{"report_id":"0532741e-ac68-4cb3-8500-1f34e364904e","version":6,"status":"done","tags":[],"date":"2026-02-21T20:57:31Z","url":{"schema":"http","addr":"refund-sol.xyz","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"104.21.15.175","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"refund-sol.xyz/","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"title":"Get Your SOL Back Instantly | Recover Rent from Solana Token Accounts","dom":{"size":39,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"086707e4369f60afedcafb16050a7618","sha1":"8216b0cc6876cbd44f01c158e7dff3833ceccd41","sha256":"a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e","sha512":"aade21843813e2cab329b99185c6f61db7907a556ea974e0315dcf3ad967cab20fee66d4f10db0d0ec43a71e086ce6d700d5524103deaefa3ce5f6be74ba5737","ssdeep":"","tlshash":"6a9000fee0a2000efc303bc00cc2238a0c28c3a830028e002ac038b8c80822bcc032c8","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"refund-sol.xyz","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"104.21.15.175","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-28T20:57:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"refund-sol.xyz","ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-21","domain_rank":0,"first_seen":"2026-02-21T20:20:02.029946Z","last_seen":"2026-02-21T20:20:02.029946Z","alert_count":0,"request_count":4,"received_data":1377265,"sent_data":1961,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"refund-sol.xyz/","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba42285cf4b3b7463e112305bf739595","sha1":"b6d304b617077a86964a6958f7d5f25b85e7922d","sha256":"1b9032d9129020046f3b8f78899b7cdf745c2c52efcc980cd3e61906d21de7ff","sha512":"cdd9d4e0108026a30133a532dbf91a3984878f1058f4b75505fe2dc32fc92316d4fce87071728c010e7e95620ec33c39158e95c9c1514af7a12e65c675ba02e8","ssdeep":"","tlshash":"25c02200c0605ea0062c04e7603492e4a04059690042608ac3bca8c51859e814d84924","size":186,"data":"","first_seen":"2026-02-20T13:39:42.877965Z","last_seen":"2026-02-25T21:58:27.931522Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refund-sol.xyz/","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ba42285cf4b3b7463e112305bf739595","sha1":"b6d304b617077a86964a6958f7d5f25b85e7922d","sha256":"1b9032d9129020046f3b8f78899b7cdf745c2c52efcc980cd3e61906d21de7ff","sha512":"cdd9d4e0108026a30133a532dbf91a3984878f1058f4b75505fe2dc32fc92316d4fce87071728c010e7e95620ec33c39158e95c9c1514af7a12e65c675ba02e8","ssdeep":"","tlshash":"25c02200c0605ea0062c04e7603492e4a04059690042608ac3bca8c51859e814d84924","size":186,"data":"","first_seen":"2026-02-20T13:39:42.877965Z","last_seen":"2026-02-25T21:58:27.931522Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refund-sol.xyz/secureproxy?s=%2Fipfs%2FNl3JwyoeuhXIa1MYbEP3yA60285497bd5ecc399a2802075f1f4fac%3Ft%3D1771707423283","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0357a368aa5c368a78b4419fe6f3f088","sha1":"a1a39531e50936e62d09c27889a8568e327299ad","sha256":"4d74685d7abca64681d6a416c0dfd1414e03150a19686cfe8e03e4ef6ec05b38","sha512":"6d77b54a62f16292c93f9d51c18529dd51333e3229275992c687bcd778212f242ccca32f6cb61b990a7125cb4ee9166af4a881b61e636cf0ec1580341adc343b","ssdeep":"6144:3h5gDylACl2/EM1CjCjRHlIy6VKcRmWLO2m3fnDRumuSYlhv1wf2Rti:/sylACl4N1CjCjRHlIyQRhOLfD3J","tlshash":"e0d4bdc0875915bf42982aae19b35b7fdfa80d58074bcc5073c31cd163a570a9be6be8","size":599190,"data":"","first_seen":"2026-02-21T20:57:33.200593Z","last_seen":"2026-02-21T20:57:33.200593Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refund-sol.xyz/secureproxy?s=%2Fipfs%2FNl3JwyoeuhXIa1MYbEP3yA60285497bd5ecc399a2802075f1f4fac%3Ft%3D1771707423281","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f3c0bd035937bf1a9475000110b990c2","sha1":"52fdf537ca0acf9e05488a77d241143b8144e2a5","sha256":"656ee66df79635337a55257f6915e875cdb134650cb1b6a3286e8bfccfdf509b","sha512":"86f26a6f88fbd8e56aacc9adb0c230577631f8d62e635d08e16cbc5093750b7b9a09409e5cd3d9439ea0a86aa004a41cdb518d0bb6f437cd4c462be6afbe65ff","ssdeep":"6144:3h5gDdACl2/EM1CjCjRHlIy6VKcRmWLO2m3fnDRumuSYlhv1wf2Rti:/sdACl4N1CjCjRHlIyQRhOLfD3J","tlshash":"68d4bcc0875915bf42982aae19b35b7fdfa80d58074bcc5073c31cd163a570a9be6be8","size":599182,"data":"","first_seen":"2026-02-21T20:57:33.201774Z","last_seen":"2026-02-21T20:57:33.201774Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"refund-sol.xyz/","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-21T20:57:02.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"refund-sol.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Feb 2026 12:22:10 GMT","end":"Fri, 22 May 2026 12:22:09 GMT"},"fingerprint":{"sha1":"07:60:56:7B:F1:77:BE:E6:3F:EF:39:E0:75:54:C2:2C:92:F9:ED:08","sha256":"BD:1B:3F:8C:49:C9:19:CC:E9:F3:2D:98:C0:C2:92:C4:9C:6A:DB:B8:5F:D8:BD:F3:17:49:00:15:22:3F:F5:D8"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: refund-sol.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 21 Feb 2026 20:57:03 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Sat, 21 Feb 2026 12:52:49 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I%2Fgkc4nYwWvXi%2BKZQijNeS2sDJktzAEMGyL2pVzxoEqX0WBLFWybzgh5Td0Krenct6gNPj6TkEqudk96EDleLuGb5kazxvjRE%2Fih7bVI\"}]}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 27304\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: 9d1927620dcfc8c4-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173661,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (63072)","md5":"113b10b40b3db8d6c09458453002bf6e","sha1":"ca6335349c39d1b719ef3d768eff844cf16f8ebd","sha256":"3ea1dbc6c1bf344eb31e77295b655fb397ec908231f2800ea9c5de39213eb93f","sha512":"89b882fd9d736fb9177c08fb506abe6c4c6c7fc8c77c294df9e2a0f79523db7246c06eee390c1956baf4b0e961e5dd6e30c331741efef6c56c7af14725702775","ssdeep":"3072:7w7QQRfjD1WZbYaK7JApqfsH0zfsLwTEoQ5QpQOLMOagF3VrB3:7s/1WZbYh7JrkUznBQ5QpQmR1/3","tlshash":"62046bba9bd0143b7c53d3f0e2a5b73cf12ae2c8de2b4459faa9424023d6df65d52640","first_seen":"2026-02-20T13:39:42.871368Z","last_seen":"2026-02-25T21:58:27.927751Z","times_seen":6,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":46,"dns":17,"connect":8,"send":0,"wait":24,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refund-sol.xyz/secureproxy?s=%2Fipfs%2FNl3JwyoeuhXIa1MYbEP3yA60285497bd5ecc399a2802075f1f4fac%3Ft%3D1771707423283","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://refund-sol.xyz/","date":"2026-02-21T20:57:03.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"refund-sol.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Feb 2026 12:22:10 GMT","end":"Fri, 22 May 2026 12:22:09 GMT"},"fingerprint":{"sha1":"07:60:56:7B:F1:77:BE:E6:3F:EF:39:E0:75:54:C2:2C:92:F9:ED:08","sha256":"BD:1B:3F:8C:49:C9:19:CC:E9:F3:2D:98:C0:C2:92:C4:9C:6A:DB:B8:5F:D8:BD:F3:17:49:00:15:22:3F:F5:D8"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FNl3JwyoeuhXIa1MYbEP3yA60285497bd5ecc399a2802075f1f4fac%3Ft%3D1771707423283 HTTP/1.1\r\nHost: refund-sol.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://refund-sol.