{"report_id":"0b8b3800-c6bd-489d-8df1-11c4e0a348b5","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-23T09:57:36Z","url":{"schema":"http","addr":"usdt-ils.xyz","fqdn":"usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.usdt-ils.xyz/","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"title":"Exchange | Premium USDT ⇄ ILS","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"usdt-ils.xyz","fqdn":"usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-28T09:57:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-23","alert":"Detects file containing Telegram Bot API","trigger":"www.usdt-ils.xyz/static/js/main.4f6d6acf.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"assets.emergent.sh","ip":{"addr":"3.164.230.32","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2024-06-14","domain_rank":0,"first_seen":"2025-10-15T16:59:18.626023Z","last_seen":"2026-06-21T01:44:03.770728Z","alert_count":0,"request_count":1,"received_data":19558,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-21T22:19:08.810882Z","alert_count":0,"request_count":7,"received_data":388607,"sent_data":4034,"comment":"","tags":null,"fingerprints":null},{"fqdn":"api.telegram.org","ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"domain_registered":"2003-12-15","domain_rank":206724,"first_seen":"2015-06-25T10:09:00Z","last_seen":"2026-06-22T15:59:58.534838Z","alert_count":0,"request_count":2,"received_data":1251,"sent_data":1200,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.30.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.usdt-ils.xyz","ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":9,"request_count":7,"received_data":582984,"sent_data":3269,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]},{"fqdn":"us-assets.i.posthog.com","ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2020-01-23","domain_rank":57965,"first_seen":"2024-02-22T12:48:35Z","last_seen":"2026-06-18T08:15:29.71409Z","alert_count":0,"request_count":6,"received_data":493427,"sent_data":2938,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-21T22:22:12.048317Z","alert_count":0,"request_count":2,"received_data":21648,"sent_data":1064,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"usdt-ils.xyz","ip":{"addr":"216.150.1.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":341,"sent_data":481,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ipapi.co","ip":{"addr":"104.26.9.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-06-17T20:59:12.814462Z","alert_count":0,"request_count":1,"received_data":2489,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"us.i.posthog.com","ip":{"addr":"100.56.80.14","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2020-01-23","domain_rank":42193,"first_seen":"2024-02-22T12:48:36Z","last_seen":"2026-06-18T08:34:00.933054Z","alert_count":0,"request_count":3,"received_data":45603,"sent_data":1585,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"www.usdt-ils.xyz/static/js/main.4f6d6acf.js","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"md5":"98652a77bfeb994f8eae8bff1444bd2b","sha1":"cb4304d3bed97eecb272fc8d977602e438f0bffa","sha256":"325be39710b0bdd9b143ed984fa94df65488bcf498558542375e2b0cb972c0da","sha512":"a5e699cb9c04f1f16bf6e7ada7b0ee15f0f9dd8213162430bd2c22503372def266c8aa63a4cfde7d5bb8c00c1a6617bb7621a70194d72c94d9412b9d58e18ca6","size":506551,"token":"8985091533:AAE72fpF3qP7tZ9Az9JVEQZ2YNuUwE6rIUk","is_revoked":false,"bot":{"token":"8985091533:AAE72fpF3qP7tZ9Az9JVEQZ2YNuUwE6rIUk","user_id":"8985091533","username":"fangwen_8866_bot","first_name":"网站访问通知","last_name":"","chat":{"chat_id":"8500753537","title":"","type":"private","bot_is":"member","total_users":2,"active_members":null,"admins":null},"pending_messages":0}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"us-assets.i.posthog.com/array/phc_xAvL2Iq4tFmANRE7kzbKwaSqp1HJjN7x48s3vr0CMjs/config.js","