{"report_id":"6920fc1a-7114-43b3-8ab5-d784b7f0fd28","version":6,"status":"done","tags":["phishing","darcula"],"date":"2026-04-22T23:26:46Z","url":{"schema":"https","addr":"www.pcnpw.xin/com","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":0,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.pcnpw.xin/com","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"title":"Pay a parking fine","dom":{"size":34565,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (18378)","md5":"bab6728072133fb80d9ef3fabb9a8c8d","sha1":"c8ca64015e5fa95021ee34d3e8d401426219138b","sha256":"14d00849a09a955dc1fc0abc1ea8d305a880c737415a3350de7883c369cbf8c4","sha512":"45739f66e0ae17a607c9c0c23c5e1f2a249d0c80852ceb03798bfac32832dc5e66a495e27df096f9b989d2b83506b609ea72b724042dfc4c25c66372a275cb74","ssdeep":"384:n6cG+XG+1l+hmb8o8xFTPhlSxI370XEl9C3o8McoP8gLy3LJtZVrbYW:kLx5PhlSS370XEzKRMco7SLJtZV4W","tlshash":"a8f24414a8b14131241f72ebf6e76b4e537ba2478f15bbe6b5de52a00f827f2351b204","dom_hash":"domhashf8bc5fcec58f7e4c16cf78aa39da9356","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"www.pcnpw.xin/com","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":0,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-27T23:26:46Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]},"summary":[{"fqdn":"www.pcnpw.xin","ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-22T23:26:47.831878Z","last_seen":"2026-04-22T23:26:47.831878Z","alert_count":92,"request_count":23,"received_data":1397327,"sent_data":11186,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"www.pcnpw.xin/assets/index-54320ea4.js","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"214b60ad2473adf1c15ca615988c2e54","sha1":"8aff82f18cede7ad7d8c2d742b0339cacbd23e5f","sha256":"cdd3f6322a0438b026b6a5091c60f318f0ec9fc821cf12daf45e507a4ca8432f","sha512":"a534dd7c1cf4b78b5522c214c292716363d7889fb618d45cf61014c9958af1f6c5e5d9034ff92ade4ac2579ad4c27ccae5741ca84955bba0a9bdab799fed3d27","ssdeep":"6144:+OoHvjUulZkLnUL7yS/eVzZjXnxEM6opzdpURlX8Bvs:+OoHvjfvonRkeVzZX3ZpzdpM","tlshash":"908428d87193b02283b711e550bb0406f23d5e58740c8494f1a8edda3eb5d99a2bbf7c","size":386418,"data":"","first_seen":"2026-04-21T20:40:51.98284Z","last_seen":"2026-04-23T02:58:38.903827Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234745_ol4s5l.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.120Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234745_ol4s5l.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"d5fbde9325d1fa0f3f3bfd1e75b733c4\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 61\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":61,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"de12b9b1ee45e6462664c6536b5229be","sha1":"648bdadb0e16440617cec6f9d7df88e94472b904","sha256":"11c8fee5da578db43f0ee301b1fb9c4e0353598853aa9b41ba589bae01404d75","sha512":"7b0f6ff241a954f7ecc7baf2d0b6ec7e363bdeee1999cfd96c58fb2ae4443dc6c5e8f8b2839bf37a1338339e5fccfa15a5461e13ba797f94e26bee1306b74894","ssdeep":"","tlshash":"56a0220000c02000f0e3e080e0a0028ef08208bf00c023b380b20020a30033800b2002","first_seen":"2025-06-09T11:36:35.435572Z","last_seen":"2026-04-23T02:58:38.894441Z","times_seen":2111,"resource_available":false,"data":null}},"time_used":595,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234746_54cobz.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234746_54cobz.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"58b020fbaa760f91fca324930153fadb\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 30\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"9b2594efaa1868417fc305cc535c9c83","sha1":"04237979cf7c17a8de3fe31746c017d2caac977d","sha256":"40cbd2de6286bc37630d6a0fab8e09069ceb26a71b08de8bb9db639430144a20","sha512":"75292c63f32a41292dc60902f8295d29509b7ae626395c95217179d76ca7c3466562259b54b16813501556d0751472cddb611d78662514c98814f03024361262","ssdeep":"","tlshash":"1e8000888002030a282a022c0a33002c220a0c0cb38e22080e0222a0cf383c00032802","first_seen":"2025-05-17T18:25:57.716833Z","last_seen":"2026-04-23T02:58:38.869101Z","times_seen":2299,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":439,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234746_gscn2y.