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 21 Feb 2026 20:57:04 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"92496-oaOVMeUJNuYtCcJ4iahWjjJyma0\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=5IyhvDNsIShisLLklrc1YQ.js\r\ncdn-proxyver: 1.46\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 02/21/2026 20:57:03\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: 6b5469d8bba2c4e3e6b70fe64ccb1598\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yZbcMG8i9ZnRDrWHScsDFB070zpwa1eO2pSRnttEvGOGT1w%2B0R7yGZt92SDNQe8fPm8%2BUjBq0WM35m8ScGqACH2oMOqNMkn%2BjaUtfY%2BN\"}]}\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9d192763ab4575c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":599190,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"0357a368aa5c368a78b4419fe6f3f088","sha1":"a1a39531e50936e62d09c27889a8568e327299ad","sha256":"4d74685d7abca64681d6a416c0dfd1414e03150a19686cfe8e03e4ef6ec05b38","sha512":"6d77b54a62f16292c93f9d51c18529dd51333e3229275992c687bcd778212f242ccca32f6cb61b990a7125cb4ee9166af4a881b61e636cf0ec1580341adc343b","ssdeep":"6144:3h5gDylACl2/EM1CjCjRHlIy6VKcRmWLO2m3fnDRumuSYlhv1wf2Rti:/sylACl4N1CjCjRHlIyQRhOLfD3J","tlshash":"e0d4bdc0875915bf42982aae19b35b7fdfa80d58074bcc5073c31cd163a570a9be6be8","first_seen":"2026-02-21T20:57:33.200593Z","last_seen":"2026-02-21T20:57:33.200593Z","times_seen":1,"resource_available":true,"data":null}},"time_used":921,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":725,"receive":196,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refund-sol.xyz/secureproxy?s=%2Fipfs%2FNl3JwyoeuhXIa1MYbEP3yA60285497bd5ecc399a2802075f1f4fac%3Ft%3D1771707423281","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://refund-sol.xyz/","date":"2026-02-21T20:57:03.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"refund-sol.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Feb 2026 12:22:10 GMT","end":"Fri, 22 May 2026 12:22:09 GMT"},"fingerprint":{"sha1":"07:60:56:7B:F1:77:BE:E6:3F:EF:39:E0:75:54:C2:2C:92:F9:ED:08","sha256":"BD:1B:3F:8C:49:C9:19:CC:E9:F3:2D:98:C0:C2:92:C4:9C:6A:DB:B8:5F:D8:BD:F3:17:49:00:15:22:3F:F5:D8"}}},"request":{"raw":"GET /secureproxy?s=%2Fipfs%2FNl3JwyoeuhXIa1MYbEP3yA60285497bd5ecc399a2802075f1f4fac%3Ft%3D1771707423281 HTTP/1.1\r\nHost: refund-sol.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://refund-sol.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 21 Feb 2026 20:57:04 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: max-age=2592000\r\netag: W/\"9248e-Uv31N8oKz54FSIp30kEUO4FE4qU\"\r\nexpires: 0\r\npragma: no-cache\r\ncontent-disposition: attachment; filename=tOhTf1eKXsKrFHo4cIDMkQ.js\r\ncdn-proxyver: 1.46\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 200\r\ncdn-cachedat: 02/21/2026 20:57:04\r\ncdn-edgestorageid: 1056\r\ncdn-requestid: cfe5b8cdd6f6b1c38c0ec944f417f0db\r\ncdn-cache: MISS\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wikRpmSOdJWh7rxrtzpj6EvtyjY30osaFeEUKojvgBrwx2Zw9LOZfGI5BtAOMxRB22esdrkx6tV1%2BgZAoQPDHF0bQvWiNBvfnOdhOldI\"}]}\r\ncf-cache-status: MISS\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9d192763ab4475c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":599182,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"f3c0bd035937bf1a9475000110b990c2","sha1":"52fdf537ca0acf9e05488a77d241143b8144e2a5","sha256":"656ee66df79635337a55257f6915e875cdb134650cb1b6a3286e8bfccfdf509b","sha512":"86f26a6f88fbd8e56aacc9adb0c230577631f8d62e635d08e16cbc5093750b7b9a09409e5cd3d9439ea0a86aa004a41cdb518d0bb6f437cd4c462be6afbe65ff","ssdeep":"6144:3h5gDdACl2/EM1CjCjRHlIy6VKcRmWLO2m3fnDRumuSYlhv1wf2Rti:/sdACl4N1CjCjRHlIyQRhOLfD3J","tlshash":"68d4bcc0875915bf42982aae19b35b7fdfa80d58074bcc5073c31cd163a570a9be6be8","first_seen":"2026-02-21T20:57:33.201774Z","last_seen":"2026-02-21T20:57:33.201774Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1012,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":758,"receive":254,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"refund-sol.xyz/secureproxy?s=%2Fjmpd%2F","fqdn":"refund-sol.xyz","domain":"refund-sol.