200895Z","last_seen":"2026-05-13T03:38:23.766906Z","times_seen":24,"resource_available":false,"data":null}},"time_used":1483,"timings":{"blocked":246,"dns":1,"connect":120,"send":0,"wait":120,"receive":869,"ssl":124},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:31.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:31 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=85\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:35.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:35 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=81\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:35.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:35 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=92\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:36.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:36 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=80\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:22.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:22 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=94\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:23.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:23 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=93\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/auth/res/cdn/jq.js","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:19.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"GET /auth/res/cdn/jq.js HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 31 Jan 2026 15:47:19 GMT\r\nServer: Apache\r\nLast-Modified: Thu, 11 Sep 2025 10:06:46 GMT\r\nAccept-Ranges: bytes\r\nContent-Length: 386150\r\nKeep-Alive: timeout=5, max=98\r\nConnection: Keep-Alive\r\nContent-Type: text/javascript\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":386150,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"ccf212eddc3506318c557182e8297ac6","sha1":"83cbb4c131ec92ddb4b4ac004a692ab5de57e22b","sha256":"7f8c83527958acc94204177932f4af82490579bc49a8410feda8fba5e8947815","sha512":"87ebad74c1e2b547c989593bf3cfa0c5ed905c10d0a599b7251ab948a2be061fbb076c623ff4135bc50a9e562d07619910213f1fe037548942962a59eadb1763","ssdeep":"6144:VpkhNVlJ+TC1lFhTzeKpTcYmD2zK8U1Js3Px+WK+N7TFyygRWL/IaLgeNTIPfgy8:kjTcYmD4I4Px+WK+N7TFyjeTiPf7Aqqt","tlshash":"1284f8d8f78d212e433231aa982f11ceb77dd175550444aafd4d987c28a482d83bbf7a","first_seen":"2025-01-29T01:32:25.483201Z","last_seen":"2026-06-08T14:22:05.805649Z","times_seen":718,"resource_available":true,"data":null}},"time_used":142,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":118,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"telegrambotcheck.duckdns.org:5001/receive_token?referrer=loco","fqdn":"telegrambotcheck.duckdns.org","domain":"telegrambotcheck.duckdns.org","tld":"duckdns.org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:19.913Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"POST /receive_token?referrer=loco HTTP/1.1\r\nHost: telegrambotcheck.duckdns.org:5001\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://net1f1ix.com/\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 16\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":0,"dns":126,"connect":124,"send":0,"wait":0,"receive":0,"ssl":130},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"telegrambotcheck.duckdns.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - DynDNS domain","verdict":"suspicious","severity":"low","comment":"","tags":["dyndns"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:24.927Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:24 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=92\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:25.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:25 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=97\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:26.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:26 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=90\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:33.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:33 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=93\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:25.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:25 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=91\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/fetch.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:27.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/fetch.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"update=1"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:27 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=89\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:27.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:27 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=96\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":120,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-31T15:47:17.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Sat, 31 Jan 2026 15:47:17 GMT\r\nServer: Apache\r\nlocation: auth/login.php\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":914215,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T15:34:22.145557Z","times_seen":16243359,"resource_available":true,"data":null}},"time_used":777,"timings":{"blocked":244,"dns":1,"connect":117,"send":0,"wait":289,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"net1f1ix.com/panel/update_statu.php","fqdn":"net1f1ix.com","domain":"net1f1ix.com","tld":"com"},"ip":{"addr":"38.248.15.148","port":443,"asn":174,"as":"COGENT-174","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://net1f1ix.com/auth/login.php","date":"2026-01-31T15:47:20.925Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.net1f1ix.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 30 Jan 2026 09:28:02 GMT","end":"Thu, 30 Apr 2026 09:28:01 GMT"},"fingerprint":{"sha1":"87:BC:26:BB:8E:E8:BB:68:E9:82:16:28:86:FD:BE:44:46:3A:2D:A0","sha256":"93:9C:7E:6E:FE:72:6A:E0:66:61:C8:8B:3D:1D:97:18:C9:4B:B0:72:94:13:22:1B:D8:9D:78:B1:B7:0F:03:53"}}},"request":{"raw":"POST /panel/update_statu.php HTTP/1.1\r\nHost: net1f1ix.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 12\r\nOrigin: https://net1f1ix.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://net1f1ix.com/auth/login.php\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12,"data":"update=1\u0026ip="}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nDate: Sat, 31 Jan 2026 15:47:20 GMT\r\nServer: Apache\r\nContent-Length: 355\r\nKeep-Alive: timeout=5, max=96\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":355,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"4525b2d648f7c457a689fd96421783a5","sha1":"11bfe30ce44585a15a38e86bc094224ddfe2c08e","sha256":"cc0b4e42510d49c6decd464123ecf3b14ae9b47f9b4ed2ee64893e2d6520a264","sha512":"94e3e8246cf38ff7740e51aa115c8c455b14f78e672c2686b782c0ce30b6fa2dbd91a78b29b3964d9c0414aabd4b9391fd5db326665e25b4b8e73dae60ffe979","ssdeep":"","tlshash":"71e0c04f4057b3474011a2907dc01291e505236b38a152f93ac09467500897dc4aa2dd","first_seen":"2025-12-09T03:51:58.5943Z","last_seen":"2026-06-08T15:17:56.536528Z","times_seen":39291,"resource_available":true,"data":null}},"time_used":117,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-31","alert":"Phishing Block","trigger":"net1f1ix.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-31","alert":"Sinkholed","trigger":"net1f1ix.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Wells Fargo","verdict":"phishing","severity":"medium","comment":"Assest commenly seen with Wells Fargo phishing","tags":["wellsfargo","financial","phishing"],"meta":null}]}}]}