{"report_id":"50b23e5c-2fdc-453e-b0f1-2e6d9621ab01","version":6,"status":"done","tags":[],"date":"2026-02-14T16:01:44Z","url":{"schema":"https","addr":"xxcpfyfe.click/","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"212.134.174.188","port":0,"asn":3257,"as":"GTT Communications Inc.","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"xxcpfyfe.click/#/pages/login/index","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"title":"登录","dom":{"size":75863,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3732)","md5":"9b73f2819a6ff48d9ea3af967ea3ab0a","sha1":"b6359aca1832ee065565d6f307207cf036c72a14","sha256":"688a9feb4f3bbbeef492362a6ccaaae72ecd68f0438c1be0751505a7acc32173","sha512":"73feb1212909aa827828ced3cfba17d1e75763d0bb4ca6366e9d5f928c4e332791dec2fbe305d5d612f44cd9376ca136c4c6c08e9777ae2a6f91ccc5666dbc3f","ssdeep":"1536:f2dZXEnFJiaUvXAANWTl7nET6EsUz4EFZ5sf/Zsfs/sfYSsf00rrxRco/G:oB","tlshash":"3e73d832720e3a135533c888a4c4d72da126d723c5124598f7ad2f7e8fdbfd60a66b49","dom_hash":"domhash4c4a26533f0bd012e942b7416bb1db67","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"xxcpfyfe.click/","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"212.134.174.188","port":0,"asn":3257,"as":"GTT Communications Inc.","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-21T16:01:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"at.alicdn.com","ip":{"addr":"47.246.44.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"domain_registered":"2008-06-25","domain_rank":96084,"first_seen":"2013-11-28T05:03:29Z","last_seen":"2026-02-11T12:52:54.685947Z","alert_count":0,"request_count":1,"received_data":56830,"sent_data":521,"comment":"","tags":null,"fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}]},{"fqdn":"xxcpfyfe.click","ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2026-02-06","domain_rank":0,"first_seen":"2026-02-13T13:48:08.306629Z","last_seen":"2026-02-13T13:48:08.306629Z","alert_count":60,"request_count":20,"received_data":1285227,"sent_data":9728,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"124.221.80.91","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-02-11T15:09:54.260395Z","alert_count":0,"request_count":1,"received_data":578,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/chunk-vendors.b9cd8f7a.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"bc482dfb164265338f7cd626f23dbfe4","sha1":"a6bebed5f7fb84db3f18026db5f30aff3df7bfa4","sha256":"456b1a5957805e4a15e44a4554aaf87c624a5000dcb183466a225f8470134470","sha512":"daa509eb0d2dc4fc4f262c8bcf62cac934766c59bbe63358c9bc3a4d6b8494f563b682c3c42554575c3872eec76eb7c2a1b4b33e02496bde3105dbf5529a2513","ssdeep":"6144:UTLoCHu0vjuYJdCqHLFpXtwTf3fTb//n7vkNTMHYEvm/40+QhAddvQz/gne+/LJm:cIUhJpdwTffn7ktdi0YvQzv+Q","tlshash":"4f05f78df282b0b50be761b5403f220bb2376969b40a84d4f675e4d0ad7894e6237f7d","size":837807,"data":"","first_seen":"2025-09-23T16:05:18.335984Z","last_seen":"2026-05-16T13:21:34.801121Z","times_seen":148,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-recha~a3ba5c73.495d8869.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"9337674251f8c39baa1d37eb4c1db01b","sha1":"c7143a08f40e64e0f5e8c55a153297eaff213877","sha256":"6a399d7dedcf035046d6d77bf16c09532a0b54454ef2a2acb180cba2513a6a72","sha512":"95336bf97fea43a9327f3ce4f4920eb8b6e8b976da541d9dc1dc54836603a62659b6fdc5697eca5b6660fbf7e2c815588c28d2092307302af99769da4a2a6c99","ssdeep":"384:sK6O0OfTxsISJy6Dlxf80ohFr3ZDoDZFho7b7kBn5pbP:sKv0OfTxsISJrDlxf80ohFrpDodFho7u","tlshash":"2d92f99bf2efb86606d7c454941b050a61673e2dd430f590dff897fa0ae0ace0662f19","size":20516,"data":"","first_seen":"2026-02-09T08:42:21.566258Z","last_seen":"2026-03-16T07:21:39.347842Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-recha~c80fbe36.aa7ff9eb.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1105a4b9582838f4cc93c18aa1651e0","sha1":"a2e8a1166de24472dced8e63c1b8d30f56bf81f9","sha256":"26f5cad87fe1a7b0c95baac00bc13e52efa1e2903064ec494517a6dd472a0d28","sha512":"59182492334948ab5896deb63e20d7dd1f3b766b51e6d78f09b359f65bf693dbc47778112890c74020b5eb47e53d702e43096ba2db3a38412a2fce95cb01209c","ssdeep":"192:ChfVbqRsBR7eknRTeknycJMOFaPuBIC4QvCPqRs/ODh:ChQuR1MOUuVVNCEh","tlshash":"4c42e916f18f781a46938c5440ceab2420a67f179c90e5c1e3e6beb98bb379d2115f1f","size":12119,"data":"","first_seen":"2026-02-09T08:42:21.56506Z","last_seen":"2026-03-16T07:21:39.320085Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-index.c62f95a2.