{"report_id":"8e180b0b-27d2-40aa-9c25-e6874aeee48f","version":0,"status":"done","tags":["amazon","phishing"],"date":"2026-06-24T12:52:22Z","url":{"schema":"http","addr":"vllcie.shop","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"vllcie.shop/#/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"title":"Amazon Sign-In","dom":{"size":6163,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1545)","md5":"d8e3507fb9446086ed7567ea40d42bc1","sha1":"f0a26bd982668a60d8d46dc76f255be82b9d948a","sha256":"229760b6e47fa4f1e859d28c40c64f77070d80f430eff3d0cfc785041cb46f92","sha512":"92fe87e22c93232cbae6ea7884c3489a11cd2c6489e2a501d58add92762377392ea34464ebbf09f5f7450f0254a2f9cf9b427b52dc9be09dcb8f0bbe9c161802","ssdeep":"192:gSrGb/49rsUsTmlDYGop9dGuVjZ9gxUt0egScymyfsigyI:FrPq5iDYGOECjfCVlwY","tlshash":"f3d1b51a24847472627315c2ba5339153562e31fe57b9d70389cc2382fdedb85c978bd","dom_hash":"domhashddeb84dea374837d60d6def2b1b13bce","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"vllcie.shop","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":0,"asn":0,"as":"","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-29T12:52:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]},"summary":[{"fqdn":"vllcie.shop","ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-06-24T12:36:47.121339Z","last_seen":"2026-06-24T12:36:47.121339Z","alert_count":50,"request_count":10,"received_data":391803,"sent_data":4733,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-06-21T22:46:13.623663Z","alert_count":0,"request_count":3,"received_data":198205,"sent_data":1617,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"connect.facebook.net","ip":{"addr":"31.13.72.12","port":443,"asn":32934,"as":"FACEBOOK","country":"Sweden","country_code":"SE"},"domain_registered":"2004-04-01","domain_rank":1088,"first_seen":"2012-05-22T02:51:28Z","last_seen":"2026-06-23T01:40:27.257947Z","alert_count":0,"request_count":1,"received_data":382891,"sent_data":464,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"106.54.228.253","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-06-19T06:07:40.024347Z","alert_count":0,"request_count":1,"received_data":577,"sent_data":546,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f321c33d8fd4262903bc8e01b2c8ca69","sha1":"547db5b02ee4593119587081e5e4790ccea1a89b","sha256":"c21fe457e26575958e914ea7a9e9a0602023a54860a4975569a84d3b5f348290","sha512":"8061ca43928164eadb2cde72edc55223c8825db21b1a9b826d29886254bd6303bbe64b1160821edc68ee951b499238f484ee9e3ab4b55aa2c24de7922a378520","ssdeep":"","tlshash":"12e020825076394c02114155709ad5031fb60477aec14ea13ccdb7e58fbaf5bd05e449","size":352,"data":"","first_seen":"2026-06-24T12:29:43.696835Z","last_seen":"2026-06-25T02:13:22.776302Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d284c72e40dc83e88fb83f573bf1f739","sha1":"b37ea826ffb363c76f281cb771fae9b2de30578d","sha256":"4fe6b8666beac83cb1e53723ebc8ab575a90ba594f0cb4b462026cdf75cffb85","sha512":"900198b8d20870c5df591511617fb9976396dce3c125fb18fa2b9d88337ad1a7c94d6ec09bf72ce82b2ec18a0a2478480505634f5a3a95c7eb0f6a23dd5df792","ssdeep":"","tlshash":"eff0811a1c57a4ad1ada747ae72b9d5b22152143319450137d4c80282fd09285fa5ecc","size":568,"data":"","first_seen":"2026-06-24T12:29:43.69819Z","last_seen":"2026-06-25T02:13:22.776931Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c8932d5c6fdbf4b26ff9319d180fb39d","sha1":"b41660c9000b0cf99802773a31ea30d6a4e2da2c","sha256":"8361b34faa507034edcf299643e1d9aae13c63c382a89c0f06fecc85a99a85a8","sha512":"431ce1884ea0b60e699811f3acd7b9bb171ed611d17a4d460e9db2d3eadac52270b92d8bebb819155473fffcb12d43146b55a52456639b822897447dd5d045b1","ssdeep":"","tlshash":"16d05ee85df5049298b738298b6b012934726a132448d8083e5c87e62f1a529c2139ec","size":264,"data":"","first_seen":"2026-06-24T12:29:43.699575Z","last_seen":"2026-06-25T02:13:22.777533Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f321c33d8fd4262903bc8e01b2c8ca69","sha1":"547db5b02ee4593119587081e5e4790ccea1a89b","sha256":"c21fe457e26575958e914ea7a9e9a0602023a54860a4975569a84d3b5f348290","sha512":"8061ca43928164eadb2cde72edc55223c8825db21b1a9b826d29886254bd6303bbe64b1160