{"report_id":"ab4027ee-c83f-4a58-888d-85ca999769b1","version":6,"status":"done","tags":[],"date":"2026-04-21T12:24:29Z","url":{"schema":"http","addr":"shopeescs.vip","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"shopeescs.vip/","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"title":"Shopee","dom":{"size":8248,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"55760800c42a40ffb212994f5f974bd9","sha1":"b52ac6ab2c8d9c76e9222b9b6a6f51c7c21158b0","sha256":"75b15ec7a281b6827d52410187f6fa0e910b753623312ead0a8c2e99814ca390","sha512":"b9712dd544b664fef7d91ef20cbc46afdae8069858f5e561662c7503b516922974ed4129fa7736872cb6c58a6ebe42298c5a6fb9b0fae83717cc8a1525ffe4ec","ssdeep":"192:Y5TuYIN72m1/VgbZgS+tAWI5+UrVqWrryP/6fncLmrzMSVfgE7cfgAFQfg4hA9fi:XFWN+UrVqWrryPSfncKrzTVfgE7cfgAs","tlshash":"15022c10618d0f77110362c2b421af4a60bfaf3290156676ffbf0666aff5ce0a55f6a1","dom_hash":"domhash8f708d5675abf6818b6e9e9f27616a83","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"shopeescs.vip","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":0,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-26T12:24:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"shopeescs.vip","ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":66,"request_count":22,"received_data":1921763,"sent_data":9912,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"cdn.dcloud.net.cn","ip":{"addr":"118.25.42.241","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"domain_registered":"2013-07-17","domain_rank":296858,"first_seen":"2018-09-15T09:18:08Z","last_seen":"2026-04-16T02:14:30.940817Z","alert_count":0,"request_count":1,"received_data":579,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"shopeescs.vip/","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"ad844ee1f5fa349f1ef59291997533f0","sha1":"1f63d6f42183d21e207f9b4c2a4e71ab8121a080","sha256":"77b4bd93bab0f40f27e276f954b261bc798d37992e54292d6890aa7feee9b1b4","sha512":"bcc1bc0430f1bdc32e69175b41afde41056566d271b23a39dfc8d2198dde9d78c894c29d393d970d8eef3c7abacc1134039e87070a737a0a322cb338b4ee836b","ssdeep":"","tlshash":"dd112b89af6c4a984513621ccc6d2bc5843da33b544c0806bd5c90a4bb8476daaed764","size":920,"data":"","first_seen":"2026-04-21T12:24:38.051802Z","last_seen":"2026-04-21T19:18:06.147665Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/order_files/jquery.min.js.%E4%B8%8B%E8%BD%BD","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f772fed444d5489079f275bd01e26cc","sha1":"a8927ac2830b2fdd4a729eb0eb7f80923539ceb9","sha256":"2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a","sha512":"81f3b4d35aaa98af19a4d31ee5399d49e0f70ce52aadefffbf42c6c4489d9d50a49450eec8e9139a009da82b57bf677665a926d5ae913dfc4c74baeec186c422","ssdeep":"1536:jTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPmw:jgZm0H5HO5+gCKWZyPmHQ47GKc","tlshash":"8f8319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","size":88145,"data":"","first_seen":"2023-03-07T01:02:42Z","last_seen":"2026-04-21T19:18:06.129941Z","times_seen":6309,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/avatar.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.389Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/avatar.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 22 Jun 2023 14:59:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"649461b8-7140\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28992,"size_decoded":0,"mime_type":"text/css","magic":"HTML document, Unicode text, UTF-8 text, with LF, NEL line terminators","md5":"c1c6f94d3a0b4c094ac985da6e62a111","sha1":"b8ab27ee38ff647beac3b9ab9e6cf77e754f9d39","sha256":"aeeb41faab19e0d1f6a32041f10b229094807a7a752e1e34810ee783276878d4","sha512":"cf0fd221d48ac67006e66d0ed6776126aaf4f20920893c327365cada714bb5309ab0464c2650f29f2633a3b3fa3338348be300d28b9ca0a2cd53c94515f34793","ssdeep":"768:pwJDFXHzJbjjHbKso0Kso91FBElSKsoHBb+FdEjj5Ypz+:pwlFXzJLbKf0KfzX6SKfHBb+LEjj5YpS","tlshash":"aae29702b76f5f06a09fc1bc2f99d329123512d3c94ecdb9b7a152d80f85dad2092fa5","first_seen":"2026-04-21T12:24:38.027973Z","last_seen":"2026-04-21T19:18:06.141222Z","times_seen":3,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/buyervip-mobile.