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"212.134.174.188","port":443,"asn":3257,"as":"GTT Communications Inc.","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"6fb8b8f8c0c77c43acbea068d2bbac24","sha1":"fa26b2cf7ca6fd2c4328e84ac88ea2ff7ab3571c","sha256":"83788a03534e9fbf12c9e494482a5b32fc6c532e29f087a369ee1fbe9da942bd","sha512":"24ea1c3a9be2c7dbaf6d83d9ec47efeb23b9816ceee446efb5fc16db26d2b53f5f6efde3416a38428b7301ac42d530a90f50b6bcb167e53e95b89d3302906959","ssdeep":"768:DFf32q5iaWQzRBkSw7Ozp3tYV2WM0uELLSDy:DFf32bVKRBkSw7ON3OV2UTXSDy","tlshash":"6c53d91db0ceb8674fd35494108f0605927a7e68c8a1e545e7769fa48efe6ca022ff1c","size":63815,"data":"","first_seen":"2026-02-09T08:42:21.575851Z","last_seen":"2026-03-16T07:21:39.330957Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-login-index~pages-login-register-index~pages-my-account-login-psd-index~pages-my-account-pay-psd-index.af01e7d4.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"e8f9d89bd1957c48f27dcbbe71968495","sha1":"fe937018ed476931d352f8e846be295b964dd092","sha256":"3e792cd0d29bb47f30f7608bec74cc5b1480dcf2823888b721b1a19ee2712fa2","sha512":"c412cdf60497f7a6898e116c7ade6fec16bb4e7089ae7e80e65e50a896f6f482cccd1636b682370d9a0ad3aaa6237866145d13192d59be68952f80c888f06518","ssdeep":"192:bws1sX3l9x1Lx2OH3SW72ZqDkYce4ICqEmE9k870bXnSRZ6itCqRsV7Rx:bReXHLcOXS9sGmbnu3oH","tlshash":"9342ca6d709db9929ec39c7061df1106d33236598868b490e7f566f407bab8c2336f2e","size":13064,"data":"","first_seen":"2026-02-09T08:42:21.580232Z","last_seen":"2026-03-16T07:21:39.350913Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"93368157fb131b56a45d6f60f8b40342","sha1":"ea2a25edb7b00c3e0a06650f02fded5bd87dfa20","sha256":"c48d4859bc082aa591168f7d7230bef438ecc2b3074e707c83864e11ec1a891f","sha512":"366c90d022f7fd6718d76460de51a154cf6cf8bf8e3aefa2e0e736cbba24ec53506485331abd3c3c2a7e6ae00c9a3b957a9aa675ecdd389afca7863ad8365908","ssdeep":"","tlshash":"c8e068c260a6294c02208016304ac1031bb608729ec149613c4c67a58fb9f4bc46e859","size":352,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-06T08:33:41.656561Z","times_seen":4001,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/index.c83008ae.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2825ef5a76b49cbb5b4e34aacf2434e","sha1":"45b997fc345ca7908399fbf20a926832c960eb26","sha256":"df2072738fca308508605bce1afbcfa67df7e4c445f9b8a9709b594dc1dfb865","sha512":"b14759de07ade45e0949048303c74e5e411d3803b80d10a54e7a146a00a87ff8499bb5e9c9f1b39419d74201cfabbaa1d89fe7dfb5f38c16472930b178e73b7d","ssdeep":"1536:+2YDBoI0adZXEn0fOYptX9gD0yfA0eDbCbEJ+W/7h8XuC0/KXsdB7DMFgDJDLBd3:+zDBoAfWeDWbEJ+ih8TXsdB75NXUiP","tlshash":"56d32999b2c5eadb19876865042fa70a71b73cb4100db481e3f1dad05fce78f526af24","size":140560,"data":"","first_seen":"2026-02-09T08:42:21.570743Z","last_seen":"2026-03-16T07:21:39.337583Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-login~6a36a1e8.a31023dc.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"9de1dfd93ef84a89b3d0cc8275673416","sha1":"900a190945e3ecec1830144fb7a7d5e186e868a0","sha256":"0cccce6e8e360486b4f4ec66ab33451c9e4064417241f1896cf487b1eb4d0f8e","sha512":"dc8fd490fca1c01c3390094ceb930c91d9f068a75b5e7449f6daad366fc1db2275b3db50ef0545714028bce8acb7b66f2f3b62b95325db5d6b0099e856d69145","ssdeep":"192:uqRsB4t7qRs7iuiXiwiri0lIrr398cIzDBwVT/UvXE3FkPCk:z6auqlI3t8cIzDBgT/nECk","tlshash":"0552714cb697142008938640d9ca5629d13df6b738359cc873d6a6cfcfa2bcd12a9f97","size":13753,"data":"","first_seen":"2026-02-09T08:42:21.572914Z","last_seen":"2026-03-16T07:21:39.327977Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-login-index.70937249.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"1d99d59394e656e64c61d57147121171","sha1":"414ed2c9386d0f00c8e640e693f31380092d9b1e","sha256":"f5d08f1a6c979da2a398aa75c982ea6b662c0e590c38dfac0aee4a8e8a1f4a1e","sha512":"3860f97a3c59e742a15538d01b9f474a835caa70a09b0c41be0ebb21103d0b60877714d653c43964df1584a2d2132f7ec892ab190899ce9a3575e7e5896e63c9","ssdeep":"192:6zTL0TgJz+mwRfRhiHiOsM66HjEOYqRsBR7eknRTeknycJMOFaPubjXqRsdHnoCR:6zTLCMJRuR1MOUubGoHJT3D","tlshash":"2882f925714ab41e4953cc6860ce65385035af32dc50e9c8f3b1adb98fe7b8f1226b1e","size":18675,"data":"","first_seen":"2026-02-09T08:42:21.573711Z","last_seen":"2026-03-16T07:21:39.323087Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-login-index~pages-login-register-index~pages-my-account-balance-i~2a47be03.5484b06d.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"4491dadebebd38d9e162e5be5f68ab8c","sha1":"934900abc54dbcc1f39e112acd54b532c004e6cf","sha256":"0c35e11fd5b3e7e50ff7d938b2757f17cfd4c325cc1d5edfdfb968ebcec4512b","sha512":"56fc19c00615738f5e7abc9608ed2efa2e0abe8bbf9b849f7c057d7a2ead55f15cf661c3b6e023914bce1296a7d0c8076737a01d1aca1074ab2d1588c714250e","ssdeep":"384:b6JZfFtyPcM2W22wkcQTfGuUXsxZpJjT7pWp++RQfZa53X:b6rfFtR5WnwkcQDGW3pdT7pWp++RQfZg","tlshash":"5bb2815eb0c9ad7b6fd658d4001fa106238e6a05ccf0bd01b7b69be5cabe245211ff15","size":23696,"data":"","first_seen":"2026-02-09T08:42:21.56384Z","last_seen":"2026-03-16T07:21:39.342771Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"3d5272693eb411e5b8b13a243f76c720","sha1":"6a586ab8e0a4bf12bbc60eea6ca9f2418625a22c","sha256":"9582f31f9eb892b8823a780e579d464d54e26d97d65dc327d2b2bdd92d47c4b8","sha512":"03fc5614f48fc9a2e3c4a30626fdbacde74c1fda09ffa9d1cde0393d31cd5fe1588e270c241f4cedb473c6e5cc224ff16c141468a29519ea6159accf3e3a18f1","ssdeep":"","tlshash":"a4c08c8350e2080c8210861b848880050b8808b04f9308a22cd85b7ecc9ae88c8f804c","size":148,"data":"","first_seen":"2023-03-07T01:10:06Z","last_seen":"2026-06-06T09:30:36.077276Z","times_seen":15870,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-recha~c80fbe36.aa7ff9eb.