821edc68ee951b499238f484ee9e3ab4b55aa2c24de7922a378520","ssdeep":"","tlshash":"12e020825076394c02114155709ad5031fb60477aec14ea13ccdb7e58fbaf5bd05e449","size":352,"data":"","first_seen":"2026-06-24T12:29:43.696835Z","last_seen":"2026-06-25T02:13:22.776302Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d284c72e40dc83e88fb83f573bf1f739","sha1":"b37ea826ffb363c76f281cb771fae9b2de30578d","sha256":"4fe6b8666beac83cb1e53723ebc8ab575a90ba594f0cb4b462026cdf75cffb85","sha512":"900198b8d20870c5df591511617fb9976396dce3c125fb18fa2b9d88337ad1a7c94d6ec09bf72ce82b2ec18a0a2478480505634f5a3a95c7eb0f6a23dd5df792","ssdeep":"","tlshash":"eff0811a1c57a4ad1ada747ae72b9d5b22152143319450137d4c80282fd09285fa5ecc","size":568,"data":"","first_seen":"2026-06-24T12:29:43.69819Z","last_seen":"2026-06-25T02:13:22.776931Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c8932d5c6fdbf4b26ff9319d180fb39d","sha1":"b41660c9000b0cf99802773a31ea30d6a4e2da2c","sha256":"8361b34faa507034edcf299643e1d9aae13c63c382a89c0f06fecc85a99a85a8","sha512":"431ce1884ea0b60e699811f3acd7b9bb171ed611d17a4d460e9db2d3eadac52270b92d8bebb819155473fffcb12d43146b55a52456639b822897447dd5d045b1","ssdeep":"","tlshash":"16d05ee85df5049298b738298b6b012934726a132448d8083e5c87e62f1a529c2139ec","size":264,"data":"","first_seen":"2026-06-24T12:29:43.699575Z","last_seen":"2026-06-25T02:13:22.777533Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f321c33d8fd4262903bc8e01b2c8ca69","sha1":"547db5b02ee4593119587081e5e4790ccea1a89b","sha256":"c21fe457e26575958e914ea7a9e9a0602023a54860a4975569a84d3b5f348290","sha512":"8061ca43928164eadb2cde72edc55223c8825db21b1a9b826d29886254bd6303bbe64b1160821edc68ee951b499238f484ee9e3ab4b55aa2c24de7922a378520","ssdeep":"","tlshash":"12e020825076394c02114155709ad5031fb60477aec14ea13ccdb7e58fbaf5bd05e449","size":352,"data":"","first_seen":"2026-06-24T12:29:43.696835Z","last_seen":"2026-06-25T02:13:22.776302Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"d284c72e40dc83e88fb83f573bf1f739","sha1":"b37ea826ffb363c76f281cb771fae9b2de30578d","sha256":"4fe6b8666beac83cb1e53723ebc8ab575a90ba594f0cb4b462026cdf75cffb85","sha512":"900198b8d20870c5df591511617fb9976396dce3c125fb18fa2b9d88337ad1a7c94d6ec09bf72ce82b2ec18a0a2478480505634f5a3a95c7eb0f6a23dd5df792","ssdeep":"","tlshash":"eff0811a1c57a4ad1ada747ae72b9d5b22152143319450137d4c80282fd09285fa5ecc","size":568,"data":"","first_seen":"2026-06-24T12:29:43.69819Z","last_seen":"2026-06-25T02:13:22.776931Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"c8932d5c6fdbf4b26ff9319d180fb39d","sha1":"b41660c9000b0cf99802773a31ea30d6a4e2da2c","sha256":"8361b34faa507034edcf299643e1d9aae13c63c382a89c0f06fecc85a99a85a8","sha512":"431ce1884ea0b60e699811f3acd7b9bb171ed611d17a4d460e9db2d3eadac52270b92d8bebb819155473fffcb12d43146b55a52456639b822897447dd5d045b1","ssdeep":"","tlshash":"16d05ee85df5049298b738298b6b012934726a132448d8083e5c87e62f1a529c2139ec","size":264,"data":"","first_seen":"2026-06-24T12:29:43.699575Z","last_seen":"2026-06-25T02:13:22.777533Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/index-ZUR8Fptb.js","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9131f182a870549015a87d9a230bdb03","sha1":"c8b6402482c1447ab360ddfb79fa0077de71d411","sha256":"3d8d46850c59b2a5601eaf965ae662c93461a8065dda75b9f9e7d123a4f5106d","sha512":"ffdf0ae2052e9406d66a0d3b70b22ac1ebcdbb7b56f6ba6a5fdf7653fbae6b189437049a4ee0c44eb78be1dc82d2b6690055b34cab186a6f228f52dfeccb7ca1","ssdeep":"6144:B4OEYhwhruSI0QPRbxGqshwp7Sl3zvnvJz5EHK:BIDI5PRbxdOh1vnxz5x","tlshash":"3e2408e53292b03253ea19f6407b0505f33a1955780ec4d8f16caceb3d7694a92bbf6c","size":219007,"data":"","first_seen":"2026-06-24T12:29:43.689628Z","last_seen":"2026-06-25T02:13:22.773832Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"connect.facebook.net/en_US/fbevents.js","fqdn":"connect.facebook.net","domain":"facebook.net","tld":"net"},"ip":{"addr":"31.13.72.12","port":443,"asn":32934,"as":"FACEBOOK","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"c41542cf32233bce2bade2decd6bbf05","sha1":"8959ea508cfb47c9e5ebc74715fe744b66d6bdfa","sha256":"c5f1033054484f79c1816b905e3b66e2433a99d4df2cdc76e94a92