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/buyervip-mobile.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:25 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbad-7ad\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1965,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1965), with no line terminators","md5":"ef47a9898921d933d6b5e484b7e59d39","sha1":"9c7cd41446fb931aa5803f9a5074dd1d2dc2bc16","sha256":"3f833304152862c46e19933203e30e7f877ccdbb607ae729653b034dab6f7218","sha512":"df2e5d01b032f171d62f444b38526eb8ffb953b044bba3b112802c132854d7d28d13ef47d74166ad1bac3f970fd2d2234dbf71c0ac4a78d47a8a00fa6f022de0","ssdeep":"","tlshash":"98412840d8c2c1b37c87bb12372912299e3ee49ec24d9bb99f3b71d4f64b582a4d2075","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.131257Z","times_seen":8,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/illustration_world.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/illustration_world.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 02 Jan 2026 08:41:57 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695784d5-33557\"\r\nexpires: Thu, 21 May 2026 12:24:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":210263,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 360, 8-bit/color RGBA, non-interlaced","md5":"02acf9cdcd111f9488c7dffb1fda20b2","sha1":"1808efbfee873daf718a756c22f9893d310efc1e","sha256":"d0839ba8bb350f0f382340b094908825f6ba3d6820290b6163cc589cac1ca5dc","sha512":"b187f141357f7519bcb4b8e4a3792534ee053f86a1a247485baae76e47c5266efbf8e8ebbf014c2c1a3e460e68a07694b64ff1087dca2b78a4141834170952b1","ssdeep":"3072:wc1/Zos93qOyBrlOoCrwbNBnxBJgBCMxD5cjxxHTUck/BeOPyuD4Q1xqZlTOsKS9:wW/F9ZDojx8DDM1Ac1OVD7xClOsL1","tlshash":"f32423cc379b694d4c0a4edb85625c32441343bb6fc7cffed1272c39c9592a56286aa3","first_seen":"2026-04-21T12:24:38.03092Z","last_seen":"2026-04-21T19:18:06.128478Z","times_seen":3,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/illustration_carrier.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/illustration_carrier.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 02 Jan 2026 08:41:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"695784d4-21dc6\"\r\nexpires: Thu, 21 May 2026 12:24:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138694,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 360, 8-bit/color RGBA, non-interlaced","md5":"8858bdf29801b23ce80eaa30f9518ca2","sha1":"41b131afc44a4b863f0ed8db4c4b17a7311dccb1","sha256":"c0c9df28bf34661a6d69d15c198656d87ad61ec101a327ec76da3f3e676b2f99","sha512":"875492575817b87ea44ce322d861bbc5e855504dfdc1883886ad6e9ffa3e26e730e52d7635a1a4d6b2c30eeaf9e321d6856f13f9a64228618f33dbfd18973c98","ssdeep":"3072:8gajTBga7H8nWt/EgvNNqCowtD9ESAOyCn0cJSWojIw:cTBgSt/EYN7tD9ESWCVJSrjIw","tlshash":"52d3127db013ffd0a5ecbabc9264f8a38d1246811ee53a3d42069b47dd675f0c25b261","first_seen":"2026-04-21T12:24:38.031987Z","last_seen":"2026-04-21T19:18:06.129456Z","times_seen":3,"resource_available":false,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/yqtrack_selected.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/yqtrack_selected.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 21 Jun 2023 13:31:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbca-9a9\"\r\nexpires: Thu, 21 May 2026 12:24:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2473,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 81 x 81, 8-bit colormap, non-interlaced","md5":"5544400eaa8e6f0d7338b81719b12c36","sha1":"acf654c6773858e8681b3487a81284464a858419","sha256":"8010adae090bdb1b9d7efb0e31f33a6ec617e2764d6012ce166a28957737c76d","sha512":"f4bf616f23bcf83087801ebcc872b8cb4306ca2b0f50835c3fc9a11b86f0585400b183d611abdb1b72fbd1ec2104a73fda2df460b574af56d823ecd2929d68f9","ssdeep":"","tlshash":"945193d2cd0d2a6ccec9941313b14fc52015371c3f892056a5b2ef233eb5c820a0a6c8","first_seen":"2024-08-19T16:43:41.51146Z","last_seen":"2026-04-21T19:18:06.133941Z","times_seen":4,"resource_available":false,"data":null}},"time_used":701,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/user.