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-recha~c80fbe36.aa7ff9eb.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e8-2f57\"\r\nExpires: Sun, 15 Feb 2026 04:01:26 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12119,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11131), with no line terminators","md5":"e1105a4b9582838f4cc93c18aa1651e0","sha1":"a2e8a1166de24472dced8e63c1b8d30f56bf81f9","sha256":"26f5cad87fe1a7b0c95baac00bc13e52efa1e2903064ec494517a6dd472a0d28","sha512":"59182492334948ab5896deb63e20d7dd1f3b766b51e6d78f09b359f65bf693dbc47778112890c74020b5eb47e53d702e43096ba2db3a38412a2fce95cb01209c","ssdeep":"192:ChfVbqRsBR7eknRTeknycJMOFaPuBIC4QvCPqRs/ODh:ChQuR1MOUuVVNCEh","tlshash":"4c42e916f18f781a46938c5440ceab2420a67f179c90e5c1e3e6beb98bb379d2115f1f","first_seen":"2026-02-09T08:42:21.56506Z","last_seen":"2026-03-16T07:21:39.320085Z","times_seen":9,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/dingdan.png","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"212.134.174.188","port":443,"asn":3257,"as":"GTT Communications Inc.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/dingdan.png HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:46 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e2-f38\"\r\nExpires: Mon, 16 Mar 2026 16:01:26 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: MISS from L1:569\r\nVia: L1:569\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3896,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 16-bit/color RGBA, non-interlaced","md5":"f3a24f6ca5bf45b917d27c2e0e032b78","sha1":"3ad5be20f2fbc0adfa73ad2d201e6526dfd0ca86","sha256":"850806bb10faea2c83bf471a39b5f97f0590753d94f5ad31ae2c1d52f6e7a229","sha512":"2b4a42fadb9cc7359d775ca51ba91fd13a621325aa757ffc915d50c027d1fa94a35a2cd5475c744d444b07e567d7f99928134b81429ffdb70fce393f626f8ebc","ssdeep":"","tlshash":"b98139e042498ea5c91ae6fce074422590430b8f8d7f48dd6c29f06f537b97a26e8e90","first_seen":"2025-10-24T23:20:41.977731Z","last_seen":"2026-05-16T13:21:34.808701Z","times_seen":138,"resource_available":false,"data":null}},"time_used":841,"timings":{"blocked":158,"dns":85,"connect":34,"send":0,"wait":522,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/api/sys/info","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"POST /api/sys/info HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\ntoken: \r\nContent-Length: 2\r\nOrigin: https://xxcpfyfe.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:27 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Credentials: true\r\nSet-Cookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga; path=/; HttpOnly\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nAccess-Control-Allow-Origin: https://xxcpfyfe.click\r\nAccess-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE\r\nAccess-Control-Allow-Headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With\r\nAccess-Control-Expose-Headers: User-Token-Csrf\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"a802414e80a4e572f829299e4476a0ea","sha1":"2971f8566c466ab2fbbcc424a3fb4e0059680cbf","sha256":"a45b2e055b18a9c6c86e613acc58de01729e11e4c1b5bee7374f8e3d99a0d902","sha512":"86f3185dcb5a747742689b7475a257f73097b3c66bb38b06dac858c595e541bc6af6f8db3f5d927c78e7f38ce742415efaad9c024d83f537b741967dca885a83","ssdeep":"","tlshash":"1dc0808d5c1d0d06573a524085553a08726cf557f8429cf54be8fde4e745558f006573","first_seen":"2025-12-23T06:28:34.618591Z","last_seen":"2026-03-16T07:21:39.314945Z","times_seen":10,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":315,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"124.221.80.91","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:27.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 14 Feb 2026 16:01:29 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Sat, 14 Feb 2026 16:31:29 GMT\r\ncache-control: max-age=1800\r\nset-cookie: __uni__uid=rBEQVWmQnFkNr08/AwnfAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-06-06T09:30:36.05823Z","times_seen":16177,"resource_available":false,"data":null}},"time_used":2551,"timings":{"blocked":616,"dns":1,"connect":271,"send":0,"wait":1319,"receive":0,"ssl":341},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"at.alicdn.com/t/font_2225171_8kdcwk4po24.ttf","fqdn":"at.