d9740580c5","sha512":"0a9ee49b170fe5789c8210b4ac53ff1add61833fa2f2243ec64f3a8f72126b6231c0165549014a6a4c50ba00a98592a6c8b4a3c9ee95c7878239ce8fe357f842","ssdeep":"6144:w7gAVTJGD0ML9RpTD+4Yd0E+brBLrxQCR/ddFriG2XPHnNpnK01lzEYzOOlvBZSJ:2nmOMdgPHnNpnK0JNSJ","tlshash":"3c84e789b1e1b0a103b6796c966f9007b2bbd5a234ccc960e55dedc82d7c49e4133eb7","size":378873,"data":"","first_seen":"2026-06-23T21:05:28.833079Z","last_seen":"2026-06-25T16:10:52.791109Z","times_seen":209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/pages-security-check.CEQilrP4.js","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"799438c460ce54db59f5858f9ea580a0","sha1":"52145813d8efe466955f5de95dd0d0ccdb3104a0","sha256":"c7c2d727b033939fa976360fd9ecd42880970f9342c6bb43c7fc91be8883fc62","sha512":"99c6a7107869e96bfc2009f239c38bcc9d4c3517e9adb25699ed3d46e5fadd2dbf5b7755ba310ef607835f9ba59052d2d63e6cd68668f9d9fdfdc35088708695","ssdeep":"","tlshash":"30310304744af37993773005b1225485715e0fd4f0a84583adfdc5a47a4aef9b7a9278","size":1778,"data":"","first_seen":"2026-06-24T12:29:43.691496Z","last_seen":"2026-06-25T02:13:22.774439Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/security-gate.edg2Lmdd.js","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c98cc24392b77c34e9b5f5d72125be7","sha1":"b46febbe1e0a60d70865bc81d5b90096d339cdd5","sha256":"ba300922fc2b97fe6bab52da8f5e8ce39f263a2a9585e3b59fc7eb0494a3f3f2","sha512":"fc4ea371b6940260a19a03e7f55cda52276792a7f92c0feeb1307df15b3d443e01362cf997bb5a31fa2f3f7d55d5a3e3f297d5cc50d894174363bc6fa64c4428","ssdeep":"","tlshash":"9e31548d30a3a67142f125d993371008e13c0f64326d5190f1151867beb926fc1beefe","size":1458,"data":"","first_seen":"2026-06-24T12:29:43.685861Z","last_seen":"2026-06-25T02:13:22.768008Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"vllcie.shop/","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-24T12:51:49.465Z","timestamp":1782305509465,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:49 GMT\r\ncontent-type: text/html\r\nlast-modified: Tue, 23 Jun 2026 10:44:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a3a6390-9cc\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2508,"size_decoded":1794,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"d4b3a8c4c134d9a97461b440720bca0f","sha1":"4d9e288d22618cce30280226317f5be9c7c998df","sha256":"a182044e9f1aa25f14895f194fa3bc9ed2c041ce992235e5c6edbb65bcf3714b","sha512":"06b7ab0e1c456fbca92fd4ca8224efe52672169a1edadc55df820624d226ec5ecee71244f76a7e0f513772b92be8912c1fe28bf09f3c7eeaac2eebea4dfa5169","ssdeep":"","tlshash":"4b51c5568cd19406a2a30439ab6bf91935b2d7176288cd203ccdd2381fc5f988da7efc","first_seen":"2026-06-24T12:29:43.684896Z","last_seen":"2026-06-25T02:13:22.769318Z","times_seen":25,"resource_available":true,"data":null}},"time_used":489,"timings":{"blocked":-1,"dns":22,"connect":154,"send":0,"wait":155,"receive":0,"ssl":158},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vllcie.shop/assets/security-gate.edg2Lmdd.js","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.990Z","timestamp":1782305510990,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/security-gate.edg2Lmdd.js HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 19 Jun 2026 11:21:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a352650-5b2\"\r\nexpires: Thu, 25 Jun 2026 00:51:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1458,"size_decoded":1259,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1457)","md5":"5c98cc24392b77c34e9b5f5d72125be7","sha1":"b46febbe1e0a60d70865bc81d5b90096d339cdd5","sha256":"ba300922fc2b97fe6bab52da8f5e8ce39f263a2a9585e3b59fc7eb0494a3f3f2","sha512":"fc4ea371b6940260a19a03e7f55cda52276792a7f92c0feeb1307df15b3d443e01362cf997bb5a31fa2f3f7d55d5a3e3f297d5cc50d894174363bc6fa64c4428","ssdeep":"","tlshash":"9e31548d30a3a67142f125d993371008e13c0f64326d5190f1151867beb926fc1beefe","first_seen":"2026-06-24T12:29:43.685861Z","last_seen":"2026-06-25T02:13:22.768008Z","times_seen":25,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vllcie.shop/assets/security-check-Duv6JG4X.css","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.993Z","timestamp":1782305510993,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/security-check-Duv6JG4X.css HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jun 2026 11:21:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a352650-cd2\"\r\nexpires: Thu, 25 Jun 2026 00:51:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3282,"size_decoded":1663,"mime_type":"text/css","magic":"ASCII text, with very long lines (3281)","md5":"96f3f2fc5f653485fcae2e829d3ed352","sha1":"43422940adad36bd8d7593ae2cf10df50046c39c","sha256":"4a800a344a806e7adaabfda0ca7614101baa602a2961333245343e31873096b2","sha512":"b6f0b16cc12662fce88bd8998d7f204ae7b54f121055e88d96f12f83061b16bc9696452f8c02c6711b95404be4eb89d24caa1149ad40e627b96ed9bec7555600","ssdeep":"","tlshash":"da610e71775ca414f633ab153ad03b8d2124d663b05b87baa9237e358ccf1923a77348","first_seen":"2026-06-24T12:29:43.687943Z","last_seen":"2026-06-25T02:13:22.771591Z","times_seen":25,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/iBug/Amazon-Fonts@master/fonts/AmazonEmber_W_Rg.woff2","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:51.176Z","timestamp":1782305511176,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/iBug/Amazon-Fonts@master/fonts/AmazonEmber_W_Rg.woff2 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://vllcie.shop\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: font/woff2\r\nx-jsd-version: master\r\nx-jsd-version-type: branch\r\netag: W/\"ff20-e4gJuq5ezGPo6pgO4mc3qrCOS70\"\r\naccept-ranges: bytes\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\nage: 26521\r\nx-served-by: cache-fra-etou8220093-FRA, cache-bma-essb1270035-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 65312\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65312,"size_decoded":66039,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 65312, version 1.19661","md5":"6131b65846e2949ee9794638a0963fec","sha1":"7b8809baae5ecc63e8ea980ee26737aab08e4bbd","sha256":"e65ef1192cb72824b7740f397d26edf2c7afde2a60b5ec70666042c0eba0fea0","sha512":"197f5e230d77bbbfff042c7c2c955beed7206d3e56fc3446a2a2558e38e4a57fd101c206fe9ff289bacf7f34bd2dcf41b081efc7452545b9eb71743c90e97ab4","ssdeep":"1536:6I/mcJjTY1qwruBW3QBPR93pskDKU7ynezlkl3OmHmryC34rQ7yA:6wFZSr0Wy933xeTemG3FV","tlshash":"1153020af15d5682013c3b73dfed1a258c07b4d3528b54ee2ef6a799e34b2490a4bf85","first_seen":"2023-04-14T15:00:27Z","last_seen":"2026-06-25T14:46:28.856077Z","times_seen":414,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/uni.af8305f3.css","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.402Z","timestamp":1782305510402,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/uni.af8305f3.css HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jun 2026 11:21:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a352651-1fd0\"\r\nexpires: Thu, 25 Jun 2026 00:51:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8144,"size_decoded":2447,"mime_type":"text/css","magic":"ASCII text, with very long lines (8143)","md5":"2beca2638ae85b9269ee10d1be1b797e","sha1":"c833c0195aa7eb7b6c8363dda6e3328dbcc31291","sha256":"af8305f3dcd01637f74d89ca1ff37bb5dbe36ce34b77082bfb3a182f6b5a8a1d","sha512":"4ea1b44e5d0def23ed4c8623f794cf09fd51ddff65a74aedbfca5e053a06df95fb67cf3efa61f8970c3af668c1a8abade33e5464d22551c32916981df0c72028","ssdeep":"192:Ujj8LGJ0CQLnWL9/CWh57nYV2UNXVA8MED/Ph/:UXpmLWLAg8bB/","tlshash":"18f14271d440132eb517cf2e12e2db4f312245b2dd123f28bf7624b48fa96c6693a786","first_seen":"2026-06-24T12:29:43.692454Z","last_seen":"2026-06-25T02:13:22.773227Z","times_seen":25,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vllcie.shop/assets/security-gate-8-j1UqxL.css","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.992Z","timestamp":1782305510992,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/security-gate-8-j1UqxL.css HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\ncontent-type: text/css\r\ncontent-length: 741\r\nlast-modified: Fri, 19 Jun 2026 11:21:52 GMT\r\netag: \"6a352650-2e5\"\r\nexpires: Thu, 25 Jun 2026 00:51:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":741,"size_decoded":1240,"mime_type":"text/css","magic":"ASCII text, with