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/user.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: image/png\r\ncontent-length: 660\r\nlast-modified: Wed, 21 Jun 2023 13:31:52 GMT\r\netag: \"6492fbc8-294\"\r\nexpires: Thu, 21 May 2026 12:24:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":660,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 81 x 81, 8-bit colormap, non-interlaced","md5":"6071d784f8fef18b831acc7fe5586e77","sha1":"4bdb57ec8265e95576e6d53620bf13511b74fe85","sha256":"a312a21d5a66b012e40c71540fa535edcd7ba3c8ced91d3086cdc5ade671e397","sha512":"311c8d5775c1ea6c7082856a7f6945bd5e50468b867ac72503e9cb6297e3f0804d1b41b5939e82110e4b49521acc14d7c64feff36bf5480e210ab548bdcbfe94","ssdeep":"","tlshash":"650154e249eff4bde5a50e7bb5315104946e771939d6b0496e21a004151776ff131710","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.139777Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1052,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":699,"receive":353,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.dcloud.net.cn/img/shadow-grey.png","fqdn":"cdn.dcloud.net.cn","domain":"dcloud.net.cn","tld":"net.cn"},"ip":{"addr":"118.25.42.241","port":443,"asn":45090,"as":"Shenzhen Tencent Computer Systems Company Limited","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:12.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.dcloud.net.cn","organization":""},"issuer":{"commonName":"Certum Domain Validation CA SHA2","organization":"Unizeto Technologies S.A."},"validity":{"start":"Tue, 26 Aug 2025 11:47:17 GMT","end":"Fri, 25 Sep 2026 11:47:16 GMT"},"fingerprint":{"sha1":"47:A7:6C:09:6B:1D:CA:2D:7D:39:2E:C1:7F:15:DE:5D:F2:C4:0F:77","sha256":"EA:73:37:83:D0:38:44:D9:3C:0B:26:F0:DD:D1:22:2F:36:F7:F2:86:A1:B0:58:52:DE:4E:0A:21:D6:89:E7:3E"}}},"request":{"raw":"GET /img/shadow-grey.png HTTP/1.1\r\nHost: cdn.dcloud.net.cn\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 136\r\nlast-modified: Thu, 06 Jun 2019 06:42:07 GMT\r\netag: \"5cf8b5bf-88\"\r\nexpires: Tue, 21 Apr 2026 15:24:13 GMT\r\ncache-control: max-age=10800\r\nset-cookie: __uni__uid=rBEQMWnnbG2BZVLXA1mgAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=dcloud.net.cn; path=/; secure; httponly; samesite=none\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1 x 6, 4-bit colormap, non-interlaced","md5":"5a962adf74d92ae702467b3f47976547","sha1":"36f74049375584e3fa69b5ef87e9572336ff9e7a","sha256":"ad4ebea1c3496dd2924789ee009174a2c6289d1200e9811f458fd46f172d1d6f","sha512":"4ace23fe7ec6c7271710030fd423aace13eafac68ac3e76366ce4ce9bdc702caf71c9bdc2fb6a32c8e9791546098617cc0259decd8bb8489afdbce43e1b53a73","ssdeep":"","tlshash":"47c09bf3a615dc754a0d153b42e98271f429511e07046d0e5a13c216741e3448d56793","first_seen":"2023-04-15T10:50:30Z","last_seen":"2026-04-21T19:18:06.140667Z","times_seen":14982,"resource_available":false,"data":null}},"time_used":1653,"timings":{"blocked":690,"dns":57,"connect":272,"send":0,"wait":272,"receive":0,"ssl":359},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/post.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/post.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:49 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbc5-7053\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28755,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28755), with no line terminators","md5":"1280fa9d2c456ea251fedc504a845e50","sha1":"8f6653818bc25eb5bb2549e108f4ae60af8932f4","sha256":"1c26e334e22eb0e6b69ad7a829dc4eebbd4dd08e6e40a851795409690db6c4ad","sha512":"4abf151adb034a816b89794146ff723ac5cebd8af4e560b0487b21cd1daecd06aceaf1e873663df662b34d934614f8c469065eebdc8ca20bd42cb855c9b2c8d6","ssdeep":"768:gDZdcJUuYH4InVr1rHLR0UbQUMxU2/IW1LdC:y","tlshash":"4ed2c24028c63169fe2fe73371a916c9063b6142d8311ffe146e75b8e3868f65967cb1","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.132101Z","times_seen":8,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/common.