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"47.246.44.178","port":443,"asn":24429,"as":"Zhejiang Taobao Network Co.,Ltd","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tbcdn.cn","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 28 Nov 2025 03:07:13 GMT","end":"Sat, 18 Jul 2026 09:41:04 GMT"},"fingerprint":{"sha1":"01:40:62:EF:8C:E5:C1:8A:19:4C:8D:B6:F5:C2:24:7F:DC:C0:9C:8A","sha256":"60:3C:41:A0:78:62:E6:5E:82:F0:FA:CF:5C:C9:D3:22:E4:64:EE:1A:EE:C7:CC:BA:DD:25:08:90:6F:CC:C4:F2"}}},"request":{"raw":"GET /t/font_2225171_8kdcwk4po24.ttf HTTP/1.1\r\nHost: at.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xxcpfyfe.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: Tengine\r\ncontent-type: application/octet-stream\r\ncontent-length: 55940\r\ndate: Fri, 13 Feb 2026 00:24:06 GMT\r\nx-oss-request-id: 698E6F266AD0C43231E11480\r\nvary: Origin\r\naccept-ranges: bytes\r\netag: \"B716002BF601F727176AE7901BDF4E4F\"\r\nlast-modified: Fri, 24 Dec 2021 20:51:06 GMT\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 10201830100077572647\r\nx-oss-storage-class: Standard\r\ncache-control: max-age=63072000\r\ncontent-md5: txYAK/YB9ycXaueQG99OTw==\r\nx-oss-server-time: 2\r\nvia: ens-cache6.l2de4[0,0,200-0,H], ens-cache14.l2de4[1,0], ens-cache8.se2[0,0,200-0,H], ens-cache4.se2[3,0]\r\nage: 142642\r\nali-swift-global-savetime: 1770942246\r\nx-cache: HIT TCP_HIT dirn:8:117456549\r\nx-swift-savetime: Fri, 13 Feb 2026 09:39:03 GMT\r\nx-swift-cachetime: 31070703\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\neagleid: 2ff62c9817710848885367909e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]},{"name":"Tengine","description":"Tengine is a web server which is based on the Nginx HTTP server.","website":"https://tengine.taobao.org","common_platform_enumeration":"","icon":"Tengine.png","categories":["Web servers"]}],"data":{"size":55940,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 11 tables, 1st \"GSUB\", 18 names, Macintosh,            ","md5":"b716002bf601f727176ae7901bdf4e4f","sha1":"e87c1130c27fa42d822c198f5ea8b633b5118b94","sha256":"4bc8cc97559c0a52ea4f5ce0563e1bf3a7f89d660f74792e662e76d49eae4707","sha512":"cd4d86bc27a8055bf4ba21730991acb71e32d1d8c3176b6aada3c8fcfbaacfabe3cf1c813665b4434b16c757587d38afb8fd61f3a84a440053a96b545187e672","ssdeep":"768:00Yo6KrRwXJDv2mjQ5PMWCUPQnNqcoocj9MNb5+kYfcUFO++wEMjQYVEh/gG+VeV:xY1dCpj8+kYfcUUXwjjQYV8/gBVE","tlshash":"3c437c2b835e4fb3d16a86f90c4f011b5fefd7206636f99664ca5c1e4402afd085cb9a","first_seen":"2023-04-09T15:26:02Z","last_seen":"2026-06-06T06:55:10.584191Z","times_seen":3687,"resource_available":false,"data":null}},"time_used":328,"timings":{"blocked":130,"dns":43,"connect":20,"send":0,"wait":43,"receive":25,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T16:01:23.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:24 GMT\r\nContent-Type: text/html\r\nContent-Length: 774\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:45 GMT\r\nETag: \"697242e1-306\"\r\nAccept-Ranges: bytes\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":774,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (500)","md5":"9fecdffa77c03a129577688dd1fa8035","sha1":"8059edd52575e32b3f3ca7f7d8fc71c42c22dfb0","sha256":"e54ccfe097c5222f5df00f0bb2e80ae2dbe7f51dae9e2148a4a4d30cc8309e9a","sha512":"b96759006027df75ed57b23d7f6d93741240c5eb3e38742af8703fcc2ea74d3a11dbac2d46baeb410bf8e4938e0bfefab2f8549a4d5dd9fbeccc1f41d49602ea","ssdeep":"","tlshash":"2601b1c21c54f94d0720859164b6e61e89ea4ab8a951d9603cdc2afc4bd0b8dde2f815","first_seen":"2026-02-09T08:42:21.569883Z","last_seen":"2026-03-16T07:21:39.333961Z","times_seen":9,"resource_available":false,"data":null}},"time_used":1356,"timings":{"blocked":532,"dns":452,"connect":40,"send":0,"wait":285,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/index.883130ca.css","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:24.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/index.883130ca.css HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:24 GMT\r\nContent-Type: text/css\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:49 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e5-1793e\"\r\nExpires: Sun, 15 Feb 2026 04:01:24 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: EXPIRED from L1:977\r\nVia: L1:977\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96574,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"2de2f2d3943b4b382a28a439daff5939","sha1":"70d04e1c3567cb4f248b29046b98386f215a4d38","sha256":"8a35934d019c2b120a31ae6c51c75b2327f22637824b2a2c2faf4ce17ae9d4d8","sha512":"eba9271e30d6e4b21954078e3ccd839a55e1dcc8212fa375c18dce42104d19a92655c2f289401525b0c9565971a31573b928666515a3ca89b1801bbd48c1de95","ssdeep":"1536:OlIApuK7hmVmb2RS1Wu3xdynGJ7eh/nrhlvbc:VApuK7hmVrS1Wu3iG41nrPI","tlshash":"f393f73719012e39e52bcd26b6c1ab5a1e61c033e15307adfba47628cbcf9c9167b345","first_seen":"2025-07-20T12:48:29.443135Z","last_seen":"2026-06-06T06:55:10.667863Z","times_seen":2627,"resource_available":false,"data":null}},"time_used":581,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":550,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-login~6a36a1e8.a31023dc.