very long lines (740)","md5":"f606760d412f2dcd764bea280613f923","sha1":"d7cd92973c68796b7cdf7e82e35328a7925a0f10","sha256":"982a23a4d6d0978da8c1d44ace97e70e86001408d58acacec999e9c05cc5663f","sha512":"dea0900d46b37b8c9bc68b148aa3736f9f73f57930e7d724fdb4a9f0edd8f6b416a0b19b41e82b2716d1c52761b3c5e7b94efa19b227d22aae35fce29963c311","ssdeep":"","tlshash":"df01bd3232c52019e9339b2195b30fcc876cc901e25b856f7322637e49cf29519738e9","first_seen":"2026-06-24T12:29:43.687019Z","last_seen":"2026-06-25T02:13:22.775043Z","times_seen":25,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vllcie.shop/static/logo.png","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:51.172Z","timestamp":1782305511172,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /static/logo.png HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jun 2026 11:21:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a352644-1226e\"\r\nexpires: Fri, 24 Jul 2026 12:51:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":74350,"size_decoded":73318,"mime_type":"image/png","magic":"PNG image data, 720 x 589, 8-bit/color RGBA, non-interlaced","md5":"4dd91911b613e8a47eefa9744c0eea7c","sha1":"3fdb6505a6674b07a69e7f200f0ffe69c51a8523","sha256":"309d3df30f5aaf77d8c6ed72ce863636634b06192254bc40b0cbed046f0c6020","sha512":"ecfc90f19961e4c2307e9074fd67236bc5c643c6784574bb74533198cf1914255a541b1b6af2fbb2eb0d51fc5f4a15e021e6672afdf6ed1d5470871d7a521ec9","ssdeep":"1536:uPYpDfeCwwCijjJ2UrjO+GEhPIYpoFjpotmNk1ok8Tm1mNN8:uOfeCNrjjsoORjEoppImNk1WmAb8","tlshash":"f0730203db018c5fd6a48d3a04d705897436eca748e6d2a47316fa470afad690cbbf8d","first_seen":"2026-06-24T12:29:43.693944Z","last_seen":"2026-06-25T02:13:22.775592Z","times_seen":25,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"vllcie.shop/assets/dFME09ucGvCLOlN-JNlNH0gT.png","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:51.178Z","timestamp":1782305511178,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/dFME09ucGvCLOlN-JNlNH0gT.png HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/assets/security-gate-8-j1UqxL.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 19 Jun 2026 11:21:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a35264a-c597\"\r\nexpires: Fri, 24 Jul 2026 12:51:51 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":50583,"size_decoded":50592,"mime_type":"image/png","magic":"PNG image data, 1024 x 512, 8-bit colormap, non-interlaced","md5":"2c8051315ed3c4130bc08da22c114e18","sha1":"2ba9bcb3c3609717ac7b93a9f209384af01f52f5","sha256":"9b9fbb358047dc822d4ccc76be1ea5ac48260862468bb5a93576247d7e989ea1","sha512":"6cdaeec8d8feed5df57ff6aa9c7403bea626bbf46b26b94ee3050602a381a1748a3bb04b035b3a9f293f2c37f2135c41e379e229c1ddeff9bd317f65b51d82e6","ssdeep":"1536:UY0W0vkKKyz3PbwFCdn3IRQm12iNjgTJW:UYzjyz3Pb5pT/icU","tlshash":"6433028f263caa64c1e610bf1e94e2e216397c446b915d4737de7b712130aae70285bf","first_seen":"2026-06-24T12:29:43.694918Z","last_seen":"2026-06-25T02:13:22.772076Z","times_seen":25,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/iBug/Amazon-Fonts@master/fonts/AmazonEmber_W_Bd.woff2","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:51.182Z","timestamp":1782305511182,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/iBug/Amazon-Fonts@master/fonts/AmazonEmber_W_Bd.woff2 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://vllcie.shop\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: font/woff2\r\nx-jsd-version: master\r\nx-jsd-version-type: branch\r\netag: W/\"ff78-t7ECyGX3+f1+FhvWeVFHQhqObP0\"\r\naccept-ranges: bytes\r\nage: 26521\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\nx-served-by: cache-fra-etou8220180-FRA, cache-bma-essb1270035-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 65400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65400,"size_decoded":66127,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 65400, version 