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/common.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:29 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbb1-4225\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16933,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16933), with no line terminators","md5":"754928b9f9dc45ab0e3e259329f04bb9","sha1":"a49f3e425eddfb598f592d52f6eb4801701c08c2","sha256":"7d1994a2dbd5c49e1bdf7408792a74f522688c945f8baf6b7913a3d3254f12a4","sha512":"fa23fa824467163cb48554bda5acef8757fda01ebbea6055f7a65a20a113691b5ccb7bff97e00c4c5e3fa9a2a0acb826e0150c8638c6d4d1f59b004e41b27c33","ssdeep":"192:o7VDurXf2W7Rbwi6DKZT0sQIPW8LFQa0DBB6WXpz6y7xsB:9f2EZF6DKZT0sI8D7WdG","tlshash":"17721cf8d85c05ea7735c88beb82b23c61b5f739d1801c65f11f6d6c2dc16a8118afa9","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.137441Z","times_seen":8,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/status.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/status.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbc8-71e\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1822,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1822), with no line terminators","md5":"3a210fe0214bd07301d18ee768d61d50","sha1":"f3ff1f2a3080b6bb4c411aa665309ec291e6e6da","sha256":"8994e2cfa86a695ac14996a9bea6099975ab5334ecf359b4114b35b0171b9b5b","sha512":"735722b8a33334184ccd1a930a3283a0b972b727b3eb255a865c37efaa4dccd7b81502fe9c051580711389d7268e2ef5b8e7c8fa66efcbbce0d8f08b66f9e61f","ssdeep":"","tlshash":"89315d94cdad06cd6bb1d70297ca27385c48f913a4924c5bf31b450d5be264f72d873a","first_seen":"2025-09-15T06:46:45.798735Z","last_seen":"2026-04-21T19:18:06.142016Z","times_seen":6,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/carrier.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/carrier.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbaf-11a503\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1156355,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e5d2c0a4a27703c3524c067d48214cf3","sha1":"8a1f55ddfa1d1899c4ad68516e74407889cfb4da","sha256":"4b963ab9dd56ee48592900c8ee2c39d6891259239f05aa891153f18c70987727","sha512":"068584dd48d47e8e3af7a934be2f75934a6c84f830e65f03026f6d2faed6ace9e679f5065d173e8d045c708eb2f257aea7f663015242b6dd5d7d4864d5a69c49","ssdeep":"3072:UVfHTJvai/URElDoUHypLxQ8eYu9FrUjvAYG8H3/:UVrZaXPJQ8y9FrUzXNv","tlshash":"85252c0228c5407dff43e73b316d129e00ba4150c53e7abd156bbaa9f1858e96ca2d7f","first_seen":"2026-04-21T12:24:38.038622Z","last_seen":"2026-04-21T19:18:06.14257Z","times_seen":3,"resource_available":false,"data":null}},"time_used":525,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":525,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/illustration_app.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/illustration_app.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 02 Jan 2026 14:25:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6957d576-12809\"\r\nexpires: Thu, 21 May 2026 12:24:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75785,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 360, 8-bit/color RGBA, non-interlaced","md5":"017c4024806530112d67b1d17a875fa5","sha1":"99bed0a06bf67b8bd2a91229a3eaed1318e966ad","sha256":"e8d975e25ce72e6e9a81e53fabfccfb6961ee99c6080b0f07ad7d0f527acf517","sha512":"d0728bd65c367e95e5b8513343f234d4efc073c8372bf1fee4de4ffb789f672badb00f11cfc277d2cda68041ad5fc0d2f9cb7914616cbdb88ecf62364db685a2","ssdeep":"1536:w/0MWYjHnBSrG0flS8qrNeCFAnfrlehSU/4PeULbHMteQFNlGuHN5EpW:w/0MzjHnBSrVtS8oNe8mjFU/4mqbHMtd","tlshash":"ce73f10c6fa1c26b9bcc67cf81393b427768b8dab05ea5cdc75ad831d188d1d2918936","first_seen":"2026-04-21T12:24:38.039982Z","last_seen":"2026-04-21T19:18:06.138409Z","times_seen":3,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":702,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T12:24:07.