{"id":"899aee35-24e2-4b14-af1c-5e7fad94b41b","url":"https://w9vfxa.cfd/","status":"completed","submitted_at":"2026-06-19T12:10:25.712866Z","started_at":"2026-06-19T12:10:26.506442Z","completed_at":"2026-06-19T12:10:50.345327Z","final_url":"https://w9vfxa.cfd/","http_status":200,"error":null,"artifacts":{"html_url":"/artifact/html/f424990f20f0ebc913fbc4ad70b050e00a13e7c28e52d4fb6173108d91347014.html","screenshot_url":"/artifact/screenshot/0ee20418084d24058dd2f03d77c720d8808b83496eadcb39ec67b3f75e45aa08.png","har_url":"/artifact/har/f358ea4cf4297bdc3a380c7a3687cb6d2942eaf8c23e7a2ee61252198b818a72.har","annotations_url":null},"metadata":{"redirect_chain":[],"network_summary":[{"url":"https://w9vfxa.cfd/","status":200,"type":"document"}],"captured_js_bytes":5952,"turnstile":null,"cloudflare":null,"enrichment":{"registered":"w9vfxa.cfd","host":"w9vfxa.cfd","host_ip":"104.21.84.56","domain":{"key":"w9vfxa.cfd","status":"fetching","data":null,"fetched_at":null,"expires_at":null,"fresh":false,"error":null},"ip":{"key":"104.21.84.56","status":"fetching","data":null,"fetched_at":null,"expires_at":null,"fresh":false,"error":null}},"timings":{"dns_ms":127,"scrape_ms":4461,"artifacts_ms":2106,"enrichment_ms":1448,"detection_ms":517,"per_detector_ms":{"domain":0,"forms":0,"yara":0,"urlhaus":505,"feeds":0,"brand_watch":0,"redirect_chain":0},"investigation_ms":1,"total_ms":23804,"ai_review_ms":14027},"investigation":{"hashes":{"html_sha256":"f424990f20f0ebc913fbc4ad70b050e00a13e7c28e52d4fb6173108d91347014","screenshot_sha256":"0ee20418084d24058dd2f03d77c720d8808b83496eadcb39ec67b3f75e45aa08","har_sha256":"f358ea4cf4297bdc3a380c7a3687cb6d2942eaf8c23e7a2ee61252198b818a72"},"iocs":{"emails":[],"crypto_wallets":[],"telegram_bots":[],"telegram_handles":[],"telegram_chat_ids":[],"discord_webhooks":[],"phone_numbers":[],"exfil_endpoints":[],"urls":["https://w9vfxa.cfd/"]},"urls_by_type":{"document":["https://w9vfxa.cfd/"]},"captured_resource_urls":["https://w9vfxa.cfd/"],"hosts":[{"host":"w9vfxa.cfd","request_count":1,"resource_types":["document"],"ip":"104.21.84.56","registered":"w9vfxa.cfd"}],"redirect_chain":[],"chain_signature":null,"host_count_total":1,"host_count_enriched":1,"tls":{"host":"w9vfxa.cfd","validated":true,"subject":{"commonName":"w9vfxa.cfd"},"issuer":{"countryName":"US","organizationName":"Google Trust Services","commonName":"WE1"},"not_before":"2026-06-18T08:30:31+00:00","not_after":"2026-09-16T09:28:11+00:00","serial_number":"86E3D3C43CA4149E0E878EF1DB2C9392","subject_alt_names":["w9vfxa.cfd","*.w9vfxa.cfd"],"fingerprint_sha256":"70caee0954ce9cb5b2e8faa79f5d9ff2873eac5f5932a638b6af51a2da24ebaf","tls_version":"TLSv1.3","cipher":"TLS_AES_256_GCM_SHA384"},"kit":null,"page_links":[]},"worker_host":"scraper-21","annotations_key":null,"c2_endpoints":[],"screenshot_is_decoded_kit":false},"queue_wait_ms":793,"duration_ms":24632,"score":70,"verdict":"malicious","signals":[{"id":"cert_pl.domain_hit","severity":"critical","weight":55,"detector":"feeds","message":"CERT-PL lists this host as a phishing domain.","evidence":{"host":"w9vfxa.cfd","feed":"cert_pl"}}],"ai_review":{"verdict":{"verdict":"malicious","score_adjustment":0,"brand_impersonated":null,"kit_fingerprint":null,"iocs":[],"rationale":"The page is confirmed malicious because the CERT-PL rule engine flagged the host as a phishing domain, a high-weight signal that cannot be overridden. The visible text claiming the site is under construction serves as a common social engineering tactic to lower user suspicion before redirecting to a credential harvesting site.","confidence":0.95},"skipped":false,"skipped_reason":null,"error":null,"model_text":"qwen3.5:4b","model_vlm":null,"prompt_version_text":"verdict_v1","prompt_version_vlm":null,"latency_ms":12400,"served_by":"primary"},"ai_skipped":false,"ai_skipped_reason":null,"ai_pending":false}