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234746_gscn2y.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"defcfbab17e4b7def852c61e896bbc37\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 3041\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3041,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3041), with no line terminators","md5":"e8b1e704373754f0eebeafb5bfe4e145","sha1":"8f780d2ca6775e690bcff33d41099cf1c6ab4960","sha256":"36fc35af7321d8c8efb528490a380abb67a6d4ead71c5a5afe29b7c873be4d32","sha512":"d1ae4d5ab7b7888d84113e02484b19c1749003c398d1b61ee3c1c9d6d1b7323c590c0a742fc21090b1a02343b35b4c257442244511fd7c4ca1fafe8dbfbc1e7a","ssdeep":"","tlshash":"275158f6e4b31419586708fba332a051e132d869912743619de7ff29c391ba7631bb0d","first_seen":"2025-05-17T18:25:57.702878Z","last_seen":"2026-04-23T02:58:38.870927Z","times_seen":2299,"resource_available":false,"data":null}},"time_used":591,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":438,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/Information-BXetieov.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.129Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/Information-BXetieov.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"386cbc4eec432f6a007f2887def59fd4\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 1059\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1059,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1058)","md5":"09c4cf141f926aadc9cdace34febf79f","sha1":"5dd5495596793d1b2ff6bbd7e524eefe14ac6c58","sha256":"dd63e1a335901e65052b890d47e5128e0cb44143dd823fbd68a091b59b3a65ed","sha512":"e56abfd3d124b01c8f8d61958fe8966480a7468d68228665baf4c5b8fcce726590f188b890df82fa0942d07117c97bc0934dcfdd741f34fa7ed66080f49e0d94","ssdeep":"","tlshash":"261135613a4c9108586b9f7a7cf3675416307a37ab0602f79f51042548d71a61f73f1d","first_seen":"2025-06-09T11:36:35.428279Z","last_seen":"2026-04-23T02:58:38.902417Z","times_seen":2111,"resource_available":false,"data":null}},"time_used":1044,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1043,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/assets/index-c291df03.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /assets/index-c291df03.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"4fe8aab31daba0324f74150b7f44f534\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 16709\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16709,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (16708)","md5":"8f5ee776fa2282288149d33b32bfdd52","sha1":"d96dbee4bccc29231d22bea021cc9d8bb63084a6","sha256":"c291df03f77780c597741ecb35148a5db1baf6ff52273886a031f3a42112317b","sha512":"bba537ce7022c85862d22f34acc98d326c51d08d61cedc27c223bcbf25b30f6f3f8be3649600c0eeeb0893589a790d6234312eba8e6b20c157586494f8e1f243","ssdeep":"192:I8bJuBC+wiZzQgNJq0oWftoGzDHM2DdpLm4fYnUm07zudufnnhMMyLi1DWdqmHa:I8bJVubsGGsRmHa","tlshash":"1b729521351c2128b77bd6a67ed396cd3224ab23c527427daa116532ccdb5873b71bcc","first_seen":"2026-04-21T20:40:52.012126Z","last_seen":"2026-04-23T02:58:38.905313Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1348,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1042,"receive":306,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234746_d6g8lf.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234746_d6g8lf.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"e1257183df7df1f946b5cee98a9b23c1\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 62\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"ca6edaa5d74d53c1c6fa648f3401a766","sha1":"58c9323b2168108dab3f614872805e6063839a92","sha256":"1956fe458b4c27c7d2367b05a6c0a35a612e4f7db3b22b24d9da811646c4005d","sha512":"c0df81ffad96ab4c19dfd9e915e6ad554791f41e6907f1c77d8035afb5ae280519e692831e889017b80ae8b37416ec6dab093dcaad46a371f7be0ea076b49ffb","ssdeep":"","tlshash":"50a002c37c4c5115102d43cca4d9b7ba892c3601cd223d0c4530b71897afd693c23618","first_seen":"2025-02-24T19:26:01.234504Z","last_seen":"2026-04-23T08:55:46.36355Z","times_seen":2564,"resource_available":false,"data":null}},"time_used":1047,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1045,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/assets/index-54320ea4.js","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /assets/index-54320ea4.js HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"b24b3dd495f73eb944888af026a7dd71\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 386418\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":386418,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (36020)","md5":"214b60ad2473adf1c15ca615988c2e54","sha1":"8aff82f18cede7ad7d8c2d742b0339cacbd23e5f","sha256":"cdd3f6322a0438b026b6a5091c60f318f0ec9fc821cf12daf45e507a4ca8432f","sha512":"a534dd7c1cf4b78b5522c214c292716363d7889fb618d45cf61014c9958af1f6c5e5d9034ff92ade4ac2579ad4c27ccae5741ca84955bba0a9bdab799fed3d27","ssdeep":"6144:+OoHvjUulZkLnUL7yS/eVzZjXnxEM6opzdpURlX8Bvs:+OoHvjfvonRkeVzZX3ZpzdpM","tlshash":"908428d87193b02283b711e550bb0406f23d5e58740c8494f1a8edda3eb5d99a2bbf7c","first_seen":"2026-04-21T20:40:51.98284Z","last_seen":"2026-04-23T02:58:38.903827Z","times_seen":5,"resource_available":true,"data":null}},"time_used":3500,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1042,"receive":2458,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/obfuscate-C8r-DN3q.js","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:28.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/obfuscate-C8r-DN3q.js HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.pcnpw.xin/com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:28 GMT\r\netag: \"fee3b40cf10e6dd3d11c27d8174e98d8\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 385\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":385,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with very long lines (384)","md5":"b5ad0f959d9034c18067d607e1265f9c","sha1":"a1d860b2ff6e8e8b2ba3a572fe273112d8a6bea3","sha256":"61928a3c896672c367970f36b240e4139e215e0f34b92597b60d8201e93fec16","sha512":"796bc291bc7260dcb6d723bf2511f801702e8f1c54b30ac0e5d2fe3a8ed180d82af0132df4328a40c7ecb6b995db2232bd87b7b886da88bb487b3178091169ef","ssdeep":"","tlshash":"c7e06824b14a14790e1ab3c837a561d8956d8a09318a4768f2ac1e1f59628d765ded0c","first_seen":"2025-06-09T11:36:35.426343Z","last_seen":"2026-04-23T02:58:38.909292Z","times_seen":2075,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/86.ico","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:28.915Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/86.ico HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/x-icon\r\ndate: Wed, 22 Apr 2026 23:26:28 GMT\r\netag: \"35274c6e540ede8b478e8d1d06ed15cc\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 14254\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14254,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 32x32, 32 bits/pixel","md5":"a90776c99cc9bf3d9dbe593284d6bbf6","sha1":"a71540329445c964cc0d0bc628ca9943210d235e","sha256":"f20b8285392e866956853ce567218d4b237a9c95740915da62c49eb321b234af","sha512":"022fe39ba6bda8efcb71dab8c2967dd841f8744e55626795de070873430bae99f653912939450b7878ab2830573e64c43e599accd6ec92e2a381ea486ccab6cb","ssdeep":"12:SQyMrF/G8coK/cyOQFKdUMVX/Xta3tataYwLdioQ0ho4FjjnAfY1F3/H3PEada9u:SDMx/fco/RQQpVXI/","tlshash":"7d52c6217901a42adc6e4238dbbdd2b51961bcda2768b6c1b9f33fd775b07000e99f12","first_seen":"2024-02-25T23:24:35Z","last_seen":"2026-04-23T02:58:38.872738Z","times_seen":2443,"resource_available":false,"data":null}},"time_used":157,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/AcCpkVkuRO/api?token=1c9ed04a-3d41-47aa-b6a8-09967bd3fedd","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:29.131Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"POST /AcCpkVkuRO/api?token=1c9ed04a-3d41-47aa-b6a8-09967bd3fedd HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nToken: 1c9ed04a-3d41-47aa-b6a8-09967bd3fedd\r\nX-Token: 1c9ed04a-3d41-47aa-b6a8-09967bd3fedd\r\nContent-Length: 2\r\nOrigin: https://www.pcnpw.xin\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nCookie: token=1c9ed04a-3d41-47aa-b6a8-09967bd3fedd\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2,"data":"{}"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: application/json\r\ndate: Wed, 22 Apr 2026 23:26:29 GMT\r\nserver: GoFrame HTTP Server\r\ntrace-id: e9dbdf537dd1a818774bf37f73addf76\r\nvia: 1.1 Caddy\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":335,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d7bfc8db34169e4566626468cfcdc2f0","sha1":"26d0b4231d3662e94058b6e284f4945799609350","sha256":"e32c1a80c7e3e4a29eeb675c8eaaf347f422ab9a9294beb8212257d7d15c0ef2","sha512":"a79e320c9b5c0c4fa579386caad2da578e67a3cebe80509423c2a880a388ab0415a385e52b6e01df9661f86e4f44dae7648c1738f02026a90ecfaf7ca140aed0","ssdeep":"","tlshash":"b3e026860028c8e0cc025d4411bf7d0852ef8d74fe7312714c88e068c9cc478ef02916","first_seen":"2026-04-22T23:26:52.015091Z","last_seen":"2026-04-22T23:26:52.015091Z","times_seen":1,"resource_available":false,"data":null}},"time_used":415,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":415,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"wss","addr":"www.pcnpw.xin/ws?token=1c9ed04a-3d41-47aa-b6a8-09967bd3fedd","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:29.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /ws?token=1c9ed04a-3d41-47aa-b6a8-09967bd3fedd HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://www.pcnpw.xin\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: CySla1ljKUt9BPtjPyDlJQ==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: token=1c9ed04a-3d41-47aa-b6a8-09967bd3fedd\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Allow-Methods: *\r\nAccess-Control-Allow-Origin: *\r\nAlt-Svc: h3=\":443\"; ma=2592000\r\nConnection: Upgrade\r\nSec-WebSocket-Accept: eacqEEOQgO8ojHYZ96wr9CZrR5A=\r\nSec-WebSocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\nServer: Caddy\r\nUpgrade: websocket\r\nDate: Wed, 22 Apr 2026 23:26:29 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-23T09:09:27.219133Z","times_seen":14096498,"resource_available":true,"data":null}},"time_used":475,"timings":{"blocked":0,"dns":1,"connect":154,"send":0,"wait":157,"receive":0,"ssl":163},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/com","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-22T23:26:24.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /com HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: no-cache, must-revalidate\r\ncontent-type: text/html; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:24 GMT\r\netag: \"d12eca0efdc5a42bd962d72708fc1ca5\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 16200\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16200,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"01f0fd9b5f172a389b30a5e7da4b177f","sha1":"b20ac273db4b5edf15a1a903378ff3bc9170fc88","sha256":"70a95f8d98b505431e155f4831ba33699ec77ae7382c63576aa5e8767690c24c","sha512":"88a0a5b0019f21878a5ccba66dcce0dc9f661b2508bec63d16c6dc35edd20fdb3d6d91ae6e1e85f2e42efd03108e265c7098fab082c496869fff791b68cae24f","ssdeep":"192:J66LhNSR/zG+qTpCVG+qTpCnl+5gDc9upz33L:J6zG+XG+1l+hmbL","tlshash":"3f721409acb24225281e73a367eba75e577971868f15fe46f8cf52e08f493f23166310","first_seen":"2026-04-21T20:40:52.00018Z","last_seen":"2026-04-23T02:58:38.911312Z","times_seen":5,"resource_available":true,"data":null}},"time_used":1469,"timings":{"blocked":578,"dns":262,"connect":154,"send":0,"wait":156,"receive":152,"ssl":163},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/vuetify-DQS2mOZI.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/vuetify-DQS2mOZI.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"461a9d394fedc4dd067ce9983e08b332\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 456928\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":456928,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (38761)","md5":"8c856a35ad9076deb2eacc48871f43c5","sha1":"800df199942dad58acaf46c707c89ec1587ea06e","sha256":"21a8b0cd7af42f33961279cc24650bfc8af886888a88037fe059bf3846f1158a","sha512":"f22e77ee2539759a77e36124e6659d6e8aaeee721311a065e16c4b504e9b5d9346eb1cb42f942e320505fac3822c589fac58a5080ac18afe8ef34097ba438d02","ssdeep":"6144:yZANLxdyyw5wGMz4RfD89BFEL1k0DVW+Rvo6ZtRkZOBPJpIP1zlQ0Uz:yZA6ZVW+1HMYhpIP1zS0Y","tlshash":"cfa483d3f6c11018952bd2a9c191fb7cfa3fd9d29b029ca7ea06773583812d72552a0f","first_seen":"2025-06-09T11:36:35.422819Z","last_seen":"2026-04-23T02:58:38.906777Z","times_seen":2080,"resource_available":false,"data":null}},"time_used":3382,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":462,"receive":2920,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234745_ku2wel.