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8419,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"20c84599d4198335f77b3ccd95edba0e","sha1":"606655608c2141db9a98ed33838b38cd8af313af","sha256":"5e9113a65d8dde1be1eabdd119de9b335e5e383ca89ebb0d0da117562bcfcab8","sha512":"54a187036fcd5896063cd3d319540212635a93666bc0d76af4b35e3d152a9aa11b7187db8fb0c3e2d6e20eba49a9ac101500476e2e4a2ef3aff40aaf2b69d070","ssdeep":"192:tdTuYIN72m1/VkbZgS+tAwIy+crVqWrryP/6fncMXrzKSVfgE7GfgAFifg4h29fV:WRW0+crVqWrryPSfncYrzxVfgE7GfgA/","tlshash":"0f022d10618d1f7b000361c2b4616b4a60bfaf32901566baffbf06666ff5cf0a55f5a1","first_seen":"2026-04-21T12:24:38.040892Z","last_seen":"2026-04-21T19:18:06.135328Z","times_seen":3,"resource_available":true,"data":null}},"time_used":1062,"timings":{"blocked":429,"dns":67,"connect":177,"send":0,"wait":204,"receive":0,"ssl":182},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/express.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/express.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbb4-65f9\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26105,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (26105), with no line terminators","md5":"dbaea24ad9aeb3e888f83ac474fe52a0","sha1":"189c4accf371cd25999e75b2f665bd15afdfa51c","sha256":"aa4384a5a8308cec4a8e52bb6341266e4f30df9b8ef01407b5b6408d446f717c","sha512":"0543790f2259594d367e8fcff0d55acd7e8979625b10be8c39679ab0aaa40968a763253e4346c1a9243a45ec62c4b863d438eba246018f537c44ada35bd2102a","ssdeep":"384:BLj3B/Jw7TZCxiX6+3ve5PIwWcULbIb0QASISJ0950uJ:Bx/JSq+3ggw/ULbsr8","tlshash":"b4c27291e4c642df794b10be40a1e61a1b7af8c4dd441f3cb82abaf46645d9ef877380","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.133031Z","times_seen":8,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":352,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/index.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.400Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/index.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbba-1725a\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":94810,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"5db0ca268362bac7b74bc1208d3598f2","sha1":"705aa2d988b7e56069a7ac5ffb7b340c244dc956","sha256":"a5edfcb0e63a4f6a7212f1c7691b462e38436d849b25e9808ba42a6071473463","sha512":"67a9d6ab64559c62eca29100c8e46db1016dccd5cfc06d4c5c6366a69698cebf3e4c75783b090027e3fa28c03a1a331f4c286196b43e85932422d1f73018fee6","ssdeep":"1536:7lIUpuK7hmVmBVuUH3xlynf7yQgnMhlNbc:WUpuK7hmV+uUH3em/nMPa","tlshash":"9293083719012e3ae52bcd16b6c0ab5a1e61c133e15307adfbb876188bcf9c9167b345","first_seen":"2026-04-21T12:24:38.043354Z","last_seen":"2026-04-21T19:18:06.143508Z","times_seen":3,"resource_available":false,"data":null}},"time_used":703,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":703,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/order_files/jquery.min.js.%E4%B8%8B%E8%BD%BD","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/order_files/jquery.min.js.%E4%B8%8B%E8%BD%BD HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 88145\r\nlast-modified: Wed, 21 Jun 2023 13:59:07 GMT\r\netag: \"6493022b-15851\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":88145,"size_decoded":0,"mime_type":"application/octet-stream","magic":"JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators","md5":"2f772fed444d5489079f275bd01e26cc","sha1":"a8927ac2830b2fdd4a729eb0eb7f80923539ceb9","sha256":"2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a","sha512":"81f3b4d35aaa98af19a4d31ee5399d49e0f70ce52aadefffbf42c6c4489d9d50a49450eec8e9139a009da82b57bf677665a926d5ae913dfc4c74baeec186c422","ssdeep":"1536:jTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPmw:jgZm0H5HO5+gCKWZyPmHQ47GKc","tlshash":"8f8319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","first_seen":"2023-03-07T01:02:42Z","last_seen":"2026-04-21T19:18:06.129941Z","times_seen":6309,"resource_available":true,"data":null}},"time_used":884,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":703,"receive":181,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/yqtrack.