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-login~6a36a1e8.a31023dc.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e8-382b\"\r\nExpires: Sun, 15 Feb 2026 04:01:26 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14379,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12735), with no line terminators","md5":"9de1dfd93ef84a89b3d0cc8275673416","sha1":"900a190945e3ecec1830144fb7a7d5e186e868a0","sha256":"0cccce6e8e360486b4f4ec66ab33451c9e4064417241f1896cf487b1eb4d0f8e","sha512":"dc8fd490fca1c01c3390094ceb930c91d9f068a75b5e7449f6daad366fc1db2275b3db50ef0545714028bce8acb7b66f2f3b62b95325db5d6b0099e856d69145","ssdeep":"192:uqRsB4t7qRs7iuiXiwiri0lIrr398cIzDBwVT/UvXE3FkPCk:z6auqlI3t8cIzDBgT/nECk","tlshash":"0552714cb697142008938640d9ca5629d13df6b738359cc873d6a6cfcfa2bcd12a9f97","first_seen":"2026-02-09T08:42:21.572914Z","last_seen":"2026-03-16T07:21:39.327977Z","times_seen":9,"resource_available":true,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-recha~a3ba5c73.495d8869.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-index-bid_orders-index~pages-index-index~pages-my-account-balance-index~pages-my-account-recha~a3ba5c73.495d8869.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e8-5212\"\r\nExpires: Sun, 15 Feb 2026 04:01:26 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21010,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (18540), with no line terminators","md5":"9337674251f8c39baa1d37eb4c1db01b","sha1":"c7143a08f40e64e0f5e8c55a153297eaff213877","sha256":"6a399d7dedcf035046d6d77bf16c09532a0b54454ef2a2acb180cba2513a6a72","sha512":"95336bf97fea43a9327f3ce4f4920eb8b6e8b976da541d9dc1dc54836603a62659b6fdc5697eca5b6660fbf7e2c815588c28d2092307302af99769da4a2a6c99","ssdeep":"384:sK6O0OfTxsISJy6Dlxf80ohFr3ZDoDZFho7b7kBn5pbP:sKv0OfTxsISJrDlxf80ohFrpDodFho7u","tlshash":"2d92f99bf2efb86606d7c454941b050a61673e2dd430f590dff897fa0ae0ace0662f19","first_seen":"2026-02-09T08:42:21.566258Z","last_seen":"2026-03-16T07:21:39.347842Z","times_seen":9,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-index.c62f95a2.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"212.134.174.188","port":443,"asn":3257,"as":"GTT Communications Inc.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.257Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-index-index.c62f95a2.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e8-f947\"\r\nExpires: Sun, 15 Feb 2026 04:01:26 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":63815,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (59415), with no line terminators","md5":"6fb8b8f8c0c77c43acbea068d2bbac24","sha1":"fa26b2cf7ca6fd2c4328e84ac88ea2ff7ab3571c","sha256":"83788a03534e9fbf12c9e494482a5b32fc6c532e29f087a369ee1fbe9da942bd","sha512":"24ea1c3a9be2c7dbaf6d83d9ec47efeb23b9816ceee446efb5fc16db26d2b53f5f6efde3416a38428b7301ac42d530a90f50b6bcb167e53e95b89d3302906959","ssdeep":"768:DFf32q5iaWQzRBkSw7Ozp3tYV2WM0uELLSDy:DFf32bVKRBkSw7ON3OV2UTXSDy","tlshash":"6c53d91db0ceb8674fd35494108f0605927a7e68c8a1e545e7769fa48efe6ca022ff1c","first_seen":"2026-02-09T08:42:21.575851Z","last_seen":"2026-03-16T07:21:39.330957Z","times_seen":9,"resource_available":true,"data":null}},"time_used":866,"timings":{"blocked":161,"dns":92,"connect":32,"send":0,"wait":541,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/wode.png","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/wode.png HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:51 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e7-16dd\"\r\nExpires: Sun, 15 Mar 2026 18:55:05 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:977\r\nVia: L1:977\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5853,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 16-bit/color RGBA, non-interlaced","md5":"718ea776dc2a446b53e6dedd153ec3d7","sha1":"d2e870e16e54c81e53166cde0142909ff88260b4","sha256":"a055a826b4639a1c1b1ee37ddc072861c4df8d69367bd91cb12f5dd4a2317229","sha512":"c70c3b3e381d7cb4f139ad7462515b70f4e152fcdfae87d23f1793e823fd45c156fcfc2bdbc8f60acb3d713ea98c99c7cddec0197b1b667f3e96549fc783d0df","ssdeep":"96:FCD8oKypmBrk69eUdpgyLoM1PVy2WNzHtb0hQzgnFI3KiwqbeeXXaiaVylfHyc1:kDXl8rqsVcM1PvWNzHtb0mgnFI3menaG","tlshash":"53c18d44ab54f0398703b6fb232b6fd16c7ea16b2b8504988274209c99adf66143f8a5","first_seen":"2025-10-24T23:20:42.004022Z","last_seen":"2026-05-16T13:21:34.829929Z","times_seen":139,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":276,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-login-index.70937249.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-login-index.70937249.