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234745_ku2wel.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"cce75789dfbf4080632b04275d7176d4\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 312\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":312,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (312), with no line terminators","md5":"51a0d61b419ff11f36e86cf9a5b781f8","sha1":"749fed53cd08c8959b7f9be81bd87d287a777f2c","sha256":"0bb8856c7d1f73ae49d5780b9431c74057c0a7c52fe0b73ee9bd8921a1988847","sha512":"5bf21a413fd2e62e8eab4915e8b6df7a9a4e360a9bcac1118d7d479e7b6d1594a4e945763cd00abd14d148b0d0bcb2d77e69e40cb90e3c59ea4bbf8719989f24","ssdeep":"","tlshash":"1fe017858a61473ef56702ad4aa3403c3b068d3ef3cfa6e51e07666ccbac3c04433966","first_seen":"2025-05-17T18:25:57.700714Z","last_seen":"2026-04-23T02:58:38.880693Z","times_seen":2299,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234746_42nvfm.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234746_42nvfm.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"a8c9305fab054ee88d1ce640327f7c04\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 2480\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2480,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (2480), with no line terminators","md5":"fbb24d535cd0ef3b608a6ae1a4799303","sha1":"b7b466a12056d512e3e5e35978f236d09cd04242","sha256":"632e99eeee49b5c25221f1f779f3cb09dbd33adba6ef3130c385243cff3f24dd","sha512":"c10ed24e9765d21b27cd0b821de51b3a990449409e7e99962ae6ca770a4a3fc592efa1ae778d83dbd142258b83ef3dc1656e84ba3ce2883cbf10491d6cfcd3ea","ssdeep":"","tlshash":"a05103b4d4f2311b998a480f51176da6f011cc265d3742baaed7da24c7d67832b3330d","first_seen":"2025-05-17T18:25:57.70174Z","last_seen":"2026-04-23T02:58:38.900955Z","times_seen":2299,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":440,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/Home-CU2lTPRy.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/Home-CU2lTPRy.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"6a81c5efb1976a3947223906ec3b828a\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 78\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"080ae19b144e5aa3068fe6312b37ddef","sha1":"8add5cf5d9b3d91acd8cc807fe3517b1affaeabe","sha256":"65571eb6dc67c25ea7d7cf9271b05f09858bb7118a9b033b566d7b95c570ad72","sha512":"640f8cd1f99d89f6dc4223c5ec1da692087e079326773830191f7137c81ad0ce5906bad626dfd81d36b261d92a706c0b9453f14217100a92b057c96cf36499df","ssdeep":"","tlshash":"2ba012013188ba20306b80052cd1034611248205c01f33954d20021409424110f503ad","first_seen":"2025-06-09T11:36:35.429161Z","last_seen":"2026-04-23T02:58:38.907957Z","times_seen":2111,"resource_available":false,"data":null}},"time_used":1046,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1045,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/Home-xBdJLizp.js","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:28.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/Home-xBdJLizp.js HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.pcnpw.xin/com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:28 GMT\r\netag: \"aa793f9128b3ef4b04ad3f871d2c5c4f\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 3723\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3723,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, Unicode text, UTF-8 text, with very long lines (3716)","md5":"6841ff74c5eccdcd9fb1fa1d95c0c31b","sha1":"79c2d2c4df4789d35964be434a273e7e36268d15","sha256":"c93a22496724e452be9f581babc204bbba6deba33a77d2ae1ffa64b71b67a880","sha512":"578ffa9b9abe31a94f2fc53959a3c59bfa0166aaba533dd789122db850b104254cc2a17b1e04d684e0cd605068155131ac6bfbe69d76f6dd95ca5db103435903","ssdeep":"","tlshash":"4571724d68675e7e8b0304bd718c1442eb1e0ad9963c6cc3ee748f560f80a09bd9a3b6","first_seen":"2025-06-09T11:36:35.437351Z","last_seen":"2026-04-23T02:58:38.913701Z","times_seen":2077,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/Information--Vz8e-xF.js","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:28.