1.19661","md5":"68658972cef5823aaa45770ad15df48e","sha1":"b7b102c865f7f9fd7e161bd6795147421a8e6cfd","sha256":"fae8d9892169edc72006fbc01c8a55c20c98ddd38f1fb927e817d290f398ca92","sha512":"59d3991f1f4b1d53ace39e1b9c00e3c66dd6eb4a7c5e19f7168ea2c8ba401264a650b2cdff859566c51e5f12c773bce63f8d33a7abf48b888e0be6c4bf87eff4","ssdeep":"1536:msfO1TqlmnlfgjCcFQkk7wd6sX37kbV4AKB:nfOclmlo2cFQkk70Y4VB","tlshash":"c353029ec75990f5f0b58e3a0d345202be3add8cd57048b46f64c94ca427a7f274295f","first_seen":"2023-04-14T15:00:27Z","last_seen":"2026-06-25T14:46:28.867426Z","times_seen":1009,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/index-DocCG9_t.css","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.410Z","timestamp":1782305510410,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/index-DocCG9_t.css HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:50 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 19 Jun 2026 11:21:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a35264a-615a\"\r\nexpires: Thu, 25 Jun 2026 00:51:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24922,"size_decoded":4678,"mime_type":"text/css","magic":"ASCII text, with very long lines (24921)","md5":"afec86ed80d271283f8a2cacf602ed2e","sha1":"babc8c789eeb6c81f29c0a47f068f11cc134a8c0","sha256":"a623aeb245bc69b23abf911220d8f23d4456411ce45b2463d0399becdcfd7b60","sha512":"7a1202712bb11666b854ed8a9ba3250a6aed31ffadf6df0c3c910c93e4788b0ea3b1b53beb442615af80ae8fc3aa3af251f905806184d931f23e2d27ca0e6fd4","ssdeep":"384:FzDzFzaF3Y39IK5jBzQxtGkH9213E9z4TYDnl:lDpOFo8","tlshash":"0eb2dfb2aa503c17e27e8b33ec911768350450a0d76313f2b79b5f9a8d4965f46633ce","first_seen":"2026-06-24T12:29:43.690564Z","last_seen":"2026-06-25T02:13:22.7701Z","times_seen":25,"resource_available":false,"data":null}},"time_used":494,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":494,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"connect.facebook.net/en_US/fbevents.js","fqdn":"connect.facebook.net","domain":"facebook.net","tld":"net"},"ip":{"addr":"31.13.72.12","port":443,"asn":32934,"as":"FACEBOOK","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.874Z","timestamp":1782305510874,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.facebook.com","organization":""},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 02 Apr 2026 00:00:00 GMT","end":"Wed, 01 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7A:7E:27:CD:32:65:05:C5:43:8A:78:5E:F3:7C:CD:DD:8C:CD:68:3B","sha256":"99:5B:F5:16:59:F6:F4:82:E2:67:BB:59:6D:3C:E5:EF:4B:4F:DA:B6:0C:A3:1B:9C:58:19:0D:70:E5:C8:8E:E2"}}},"request":{"raw":"GET /en_US/fbevents.js HTTP/1.1\r\nHost: connect.facebook.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-type: application/x-javascript; charset=utf-8\r\ntiming-allow-origin: *\r\nreporting-endpoints: coop_report=\"https://www.facebook.com/browser_reporting/coop/?minimize=0\", coep_report=\"https://www.facebook.com/browser_reporting/coep/?minimize=0\", permissions_policy=\"https://www.facebook.com/ajax/browser_error_reports/\"\r\nreport-to: {\"max_age\":2592000,\"endpoints\":[{\"url\":\"https:\\/\\/www.facebook.com\\/browser_reporting\\/coop\\/?minimize=0\"}],\"group\":\"coop_report\",\"include_subdomains\":true}, {\"max_age\":86400,\"endpoints\":[{\"url\":\"https:\\/\\/www.facebook.com\\/browser_reporting\\/coep\\/?minimize=0\"}],\"group\":\"coep_report\"}, {\"max_age\":21600,\"endpoints\":[{\"url\":\"https:\\/\\/www.facebook.com\\/ajax\\/browser_error_reports\\/\"}],\"group\":\"permissions_policy\"}\r\ncontent-security-policy: default-src *.facebook.com *.fbcdn.net *.facebook.net 'self' blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net blob: 'self' 'nonce-c66j8WxB';style-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob: 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com *.cdninstagram.com blob: 'self' data: https://edge-chat.facebook.net https://edge-chat-latest.facebook.net wss://edge-chat-latest.facebook.net wss://edge-chat.facebook.net wss://edge-chat.socialplugin.facebook.net wss://edge-chat-latest.socialplugin.facebook.net https://edge-chat.socialplugin.facebook.net https://edge-chat-latest.socialplugin.facebook.net;font-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;img-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;media-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;child-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;frame-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;manifest-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;object-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;worker-src *.facebook.com *.fbcdn.net *.facebook.net 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c\u0026minimize=0;\r\nx-frame-options: DENY\r\ndocument-policy: force-load-at-top, include-js-call-stacks-in-crash-reports\r\npermissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to=\"permissions_policy\"\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-embedder-policy-report-only: require-corp;report-to=\"coep_report\"\r\ncross-origin-opener-policy: same-origin-allow-popups\r\npragma: public\r\ncache-control: public, max-age=1200\r\nexpires: Sat, 01 Jan 2000 00:00:00 GMT\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\norigin-agent-cluster: ?1\r\nx-fb-optimizer: 0\r\nstrict-transport-security: max-age=31536000; preload; includeSubDomains\r\nx-fb-debug: TlYaQ+VUOZgpdOX8gsz11NtcfGRf2xU8QvWflFQ/0iQQb+539mW6Adm/P1P6c4wzJb2lbLLh0I06Tov3H9eH+A==\r\ncontent-length: 100179\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\nx-fb-connection-quality: EXCELLENT; q=0.9, rtt=10, rtx=0, c=23, mss=1232, tbw=5082, tp=9, tpl=0, uplat=0, ullat=-1\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":378873,"size_decoded":104197,"mime_type":"application/x-javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (9255)","md5":"c41542cf32233bce2bade2decd6bbf05","sha1":"8959ea508cfb47c9e5ebc74715fe744b66d6bdfa","sha256":"c5f1033054484f79c1816b905e3b66e2433a99d4df2cdc76e94a92d9740580c5","sha512":"0a9ee49b170fe5789c8210b4ac53ff1add61833fa2f2243ec64f3a8f72126b6231c0165549014a6a4c50ba00a98592a6c8b4a3c9ee95c7878239ce8fe357f842","ssdeep":"6144:w7gAVTJGD0ML9RpTD+4Yd0E+brBLrxQCR/ddFriG2XPHnNpnK01lzEYzOOlvBZSJ:2nmOMdgPHnNpnK0JNSJ","tlshash":"3c84e789b1e1b0a103b6796c966f9007b2bbd5a234ccc960e55dedc82d7c49e4133eb7","first_seen":"2026-06-23T21:05:28.833079Z","last_seen":"2026-06-25T16:10:52.791109Z","times_seen":209,"resource_available":true,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":75,"connect":19,"send":0,"wait":11,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"106.54.228.253","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:53.985Z","timestamp":1782305513985,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Wed, 24 Jun 2026 15:51:54 GMT\r\ncache-control: max-age=10800\r\nset-cookie: __uni__uid=rBEQg2o70upB/0nOA7iOAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":577,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-06-25T17:23:20.166078Z","times_seen":16676,"resource_available":false,"data":null}},"time_used":863,"timings":{"blocked":0,"dns":4,"connect":212,"send":0,"wait":212,"receive":0,"ssl":435},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/index-ZUR8Fptb.js","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.404Z","timestamp":1782305510404,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/index-ZUR8Fptb.js HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:50 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 19 Jun 2026 11:21:47 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a35264b-3577f\"\r\nexpires: Thu, 25 Jun 2026 00:51:50 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":219007,"size_decoded":81502,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32170)","md5":"9131f182a870549015a87d9a230bdb03","sha1":"c8b6402482c1447ab360ddfb79fa0077de71d411","sha256":"3d8d46850c59b2a5601eaf965ae662c93461a8065dda75b9f9e7d123a4f5106d","sha512":"ffdf0ae2052e9406d66a0d3b70b22ac1ebcdbb7b56f6ba6a5fdf7653fbae6b189437049a4ee0c44eb78be1dc82d2b6690055b34cab186a6f228f52dfeccb7ca1","ssdeep":"6144:B4OEYhwhruSI0QPRbxGqshwp7Sl3zvnvJz5EHK:BIDI5PRbxdOh1vnxz5x","tlshash":"3e2408e53292b03253ea19f6407b0505f33a1955780ec4d8f16caceb3d7694a92bbf6c","first_seen":"2026-06-24T12:29:43.689628Z","last_seen":"2026-06-25T02:13:22.773832Z","times_seen":25,"resource_available":true,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":215,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/gh/iBug/Amazon-Fonts@master/fonts/AmazonEmber_W_Rg.woff2","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.954Z","timestamp":1782305510954,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2026 