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.148","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://refund-sol.xyz/","date":"2026-02-21T20:57:05.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"refund-sol.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 21 Feb 2026 12:22:10 GMT","end":"Fri, 22 May 2026 12:22:09 GMT"},"fingerprint":{"sha1":"07:60:56:7B:F1:77:BE:E6:3F:EF:39:E0:75:54:C2:2C:92:F9:ED:08","sha256":"BD:1B:3F:8C:49:C9:19:CC:E9:F3:2D:98:C0:C2:92:C4:9C:6A:DB:B8:5F:D8:BD:F3:17:49:00:15:22:3F:F5:D8"}}},"request":{"raw":"POST /secureproxy?s=%2Fjmpd%2F HTTP/1.1\r\nHost: refund-sol.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 1402\r\nOrigin: https://refund-sol.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1402,"data":"{\"route\":\"n9POyFeFG1tUtiSU-z9JOx3n\",\"payload\":\"0hqM-6_N52QBrgL7Ah8AEQAMA-gCGwDJAhcAAAIBIwMAAO8nhn2XtsKCAe1utgIpfJY6ZY65A2UCAAD2avSknPGamI9n1LuWK7rNDY3skGjb4YtCrzBiHE8QDxQq383O3trFdaGgBUzTbsQwVeGx8OWD23gydBrMsLy5PfAgFeHEag73FI5mG3aIuYqD7ZsQmtxdjBmXww0OeyCEF2V_8-l9a_B-smB4dlE7Jb4UflQGFimd6dKKia2F2X8gI0EFGheWte6DemRR5cDfBtL_fqHkWuIfxEMJgdNARRAAzPLD9RLXPuC6J_Mqs9D3T8WacL2ZCKRpumS26uBlDJlrT88j36j-EmHEjD7vvHobVrEXZo0I19Rsc_Kb9scFxNSQ-pjtc43nEREXZBufPwGSLIkHSljtM574ZLQZGlW9-Ivvhhl7U5ho1KrPJwmKx04DEm-6qMxgSp8ElcJBAaW7v1VwctH4hYRM044XjfoP6zMCH5MSj1O4k0v5J1Ko55z07a31jpmqQlP5x3ElMhnztg9GL47fQsowPdh6k5naP0CkHoAQUkjLIfXGvlu-oa81MN5S9VuPuWNk9Us3svX9iKXJXPSKYTdlDP1pLK8aWkQDTjUnzRTWRiSJDYG1ICJc8GFIBpNMt9atgXFOv2JFhgoIWAjIjNHRUGklnrgwaltiGGDAl3-vYYGIO4a2HsZdHk4EFxQoV7GTRn7L6xUwGnjJ5Zqc6Y535k32-Nboaw3JFqSwLSO0t-HWBVyoXHwMPVMRBJp6d5WjPDWgWxjQ9e_ezVPgjXnhR-v7FKATomO95hRQ_HzN-oLZ-9px7gGjcgp29tvrfuyQgyI3Uoe2bGuHL-QEx4akNAJhM7YAMoNkD_m1cTkS1Y1kUdLgF8D5VpRrwFQ8xFyQ3nsdBOAv_9_Gt1IjccBk9O5HTrz3045Q09ckgHhWfGs93tjYEsXk4yFbU58lnq9rbdNvGrvFpZTpFPEhp2uQuY4Nxbc4v3Jti5B9CuFazpetaCPoV29VRwnyWpYQCaNP9BF_qCKnCPHnHB4l70_5j2MFTErlkjSaX4pZ2w0r_n_e44BWxRd5CpWv768zCrb4mcXA_21H0r2lgoiKC-AR8NPo4NNRtdhMTYkA5U_i5NyYChB5sHR88AkC0CIf0eyjx4Y7FtwPoJ78a1goEA\",\"challenge\":\"eyJpZCI6IkJBZVdxNjlSRlZjNmQtZ1pRSXhYVHciLCJub25jZSI6NDk4LCJoYXNoIjoiMDBmMGJhYjY0YzIxOGZlMTlmOGM3Y2E0MDQ1MTNhMjAzYWVmYzgzODAzZjEwMWJlZmIwN2Q1MTZmYmE4YWNlYyJ9\"}"}},"response":{"raw":"HTTP/3 204 No Content\r\nserver: cloudflare\r\ndate: Sat, 21 Feb 2026 20:57:06 GMT\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\ncdn-pullzone: 4623665\r\ncdn-requestcountrycode: NL\r\ncache-control: no-cache\r\netag: W/\"a-bAsFyilMr4Ra1hIU5PyoyFRunpI\"\r\nx-ratelimit-limit: 10000\r\nx-ratelimit-remaining: 9999\r\nx-ratelimit-reset: 1771707486212\r\ncdn-proxyver: 1.46\r\ncdn-requestpullsuccess: True\r\ncdn-requestpullcode: 204\r\ncdn-cachedat: 02/21/2026 20:57:06\r\ncdn-edgestorageid: 879\r\ncdn-requestid: 502884e991434dae97c32a6de1764191\r\ncdn-requesttime: 0\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BaN3w%2BxEkIhkWEPPuO2R8caE5R8Vk%2BrgCRrU5GdgH3ePrrfP0PfJw9CoA%2BPYVfaYvKOxght6bX%2FHmZ632RND7pXxSKO0nJB7gJKK7pFh\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d1927732ef975c3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T16:53:19.252379Z","times_seen":14847337,"resource_available":true,"data":null}},"time_used":1108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}