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/Information--Vz8e-xF.js HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.pcnpw.xin/com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:28 GMT\r\netag: \"57e45dfa0844fe9d63c1da64c739e916\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 11721\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11721,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (11712)","md5":"4e75c129806c4b3f2da4f55b15f54f2c","sha1":"db74d3457991c8d8cf99a41871e03064a9e24365","sha256":"3c19380a790bbf9e8e1323af67c06620c18d23af2dd73b18cfe21d2ecd1a8ccb","sha512":"a07dd2445df0fc1bcc9fb7753181a4727ddb0f23f1679070ff61338b674969931938f0015670c3be16ec1c9139184a296df88d839dbd6f13377296c7d8361809","ssdeep":"96:4fj/LhRpTZ+mb/fEPLblLqPSV2HWcDCV5xi+hwczVEcneuOVu7LrV+knrVck+zuM:A/dDTZZb/f4LbAmQufbzqABg0Xyn","tlshash":"0e32634649766e2f819306b9a4ce40137b0b3ad6c8195845dbacca1b0ee4f06ff5ff58","first_seen":"2025-06-09T11:36:35.44128Z","last_seen":"2026-04-23T02:58:38.910463Z","times_seen":2073,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/index-ZQVF8mkz.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/index-ZQVF8mkz.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"858c0fd2a5d2bb43c804d3b75db9e687\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 1446\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1446,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1445)","md5":"fdd7ff255092bfaa4b17e63b2bf7150e","sha1":"b44a71afeeff7ee03e06f8d22190621b36bc047a","sha256":"a6077c26d9a576de6835dbe9163a87c3a4f3da1504f0d7ad55aa82bdee502e92","sha512":"bb913ac214d6dfa45267c7bd49b688ac71b6aebfb867b0f875930d3fa14456bf2882b2cd16871a460fb54018246b0131f5d44002d8c16de931476a6f08a1940b","ssdeep":"","tlshash":"e8311220e3d23217f567c86e75d2a9a972248853c0261bb9bd137775c7ca0a326a6b0d","first_seen":"2025-05-17T18:25:57.6997Z","last_seen":"2026-04-23T02:58:38.878968Z","times_seen":2301,"resource_available":false,"data":null}},"time_used":613,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":460,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/useInit-BwmDfpwL.js","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:28.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/useInit-BwmDfpwL.js HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.pcnpw.xin/com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:28 GMT\r\netag: \"58d129b85f2dd32dd5e66857908732ed\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 614\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":614,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Java source, ASCII text, with very long lines (613)","md5":"673026c344718eb8e61ccce0ba6c6e41","sha1":"4841e2267f75cf79bfb1bdec264a4bbee17d5100","sha256":"665930c7671de5dad916c0c2b59328f68d56c5d53fb6acb38d9aada9a025d9a8","sha512":"558ca71444c64f80f2ec065abdcaf1b61025b9d8f8a15f159126cc55570da35eee281e82983ecc442de9bc539bdbf97e937891ae4d6148fafb48554cb654144c","ssdeep":"","tlshash":"47f0dd2a0058132000b40dfdb4e12a218732825d33ac4ed06fc701567fe934e47a4e9f","first_seen":"2025-06-09T11:36:35.44216Z","last_seen":"2026-04-23T02:58:38.914366Z","times_seen":2074,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/assets/vendor-OZDS1kWv.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/assets/vendor-OZDS1kWv.