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nCookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:28 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e9-48f3\"\r\nExpires: Sun, 15 Feb 2026 04:01:28 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18675,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17517), with no line terminators","md5":"1d99d59394e656e64c61d57147121171","sha1":"414ed2c9386d0f00c8e640e693f31380092d9b1e","sha256":"f5d08f1a6c979da2a398aa75c982ea6b662c0e590c38dfac0aee4a8e8a1f4a1e","sha512":"3860f97a3c59e742a15538d01b9f474a835caa70a09b0c41be0ebb21103d0b60877714d653c43964df1584a2d2132f7ec892ab190899ce9a3575e7e5896e63c9","ssdeep":"192:6zTL0TgJz+mwRfRhiHiOsM66HjEOYqRsBR7eknRTeknycJMOFaPubjXqRsdHnoCR:6zTLCMJRuR1MOUubGoHJT3D","tlshash":"2882f925714ab41e4953cc6860ce65385035af32dc50e9c8f3b1adb98fe7b8f1226b1e","first_seen":"2026-02-09T08:42:21.573711Z","last_seen":"2026-03-16T07:21:39.323087Z","times_seen":9,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/login_phone.png","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/login_phone.png HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nCookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:28 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:49 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e5-689\"\r\nExpires: Sun, 15 Mar 2026 18:55:07 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:977\r\nVia: L1:977\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1673,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 16-bit/color RGBA, non-interlaced","md5":"18d0b94b8de47d88f135d3da5555cdd0","sha1":"fb2405cc9e323dfa62221acaccb4f8516e1ce6d8","sha256":"86869f3fe31fbe74e503ea5217b13392c921d497e7be1beba58dcc2b4b35394e","sha512":"c402b5286a4a198bf36ef5d63bc0fda57bba48e20f66cc486177a3aec2441dd6f61600ddc665654257d9322595c3fa6b0c9d88b4fd23d1bc63f0a746c55736a2","ssdeep":"","tlshash":"4d31f8b2c540cd649643613093b56100e09e98af8c053d8ff6e1e3bd9f5e98dba41481","first_seen":"2024-05-01T16:19:23Z","last_seen":"2026-05-16T13:21:34.81885Z","times_seen":136,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/index.c83008ae.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:24.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/index.c83008ae.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:24 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e8-22510\"\r\nExpires: Sun, 15 Feb 2026 04:01:24 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140560,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64864), with no line terminators","md5":"b2825ef5a76b49cbb5b4e34aacf2434e","sha1":"45b997fc345ca7908399fbf20a926832c960eb26","sha256":"df2072738fca308508605bce1afbcfa67df7e4c445f9b8a9709b594dc1dfb865","sha512":"b14759de07ade45e0949048303c74e5e411d3803b80d10a54e7a146a00a87ff8499bb5e9c9f1b39419d74201cfabbaa1d89fe7dfb5f38c16472930b178e73b7d","ssdeep":"1536:+2YDBoI0adZXEn0fOYptX9gD0yfA0eDbCbEJ+W/7h8XuC0/KXsdB7DMFgDJDLBd3:+zDBoAfWeDWbEJ+ih8TXsdB75NXUiP","tlshash":"56d32999b2c5eadb19876865042fa70a71b73cb4100db481e3f1dad05fce78f526af24","first_seen":"2026-02-09T08:42:21.570743Z","last_seen":"2026-03-16T07:21:39.337583Z","times_seen":9,"resource_available":true,"data":null}},"time_used":1294,"timings":{"blocked":117,"dns":1,"connect":59,"send":0,"wait":801,"receive":254,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/chunk-vendors.b9cd8f7a.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:24.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/chunk-vendors.b9cd8f7a.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:24 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:51 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e7-cc8af\"\r\nExpires: Sun, 15 Feb 2026 04:01:24 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":837807,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33894)","md5":"bc482dfb164265338f7cd626f23dbfe4","sha1":"a6bebed5f7fb84db3f18026db5f30aff3df7bfa4","sha256":"456b1a5957805e4a15e44a4554aaf87c624a5000dcb183466a225f8470134470","sha512":"daa509eb0d2dc4fc4f262c8bcf62cac934766c59bbe63358c9bc3a4d6b8494f563b682c3c42554575c3872eec76eb7c2a1b4b33e02496bde3105dbf5529a2513","ssdeep":"6144:UTLoCHu0vjuYJdCqHLFpXtwTf3fTb//n7vkNTMHYEvm/40+QhAddvQz/gne+/LJm:cIUhJpdwTffn7ktdi0YvQzv+Q","tlshash":"4f05f78df282b0b50be761b5403f220bb2376969b40a84d4f675e4d0ad7894e6237f7d","first_seen":"2025-09-23T16:05:18.335984Z","last_seen":"2026-05-16T13:21:34.801121Z","times_seen":148,"resource_available":true,"data":null}},"time_used":1784,"timings":{"blocked":116,"dns":1,"connect":55,"send":0,"wait":795,"receive":754,"ssl":58},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/shouye_active.png","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"212.134.174.188","port":443,"asn":3257,"as":"GTT Communications Inc.","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/shouye_active.png HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:50 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e6-1087\"\r\nExpires: Mon, 16 Mar 2026 16:01:26 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: MISS from L1:569\r\nVia: L1:569\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4231,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 16-bit/color RGBA, non-interlaced","md5":"8a1157f1bc6166bfc48c4d6886ec29af","sha1":"4bf57fb397f16bd4af3be6254e7aa753a594e8ec","sha256":"69bf39a05f85a38c773dc456ce7fedd85675ad41fb24f7700ba7af2ac4ed2648","sha512":"fbb055f15b3ba7a1b2903e92e54d4abd29ae08f7fc24f6462e824222017a1ecbb8a35701e22d35ffe23a5048015ba1b5f87fd5cc50518f6c47791c711977e7c5","ssdeep":"96:qNnoElf+beY/4r+bpjie3svmGpyPLzRtAC0JUMjXgXGK8KDF59WmKz:6oElfeeusM3suHPPsCOUMjQ38OFnRw","tlshash":"31916ec6a66e8f77a0d0617ed37f1047dc6b24a0b390793fb2209794ad108a136966d0","first_seen":"2025-10-24T23:20:42.006396Z","last_seen":"2026-05-16T13:21:34.828388Z","times_seen":138,"resource_available":false,"data":null}},"time_used":837,"timings":{"blocked":159,"dns":84,"connect":34,"send":0,"wait":519,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/kefu.png","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/kefu.png HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:49 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e5-1714\"\r\nExpires: Sun, 15 Mar 2026 18:55:05 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:977\r\nVia: L1:977\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5908,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 16-bit/color RGBA, non-interlaced","md5":"72cb2277b6f2144aca9c40c3ecc0eb21","sha1":"a43073921decc5a97d1b28eb2b78769f3d8da290","sha256":"5197d9e217afe4efaf9206f6fe1c7ec3654c9693dbc29fefea16667b2bdc33db","sha512":"f0f15e4da7fd131bdee91c51549610dfe770c6a42e173f7e4c773f47e5f2bde2340cf0cd67a1c8071ce43e3e072169576512e887f6d5e9277b466b1560930058","ssdeep":"96:CrrBM6N6bZ+7566pgvRz66rmXUmUjhD69W6r6eo8q18N6sacwR229HCaQw:CrbcbZ+E6Kt6cmX7WhD69F6v8q1U6qwl","tlshash":"62c19f42bf71af898ba5367a59bf7e80f41410c7ad4770caec20f31c56a8904707db52","first_seen":"2025-10-24T23:20:42.007414Z","last_seen":"2026-05-16T13:21:34.799191Z","times_seen":139,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":270,"dns":0,"connect":0,"send":0,"wait":44,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/favicon.ico","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:26.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:26 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 11849\r\nConnection: keep-alive\r\nLast-Modified: Thu, 02 Oct 2025 05:47:39 GMT\r\nETag: \"68de11fb-2e49\"\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:977\r\nVia: L1:977\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11849,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 89 x 101, 8-bit/color RGBA, non-interlaced","md5":"d22689c044f347076d89a6ca4feec5fe","sha1":"12c64d90cc1efcad4420de27dccae4535eefa8bc","sha256":"f1eff40ca74ef3471e7a148f564bb74d95454885320df9ad51bc441c991ab1bb","sha512":"23f66840cf4ca0787ab2e09968da1fa34ac86bf83ce0ad090d82e45f65dbf75a2228d9907bba36fc27ae36914776b727a263a37758054dbf3a90696dae493a1c","ssdeep":"192:7GAT62e7INHDzBLcdVIqXy24unSOu2tGGDrYWyBiSQ8GMnw4u48V8/sse+CQHp0G:BTDz9cLIqXvDnmwrYWyBiJnMwEk4JrN7","tlshash":"8332bf21571b2cc186e4dd317fb979e4145222ca523170482728f3a6f6b4d2e5f6bca3","first_seen":"2023-05-01T23:17:15Z","last_seen":"2026-05-30T23:07:23.189641Z","times_seen":1956,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-index-bid_orders-index~pages-login-index~pages-login-register-index~pages-my-account-balance-i~2a47be03.5484b06d.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-index-bid_orders-index~pages-login-index~pages-login-register-index~pages-my-account-balance-i~2a47be03.5484b06d.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nCookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:28 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:52 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e8-5c90\"\r\nExpires: Sun, 15 Feb 2026 04:01:28 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23696,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22284), with no line terminators","md5":"4491dadebebd38d9e162e5be5f68ab8c","sha1":"934900abc54dbcc1f39e112acd54b532c004e6cf","sha256":"0c35e11fd5b3e7e50ff7d938b2757f17cfd4c325cc1d5edfdfb968ebcec4512b","sha512":"56fc19c00615738f5e7abc9608ed2efa2e0abe8bbf9b849f7c057d7a2ead55f15cf661c3b6e023914bce1296a7d0c8076737a01d1aca1074ab2d1588c714250e","ssdeep":"384:b6JZfFtyPcM2W22wkcQTfGuUXsxZpJjT7pWp++RQfZa53X:b6rfFtR5WnwkcQDGW3pdT7pWp++RQfZg","tlshash":"5bb2815eb0c9ad7b6fd658d4001fa106238e6a05ccf0bd01b7b69be5cabe245211ff15","first_seen":"2026-02-09T08:42:21.56384Z","last_seen":"2026-03-16T07:21:39.342771Z","times_seen":9,"resource_available":true,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/js/pages-login-index~pages-login-register-index~pages-my-account-login-psd-index~pages-my-account-pay-psd-index.af01e7d4.js","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/js/pages-login-index~pages-login-register-index~pages-my-account-login-psd-index~pages-my-account-pay-psd-index.af01e7d4.js HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nCookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:28 GMT\r\nContent-Type: application/javascript\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:53 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e9-3308\"\r\nExpires: Sun, 15 Feb 2026 04:01:28 GMT\r\nCache-Control: max-age=43200\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13064,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11153), with NEL line terminators","md5":"1be05118dc53f2a64a68fd6159d156d3","sha1":"67a54d826c704fd7f5a52fd112d330b293592eaa","sha256":"62df6f801d923451e47e63c834c0dd6a8cb110818c04195d0bf85969dd5bcb44","sha512":"a6563b4c7c864e3a63fa6067c7b99979001930cf062b7fa9d21e28c5645cd921e1bf9dc9eb4a1e84e746f77ef751a4dd7249a3103a820e41c94519cb2ad8e6b2","ssdeep":"192:bws1sX3l9x1Lx2OH3SW72ZqDkYce4ICqEmE9k870bXnSRZ6itCqRs3nb7Rx:bReXHLcOXS9sGmbnu3qnbH","tlshash":"5952ab5d709dfa929ec3987051df1006d3322699c8687490e7f666f407bab4c2336f6e","first_seen":"2026-02-09T08:42:21.56825Z","last_seen":"2026-03-16T07:21:39.345572Z","times_seen":9,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/api/sys/info","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"POST /api/sys/info HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\ntoken: \r\nContent-Length: 2\r\nOrigin: https://xxcpfyfe.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nCookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:28 GMT\r\nContent-Type: text/html; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nVary: Accept-Encoding\r\nAccess-Control-Allow-Credentials: true\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nAccess-Control-Allow-Origin: https://xxcpfyfe.click\r\nAccess-Control-Allow-Methods: GET,POST,PATCH,PUT,DELETE\r\nAccess-Control-Allow-Headers: Authorization,Content-Type,If-Match,If-Modified-Since,If-None-Match,If-Unmodified-Since,X-Requested-With\r\nAccess-Control-Expose-Headers: User-Token-Csrf\r\nContent-Encoding: gzip\r\nServer: nginx\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":180,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"JSON text data","md5":"a802414e80a4e572f829299e4476a0ea","sha1":"2971f8566c466ab2fbbcc424a3fb4e0059680cbf","sha256":"a45b2e055b18a9c6c86e613acc58de01729e11e4c1b5bee7374f8e3d99a0d902","sha512":"86f3185dcb5a747742689b7475a257f73097b3c66bb38b06dac858c595e541bc6af6f8db3f5d927c78e7f38ce742415efaad9c024d83f537b741967dca885a83","ssdeep":"","tlshash":"1dc0808d5c1d0d06573a524085553a08726cf557f8429cf54be8fde4e745558f006573","first_seen":"2025-12-23T06:28:34.618591Z","last_seen":"2026-03-16T07:21:39.314945Z","times_seen":10,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":312,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xxcpfyfe.click/static/login_password.png","fqdn":"xxcpfyfe.click","domain":"xxcpfyfe.click","tld":"click"},"ip":{"addr":"82.152.64.210","port":443,"asn":8851,"as":"GCI Network Solutions Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xxcpfyfe.click/","date":"2026-02-14T16:01:28.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xxcpfyfe.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 06 Feb 2026 23:45:52 GMT","end":"Thu, 07 May 2026 23:45:51 GMT"},"fingerprint":{"sha1":"AE:CA:D6:96:1E:4F:07:CE:DB:6C:DC:F2:3D:81:4C:9B:50:63:2C:03","sha256":"81:29:1F:DC:1A:89:6F:27:7F:AE:0D:78:71:F3:F4:7A:60:FF:27:BA:25:14:94:B0:BA:10:C1:FB:EE:DF:1E:BF"}}},"request":{"raw":"GET /static/login_password.png HTTP/1.1\r\nHost: xxcpfyfe.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xxcpfyfe.click/\r\nCookie: s98735c1f=d0t1itrgfd7ofcq3rq97vko0ga\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 14 Feb 2026 16:01:28 GMT\r\nContent-Type: image/png\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nLast-Modified: Thu, 22 Jan 2026 15:31:49 GMT\r\nVary: Accept-Encoding\r\nETag: W/\"697242e5-4ee\"\r\nExpires: Sun, 15 Mar 2026 18:55:07 GMT\r\nCache-Control: max-age=2592000\r\nContent-Encoding: gzip\r\nServer: nginx\r\nX-Cache-Status: HIT from L1:977\r\nVia: L1:977\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1262,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"47f7aaf05d0cf133529494865962232f","sha1":"b38dc0d902748eb633c99d1e0011af971ffd0cde","sha256":"f9b9970bdd7ab0752a3d2f8f1e51a6fea8afedfb6cd61881ce1bb3176f128e25","sha512":"aa5a63facefcd8f32e0c53bc882ba6cd40daa6c3516f902c2575cf3b434cb40860698249a34571cc39936874fadb2b588f889a5e1e5268ca023da398f92c75b8","ssdeep":"","tlshash":"7721e7e7b38da1baa6cce417144b34b0c8217778193cf6134cc16a38950e22617dce03","first_seen":"2023-07-06T07:50:35Z","last_seen":"2026-05-16T13:21:34.790055Z","times_seen":137,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xxcpfyfe.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}}]}