{"id":"0ecde9e5-88c9-41e3-902d-7599e61242c1","url":"https://yi3urc.cfd/","status":"completed","submitted_at":"2026-06-19T12:10:25.712889Z","started_at":"2026-06-19T12:10:38.877896Z","completed_at":"2026-06-19T12:11:40.295719Z","final_url":"https://yi3urc.cfd/","http_status":200,"error":null,"artifacts":{"html_url":"/artifact/html/f424990f20f0ebc913fbc4ad70b050e00a13e7c28e52d4fb6173108d91347014.html","screenshot_url":"/artifact/screenshot/cde79ae67787ba47cd6ecb6ee18d5da77f762b71eff2ccd63a06d00ae637ec2b.png","har_url":"/artifact/har/b94e58ac395ad23543c584c81273698e6f13519334bb4cdc26b8defa9e014b89.har","annotations_url":null},"metadata":{"redirect_chain":[],"network_summary":[{"url":"https://yi3urc.cfd/","status":200,"type":"document"}],"captured_js_bytes":5952,"turnstile":null,"cloudflare":null,"enrichment":{"registered":"yi3urc.cfd","host":"yi3urc.cfd","host_ip":"104.21.78.148","domain":{"key":"yi3urc.cfd","status":"fetching","data":null,"fetched_at":null,"expires_at":null,"fresh":false,"error":null},"ip":{"key":"104.21.78.148","status":"fetching","data":null,"fetched_at":null,"expires_at":null,"fresh":false,"error":null}},"timings":{"dns_ms":220,"scrape_ms":3052,"artifacts_ms":206,"enrichment_ms":172,"detection_ms":368,"per_detector_ms":{"domain":0,"forms":0,"yara":0,"urlhaus":342,"feeds":0,"brand_watch":0,"redirect_chain":0},"investigation_ms":1,"total_ms":61392,"ai_review_ms":57250},"investigation":{"hashes":{"html_sha256":"f424990f20f0ebc913fbc4ad70b050e00a13e7c28e52d4fb6173108d91347014","screenshot_sha256":"cde79ae67787ba47cd6ecb6ee18d5da77f762b71eff2ccd63a06d00ae637ec2b","har_sha256":"b94e58ac395ad23543c584c81273698e6f13519334bb4cdc26b8defa9e014b89"},"iocs":{"emails":[],"crypto_wallets":[],"telegram_bots":[],"telegram_handles":[],"telegram_chat_ids":[],"discord_webhooks":[],"phone_numbers":[],"exfil_endpoints":[],"urls":["https://yi3urc.cfd/"]},"urls_by_type":{"document":["https://yi3urc.cfd/"]},"captured_resource_urls":["https://yi3urc.cfd/"],"hosts":[{"host":"yi3urc.cfd","request_count":1,"resource_types":["document"],"ip":"104.21.78.148","registered":"yi3urc.cfd"}],"redirect_chain":[],"chain_signature":null,"host_count_total":1,"host_count_enriched":1,"tls":{"host":"yi3urc.cfd","validated":true,"subject":{"commonName":"yi3urc.cfd"},"issuer":{"countryName":"US","organizationName":"Google Trust Services","commonName":"WE1"},"not_before":"2026-06-18T08:29:10+00:00","not_after":"2026-09-16T09:27:56+00:00","serial_number":"6A06C6128D712A3E13892680FFD0F0F9","subject_alt_names":["yi3urc.cfd","*.yi3urc.cfd"],"fingerprint_sha256":"dda47434f6c0732abbfe599b1736f91b03b7116a55d9b3546ef633c6e9e8bade","tls_version":"TLSv1.3","cipher":"TLS_AES_256_GCM_SHA384"},"kit":null,"page_links":[]},"worker_host":"scraper-21","annotations_key":null,"c2_endpoints":[],"screenshot_is_decoded_kit":false},"queue_wait_ms":13165,"duration_ms":74582,"score":70,"verdict":"malicious","signals":[{"id":"cert_pl.domain_hit","severity":"critical","weight":55,"detector":"feeds","message":"CERT-PL lists this host as a phishing domain.","evidence":{"host":"yi3urc.cfd","feed":"cert_pl"}}],"ai_review":{"verdict":{"verdict":"malicious","score_adjustment":0,"brand_impersonated":null,"kit_fingerprint":null,"iocs":[],"rationale":"The page is confirmed malicious because the rule-based detection layer flagged it with a critical signal (CERT-PL) for being a phishing domain. The visible text, which appears to be a generic 'coming soon' message in Polish, does not contradict this high-weight signal.","confidence":0.95},"skipped":false,"skipped_reason":null,"error":null,"model_text":"qwen3.5:4b","model_vlm":null,"prompt_version_text":"verdict_v1","prompt_version_vlm":null,"latency_ms":57178,"served_by":"primary"},"ai_skipped":false,"ai_skipped_reason":null,"ai_pending":false}