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"b5be206580a9c8f7abae2c788f506db2\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 324262\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":324262,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (34604), with NEL line terminators","md5":"d1952d5af290bd5e6a9a0a7ad385585e","sha1":"eb3ffccda866271b67693475132ba6531dceabac","sha256":"fcca908b86f8fadddd7781c3035b2491eaacc3896cf05c59b451c075b35c435f","sha512":"5d770394f522c48fb9fc4f9fe588bf951320692085362683aec7a3a07b7d95563a8ace8d7d41cc545566ada75e153c9d98561c76a726f4ac5cb2a92616b59301","ssdeep":"6144:bzMdXpHrtZM1wzRZ4+rO4AHC9WCKePMh8g:vMVZM18Z4AO4W+Mh/","tlshash":"51642be9d10805d2b77be953d390bbaa6007f2b2c5491c19f96e090e2dc766126c7f3e","first_seen":"2026-04-22T23:26:52.026593Z","last_seen":"2026-04-22T23:26:52.026593Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":1847,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234744_5hrqjy.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.112Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234744_5hrqjy.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"db9ca541ee8dfca9d6567874fe47cac0\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 141243\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":141243,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"055e59c6250a51509e1abac0af514ff4","sha1":"d4aaf4172866c0ef27579c1246db1f1352ee7028","sha256":"5a5c2b0a2c1eb6fe512a757798a8ac5926d47ca561a4bf1a5a19cd1d0c6754e6","sha512":"72b23eb881fed5f8cb0cdf76f2990c65fa1fab307d6dbfddcfb47e88a680038c1ee1a51d5870f1df24953f97e5b5710c0e0a440b2076b19cd1e31e69dde2d3e8","ssdeep":"1536:w5wcuvxqNynGMdxdae+aNpCgpwdJo+pJfLFKY3vHijxcOqYNR5GiAXl7drj17c3T:zvIynGtMCNd6Y3veKKNf+Xd9MnT","tlshash":"a8d39df59661222e703b051fa2b36468b13a8c5eb65f27a96d43eb5ccfe83c35173904","first_seen":"2025-06-09T11:36:35.433865Z","last_seen":"2026-04-23T02:58:38.916827Z","times_seen":2097,"resource_available":false,"data":null}},"time_used":1670,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":444,"receive":1226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}},{"url":{"schema":"https","addr":"www.pcnpw.xin/uk_fine_gov/theme/govukn/theme/static/style_1727717234745_1afhxa.css","fqdn":"www.pcnpw.xin","domain":"pcnpw.xin","tld":"xin"},"ip":{"addr":"43.159.143.33","port":443,"asn":132203,"as":"Tencent Building, Kejizhongyi Avenue","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.pcnpw.xin/com","date":"2026-04-22T23:26:25.118Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.pcnpw.xin","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 07:59:48 GMT","end":"Mon, 20 Jul 2026 07:59:47 GMT"},"fingerprint":{"sha1":"2A:CC:79:D5:BE:83:A8:07:83:E3:B8:1B:5B:E2:CF:D5:1B:64:4C:46","sha256":"4D:22:2E:5E:8B:B9:4D:64:F6:4A:15:4E:68:D8:2D:6F:EF:0E:03:BA:FA:03:66:19:BD:EB:65:E2:10:34:5F:55"}}},"request":{"raw":"GET /uk_fine_gov/theme/govukn/theme/static/style_1727717234745_1afhxa.css HTTP/1.1\r\nHost: www.pcnpw.xin\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.pcnpw.xin/com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css; charset=utf-8\r\ndate: Wed, 22 Apr 2026 23:26:25 GMT\r\netag: \"079db2ed286844d56c1a640805a1c70e\"\r\nlast-modified: Fri, 17 Apr 2026 08:26:57 GMT\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\ncontent-length: 5181\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5181,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (5181), with no line terminators","md5":"3036ef3ae8d97779bf32ecbc7864e6d7","sha1":"a07e516a3dea4c4dcb0ba196d767b0a9d32e52f7","sha256":"bf860237654cc01f4a886cd50fd73e9c6fe051b3ec179ec00ba86331cf622c4f","sha512":"0614c47b21ac24f25582ee839a6c66934c2bf01e8e6e9d4479368ba209c78be307e03eaa27cc4770beb94d1620a79e0ae31002ed08a896caa5712ddb913bb41b","ssdeep":"96:UCha5AzAV5AMCCCKCVCCVBBVVCYrowDCVA2rCKCX:W5AzAV5A/r0w+VAJ","tlshash":"c9b1bef78a2213ee6807455c1269b0a76325ac7f673b03956d63ba28cf74fd36233504","first_seen":"2025-05-17T18:25:57.714612Z","last_seen":"2026-04-23T02:58:38.88196Z","times_seen":2299,"resource_available":false,"data":null}},"time_used":750,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":443,"receive":307,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-22","alert":"Sinkholed","trigger":"www.pcnpw.xin","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-22","alert":"Phishing Block","trigger":"www.pcnpw.xin","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Darcula Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","darcula"],"meta":null}]}}]}