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/yqtrack.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: image/png\r\nlast-modified: Wed, 21 Jun 2023 13:31:53 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbc9-81e\"\r\nexpires: Thu, 21 May 2026 12:24:08 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2078,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 81 x 81, 8-bit colormap, non-interlaced","md5":"c15a6464f3a1bb475e50bf590dd14e6d","sha1":"4a720a7f4a2456ae5c9ba3bf9142987a69ff58d7","sha256":"d4e1de3236df229b663ba1ef18f09f343f438014e8f62d4623cf8d08208bb7ec","sha512":"91fa673f09b0586fb2f22fab52f33db3b3bb9ca29a86299cd16d68dc9de9bf254f074b5559404434ab5b62612fbd8be1fcd19832b444fbc271e3d12f6604b32f","ssdeep":"","tlshash":"c741c8ff7a10e52aca6f887f836efac59d186d8530a42d7ed631e46a440e15b2b44205","first_seen":"2024-08-19T16:43:41.512304Z","last_seen":"2026-04-21T19:18:06.134801Z","times_seen":4,"resource_available":false,"data":null}},"time_used":700,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":700,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/favicon.ico","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:09.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:09 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 9662\r\nlast-modified: Wed, 12 May 2021 06:54:10 GMT\r\netag: \"609b7b92-25be\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9662,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 48x48, 32 bits/pixel","md5":"89e199dde523b91e740083c4c8db4f13","sha1":"77f7f40e8bba29930f81bcd9dfbde8e16e86fe77","sha256":"8b4c9021260976ce74fa6c11111899311e7a4911ace7fe55ddd76cc4ab9f1db9","sha512":"9ebd3bd4282b0baa096cfd83365445178f8f6314067b05d04ff244e1255aa870e1b5f30763ebdc5e69e116fde4b2cd93e342781aca48fe7b95e0fc02e2889bb8","ssdeep":"48:9oQnnn0PSS8NzPNwfr7nsWYGu2y0BwT0HSJYjMnqWM2Cdh1M7CI3H5b2NGFtFRKD:9GHxICIdW7uzq","tlshash":"2412376aa208bc00d7da4f3cc77958ff924a4940db3d2057f0e2715eadad1be4492a8d","first_seen":"2023-05-08T21:03:54Z","last_seen":"2026-04-21T19:18:06.127912Z","times_seen":355,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":177,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/info-state.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/info-state.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbbc-4ad\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1197,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1197), with no line terminators","md5":"53787b262dd1c0cde9a4c590a36d0816","sha1":"062fe9f1164fdf269ae0c86a8438e779558af319","sha256":"3c1d6bb13e21d98a4735e3f692df0fe927e74bfb213875373d97357e3e8fe742","sha512":"210cdfa75434cb0dbda52403b189b07da6506dcb69ee5d29cc040d7341e03efb2bab91f8c915802c6bf5d43fe84f554f8048ae18ebe5764e3230e8a0f212a714","ssdeep":"","tlshash":"1121788bfac9198b3c57957e00e0ff392e6ed48852e08f367012336883584c76693a0a","first_seen":"2024-08-20T12:21:05.034359Z","last_seen":"2026-04-21T19:18:06.136111Z","times_seen":7,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/package-state.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/package-state.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:45 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbc1-4ad\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1197,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1197), with no line terminators","md5":"f4fac0d53d56c6def0a874065790a428","sha1":"9249ac6881aeee9344f950c64406b129939f74f8","sha256":"cbf4a9537b8ee73bb0827921995ecd8741522b41dbe28ca1b3ee6cc57b7e04e9","sha512":"a07485ec9248bb39ad3e1b317339dcabc8ab0f6b27f1b5d12fe27a967699f270f3b8eb16e3b7169016a7b02055ec6c97f999b34b55c02b7c34995b485daf60b4","ssdeep":"","tlshash":"4921c3a6f2c4404b3c9b977d1490f7391aaeada856550f2ab41333b867852c729a3708","first_seen":"2024-08-20T12:21:05.035364Z","last_seen":"2026-04-21T19:18:06.136945Z","times_seen":7,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/social.