{"report_id":"70e55cd1-7110-44e0-8e70-662d617d531a","version":6,"status":"done","tags":[],"date":"2026-02-14T16:01:22Z","url":{"schema":"https","addr":"xpmarket.pro/","fqdn":"xpmarket.pro","domain":"xpmarket.pro","tld":"pro"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.xpmarket.pro/","fqdn":"www.xpmarket.pro","domain":"xpmarket.pro","tld":"pro"},"title":"XPMarket Desktop App - Download for Windows, macOS \u0026 Linux","dom":{"size":901312,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64318)","md5":"849045b11c617a599e2b519e44e145f0","sha1":"efd0e74e94955130d2a4a59b1117c1056e1465e4","sha256":"4e5a327ff93590baac0179260ef05b128efb251348c52752690c4fb7e0411772","sha512":"b78051d053f8b3af9e1a15db2f34b966ecf9ddaca8bf489fc3af7b23ea7ae0eb5accd466725bfbdbb78dec7fc1df72e99d62b9b5898cf7e219e5683beb192c61","ssdeep":"24576:5s9KNMs9KNHs9KNKs9KN1s9KNzhLcj7tQMKhcRTH:5sfskstsCsS4j7+sH","tlshash":"2d150224427b4e7d984382bd76de338c7934f2b7da7d8ababadc0165df41914c90b244","dom_hash":"domhash4a28fbba582b82c6a6e1118beb427cca","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"xpmarket.pro/","fqdn":"xpmarket.pro","domain":"xpmarket.pro","tld":"pro"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-21T16:01:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xpmarket.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"www.xpmarket.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"xpmarket.pro","ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-02-13T01:41:30.643524Z","last_seen":"2026-02-13T01:41:30.643524Z","alert_count":1,"request_count":1,"received_data":908695,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.xpmarket.pro","ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-02-13T01:41:30.645805Z","last_seen":"2026-02-13T01:41:30.645805Z","alert_count":2,"request_count":2,"received_data":909322,"sent_data":888,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xpmarket.pro/","fqdn":"xpmarket.pro","domain":"xpmarket.pro","tld":"pro"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T16:00:56.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xpmarket.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 13:41:57 GMT","end":"Tue, 28 Apr 2026 13:41:56 GMT"},"fingerprint":{"sha1":"7E:D4:69:6B:40:45:B1:FE:7C:2B:BB:CC:FB:2B:B8:99:59:DE:08:B1","sha256":"FE:52:61:CE:ED:A0:D4:DE:C8:42:4B:1B:82:6F:97:0B:6F:B2:BD:01:11:21:59:D3:A4:14:81:40:0D:80:91:BE"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xpmarket.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/html\r\ndate: Sat, 14 Feb 2026 16:00:56 GMT\r\nlocation: https://www.xpmarket.pro/\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-id: arn1::5zq4z-1771084856429-19d0ee0dfa6e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":908378,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T04:09:41.612088Z","times_seen":16202811,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":91,"dns":62,"connect":1,"send":0,"wait":11,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"xpmarket.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xpmarket.pro/","fqdn":"www.xpmarket.pro","domain":"xpmarket.pro","tld":"pro"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-14T16:00:56.603Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xpmarket.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 13:41:56 GMT","end":"Tue, 28 Apr 2026 13:41:55 GMT"},"fingerprint":{"sha1":"8B:71:B1:55:6B:64:66:C7:D1:16:82:F0:23:30:44:28:9E:00:91:B3","sha256":"8E:44:D0:5B:A1:0A:CC:98:A5:84:2F:27:13:7F:17:76:C1:D2:D7:17:65:65:6B:0C:90:6B:AD:27:9E:02:03:63"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.xpmarket.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 1186410\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 14 Feb 2026 16:00:56 GMT\r\netag: \"e319099da9bbc56c7fe25b65efb6b429\"\r\nlast-modified: Sat, 31 Jan 2026 22:27:26 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::lg8qb-1771084856718-ca8a96835384\r\ncontent-length: 417640\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":908378,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (64325)","md5":"e319099da9bbc56c7fe25b65efb6b429","sha1":"23a2aacacbb3b368970483061ff9f10e4766f48a","sha256":"cfc81d3aa960784733cb5184f6005f11b7ac72a6692bdce4283ee17909c58ca0","sha512":"91c95f0e847bb0b8f04e4ee34b73ff47001c199157792ce0513a3d55f4859326ed8c5a31abde97499fea759473d229dc7db20332812c8722983651b4694391f8","ssdeep":"24576:is9KNMs9KNHs9KNKs9KN1s9KNzhLcj7tGMKhcRTIkZdZo6Kv+QnCvrtt4oS9cOc3:isfskstsCsS4j7QsIkZdZo6Kv+QnCvr/","tlshash":"f8150224827b5e7d984383bd76da338c7934f2b7da7d8ababadc4465df01914c90b204","first_seen":"2026-02-13T01:41:36.965887Z","last_seen":"2026-02-14T16:01:23.526632Z","times_seen":2,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":109,"dns":78,"connect":1,"send":0,"wait":10,"receive":46,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"www.xpmarket.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.xpmarket.pro/favicon.ico","fqdn":"www.xpmarket.pro","domain":"xpmarket.pro","tld":"pro"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.xpmarket.pro/","date":"2026-02-14T16:00:57.096Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.xpmarket.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 28 Jan 2026 13:41:56 GMT","end":"Tue, 28 Apr 2026 13:41:55 GMT"},"fingerprint":{"sha1":"8B:71:B1:55:6B:64:66:C7:D1:16:82:F0:23:30:44:28:9E:00:91:B3","sha256":"8E:44:D0:5B:A1:0A:CC:98:A5:84:2F:27:13:7F:17:76:C1:D2:D7:17:65:65:6B:0C:90:6B:AD:27:9E:02:03:63"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.xpmarket.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Sat, 14 Feb 2026 16:00:57 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-error: NOT_FOUND\r\nx-vercel-id: arn1::62rkg-1771084857103-63c12aa61b4b\r\ncontent-length: 79\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":79,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"3ba897362ebf0800c27e433888e9e9d2","sha1":"d9e61a1cda9ed2693a8e25c310883ef79925b49b","sha256":"bbef28d85e7ed5cbf3c5443db2a32d8b7f8d1a0573dc09a2c7e4c6e60a60f616","sha512":"5ea7097dfbe332b0b3c0df5444d4a4e89640fecd7fe245d7ced7fe2a06edf36f2633cfc431c949f5daf26aacbb0eb994f4fa83f16b03bf4c083efd7c7e80909f","ssdeep":"","tlshash":"16a0222e0bc80ece33c2022032c3223a202a0032bef0fb00b0cc3a8832080eee3080c0","first_seen":"2026-02-14T16:01:23.527373Z","last_seen":"2026-02-14T16:01:23.527373Z","times_seen":1,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-14","alert":"Sinkholed","trigger":"www.xpmarket.pro","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}