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Wed, 20 May 2026 15:48:47 GMT","end":"Sat, 05 Dec 2026 14:48:47 GMT"},"fingerprint":{"sha1":"D4:05:C2:EC:C7:EE:2B:D0:08:68:0D:3D:33:77:48:78:43:E7:D1:E1","sha256":"ED:84:90:EE:71:BC:6B:5E:B3:D2:50:B0:23:3A:06:0D:E0:50:C6:B6:A9:09:36:E6:CE:FE:E8:66:89:EB:4E:C5"}}},"request":{"raw":"GET /gh/iBug/Amazon-Fonts@master/fonts/AmazonEmber_W_Rg.woff2 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://vllcie.shop\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: font/woff2\r\nx-jsd-version: master\r\nx-jsd-version-type: branch\r\netag: W/\"ff20-e4gJuq5ezGPo6pgO4mc3qrCOS70\"\r\naccept-ranges: bytes\r\nage: 26521\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\nx-served-by: cache-fra-etou8220093-FRA, cache-bma-essb1270035-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 65312\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65312,"size_decoded":66039,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 65312, version 1.19661","md5":"6131b65846e2949ee9794638a0963fec","sha1":"7b8809baae5ecc63e8ea980ee26737aab08e4bbd","sha256":"e65ef1192cb72824b7740f397d26edf2c7afde2a60b5ec70666042c0eba0fea0","sha512":"197f5e230d77bbbfff042c7c2c955beed7206d3e56fc3446a2a2558e38e4a57fd101c206fe9ff289bacf7f34bd2dcf41b081efc7452545b9eb71743c90e97ab4","ssdeep":"1536:6I/mcJjTY1qwruBW3QBPR93pskDKU7ynezlkl3OmHmryC34rQ7yA:6wFZSr0Wy933xeTemG3FV","tlshash":"1153020af15d5682013c3b73dfed1a258c07b4d3528b54ee2ef6a799e34b2490a4bf85","first_seen":"2023-04-14T15:00:27Z","last_seen":"2026-06-25T14:46:28.856077Z","times_seen":414,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":37,"dns":3,"connect":9,"send":0,"wait":35,"receive":17,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vllcie.shop/assets/pages-security-check.CEQilrP4.js","fqdn":"vllcie.shop","domain":"vllcie.shop","tld":"shop"},"ip":{"addr":"185.255.198.196","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://vllcie.shop/","date":"2026-06-24T12:51:50.988Z","timestamp":1782305510988,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eywwkm.shop","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Tue, 23 Jun 2026 09:44:46 GMT","end":"Mon, 21 Sep 2026 09:44:45 GMT"},"fingerprint":{"sha1":"28:30:5F:0B:F8:08:D7:54:30:49:9B:A2:87:FB:D6:1B:C8:3A:1D:55","sha256":"8B:57:69:C0:C0:A8:30:5E:55:FF:5F:4E:26:17:EF:6C:79:AA:20:C2:31:32:D5:92:0D:CB:41:E4:F4:34:79:7C"}}},"request":{"raw":"GET /assets/pages-security-check.CEQilrP4.js HTTP/1.1\r\nHost: vllcie.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://vllcie.shop/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ndate: Wed, 24 Jun 2026 12:51:51 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 19 Jun 2026 11:21:51 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a35264f-6f2\"\r\nexpires: Thu, 25 Jun 2026 00:51:51 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nalt-svc: quic=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1778,"size_decoded":1374,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1775)","md5":"799438c460ce54db59f5858f9ea580a0","sha1":"52145813d8efe466955f5de95dd0d0ccdb3104a0","sha256":"c7c2d727b033939fa976360fd9ecd42880970f9342c6bb43c7fc91be8883fc62","sha512":"99c6a7107869e96bfc2009f239c38bcc9d4c3517e9adb25699ed3d46e5fadd2dbf5b7755ba310ef607835f9ba59052d2d63e6cd68668f9d9fdfdc35088708695","ssdeep":"","tlshash":"30310304744af37993773005b1225485715e0fd4f0a84583adfdc5a47a4aef9b7a9278","first_seen":"2026-06-24T12:29:43.691496Z","last_seen":"2026-06-25T02:13:22.774439Z","times_seen":25,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-06-24","alert":"Sinkholed","trigger":"vllcie.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-06-24","alert":"Phishing Block","trigger":"vllcie.shop","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Amazon","verdict":"phishing","severity":"medium","comment":"Resource associated with Amazon phishing","tags":["amazon","phishing"],"meta":null}]}}]}