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/social.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\ncontent-length: 747\r\nlast-modified: Wed, 21 Jun 2023 13:31:51 GMT\r\netag: \"6492fbc7-2eb\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":747,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (747), with no line terminators","md5":"00714ed34a9ffc9b2ba99101a749b60c","sha1":"59f1b61f85127410ea5e37cab50c1b334ad61f75","sha256":"17170cfadf63135a3cdca3d82e74aa643f7734f71610fa4e2ac957133d463e0b","sha512":"29738891d7ab82c91fb12219438e2acc0b8e8cd1ebd4dbdbe1b8a2bffdaf7d56f8d4db52ece053c9cd3aa4488641008eab9bcb9cf328c94516194b1e6cf82f37","ssdeep":"","tlshash":"050145011ec12959f8079a309261cb60e23b6143de2a8afc2238667492c3fe93033cf3","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.130476Z","times_seen":8,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/aaa/index_files/roboto.min.css","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:08.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /aaa/index_files/roboto.min.css HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:08 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 21 Jun 2023 13:31:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6492fbc6-1854\"\r\nexpires: Wed, 22 Apr 2026 00:24:08 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6228,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6228), with no line terminators","md5":"0c89a6c5e981d50cc1b51e68ad4cc27f","sha1":"120de5361c3effaeaff02acc7c2a5ab23620bd7f","sha256":"586c8ed11db9899563a7be8cd602ffa6766c42ee1ba32a92c82adb906eabe5d6","sha512":"0ef49946025967e19a4c93db961dc2b51a96872083b7bad1f32dd5a6026f81cea7f3349023ac26a0539a6b2a69421012f2f9f169c0188eefffb4c1ed4f4483dd","ssdeep":"96:4X+4HjzvBs/BImH8KFD86tw4H6FNv6Sw6zz6xPG6e3mD6TDb4HsvHxO7ggejDpn:/tCTTuPw3mGeEg2V","tlshash":"44d1902508ab42495fe30a6632cb7723fc4e2415609ed462e72e7e6c9cdb53b13d036e","first_seen":"2024-01-17T17:40:43Z","last_seen":"2026-04-21T19:18:06.137924Z","times_seen":8,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"shopeescs.vip/logo.png","fqdn":"shopeescs.vip","domain":"shopeescs.vip","tld":"vip"},"ip":{"addr":"23.94.74.141","port":443,"asn":36352,"as":"AS-COLOCROSSING","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://shopeescs.vip/","date":"2026-04-21T12:24:09.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shopcscc.vip","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 03 Mar 2026 03:48:51 GMT","end":"Mon, 01 Jun 2026 03:48:50 GMT"},"fingerprint":{"sha1":"2A:8B:96:8B:8F:09:DF:B2:64:54:FA:9C:A2:8F:65:D3:F4:77:7C:ED","sha256":"B6:EB:D8:DA:7B:C7:81:0E:4F:FD:80:9F:65:83:F0:C5:7B:90:0D:E8:9F:BE:A6:9F:55:EA:D8:AE:A8:2A:19:61"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: shopeescs.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://shopeescs.vip/aaa/index_files/avatar.min.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Tue, 21 Apr 2026 12:24:09 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\netag: W/\"6970ab34-260c\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9740,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1304)","md5":"900c470e5630e1fae0d46ea6faa197f7","sha1":"5da3ed0791bf47b050186f0609adbf72527c43ab","sha256":"82f11ddce81f7c8f26c220ba6a66cfcd83e4592f7396893d79d497531bab7db4","sha512":"3b3d3e7e80d3d86e354a93c88cba2536fc22640d31e20e2cd5a3383fed0d3b766cb46a393817f4bb1e76b69a5360868c9ecd99e6643a95f9729910d6eec9cd65","ssdeep":"96:QLHE8mXUeE8mXUeE8mXUeE8mXUeE8mXUeE8mXUeE8mXUB:IEl/El/El/El/El/El/ElM","tlshash":"8f12a9e87f4ab8711322a1f70e77d606937451463da928d2f870a9853dfc166e4c3a9c","first_seen":"2026-04-21T12:24:38.050645Z","last_seen":"2026-04-21T19:18:06.126653Z","times_seen":3,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"shopeescs.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}