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2b5888bf4718f3b67a3d9cc47f41bbe7","sha1":"24cd6e92dc7be07f39aa1e8dbe07489c811a989d","sha256":"d0b9ab2470bf717462eeea653d0c1c8a1a0eeee0f4fc3e2128b0e75afeab0276","sha512":"bb6083a3bfc4207cdac81419b6288f4457be90e65743e0bb2005e28d1d6e0dff18c0e82c3ec51dff951c7c9a152c4589f16d0a2d3e0b9bd278f5e646fa0d5060","ssdeep":"","tlshash":"8031872f1e1d2831aaaa5325e6d77f456ffe0233314c2848f8dc029452dd7db9987507","size":1566,"data":"","first_seen":"2026-04-14T07:13:14.744737Z","last_seen":"2026-06-27T19:46:53.621683Z","times_seen":241,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/surveys.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"719d628e2d1fbaf4c26f33782cbc1b9f","sha1":"78228da71ab8d00a1c46b15bc2fd231f2357cb80","sha256":"46a76d7ad75b55688b54565afbd03cd8092440c0c44d20dc39a3e57d95296a2e","sha512":"b2bf163e1a92482e2914afd5ee9c8a72efff89e4fb1be6a1190a32972615c0c0d1e588aba226fb56c64cf2e8eda4ded3d11787ff540fae7bb2496a71c0f82296","ssdeep":"1536:d9/oVWud2F9fQvo7aTP09+k1IdxUSSPYdoDKPFWM:dxbuGqo7R57Adp4M","tlshash":"f2934cd5ba00f06e51eb80b810be5843f33d6b1afa0d4c54b1179c943dd6988a39ffa6","size":96801,"data":"","first_seen":"2026-06-22T15:44:20.381458Z","last_seen":"2026-06-24T15:04:59.574855Z","times_seen":196,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1eb27b9120f461a107b77fd6a9ed1149","sha1":"0edf3a843ef46807a79e9333eb91db08c6065dc6","sha256":"1ce64c573e140d93e7b3635996bcbea0b9de221e5fd0814f2230f554be2018a6","sha512":"748ebbd7af4b22fc232434cf56e6bb27f6ce528a5a48bd0000047b7c3f3652de0075c4f2641e2a0e1ff442f15e0c46f2633d1a9fc1256a17b4aa7a499e9eab93","ssdeep":"","tlshash":"83d0970cca30ae5210962c6b3a0a7c0002e302889120a10331086c61fb618811d02303","size":222,"data":"","first_seen":"2026-02-23T12:33:52.63461Z","last_seen":"2026-06-27T19:46:53.64403Z","times_seen":294,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"676da7b1e53763fd10daa8ebec30ce1f","sha1":"3b710ca98e1a2c3ce48b0568042f7836b41377b1","sha256":"fd06b7f14be8918d00706bfc9c7e3f9ae93e2f4a4273a1ded6185ea40f52ea6b","sha512":"7f4b588bc5a72479231ed127bcab1cf57044055afd66497e993d50aff18fd52cd2f98fdab3def0d119c77adaf45aeb5d3a730ceb607f51ec8a710889b2ca0c32","ssdeep":"","tlshash":"4d41630ef94778334b91fae174b65d8bcf5a16840338dd45e56280c99241eca862efbd","size":1970,"data":"","first_seen":"2026-02-11T03:08:25.567745Z","last_seen":"2026-06-27T19:46:53.645823Z","times_seen":246,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"1eb27b9120f461a107b77fd6a9ed1149","sha1":"0edf3a843ef46807a79e9333eb91db08c6065dc6","sha256":"1ce64c573e140d93e7b3635996bcbea0b9de221e5fd0814f2230f554be2018a6","sha512":"748ebbd7af4b22fc232434cf56e6bb27f6ce528a5a48bd0000047b7c3f3652de0075c4f2641e2a0e1ff442f15e0c46f2633d1a9fc1256a17b4aa7a499e9eab93","ssdeep":"","tlshash":"83d0970cca30ae5210962c6b3a0a7c0002e302889120a10331086c61fb618811d02303","size":222,"data":"","first_seen":"2026-02-23T12:33:52.63461Z","last_seen":"2026-06-27T19:46:53.64403Z","times_seen":294,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"676da7b1e53763fd10daa8ebec30ce1f","sha1":"3b710ca98e1a2c3ce48b0568042f7836b41377b1","sha256":"fd06b7f14be8918d00706bfc9c7e3f9ae93e2f4a4273a1ded6185ea40f52ea6b","sha512":"7f4b588bc5a72479231ed127bcab1cf57044055afd66497e993d50aff18fd52cd2f98fdab3def0d119c77adaf45aeb5d3a730ceb607f51ec8a710889b2ca0c32","ssdeep":"","tlshash":"4d41630ef94778334b91fae174b65d8bcf5a16840338dd45e56280c99241eca862efbd","size":1970,"data":"","first_seen":"2026-02-11T03:08:25.567745Z","last_seen":"2026-06-27T19:46:53.645823Z","times_seen":246,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/static/js/main.4f6d6acf.js","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"98652a77bfeb994f8eae8bff1444bd2b","sha1":"cb4304d3bed97eecb272fc8d977602e438f0bffa","sha256":"325be39710b0bdd9b143ed984fa94df65488bcf498558542375e2b0cb972c0da","sha512":"a5e699cb9c04f1f16bf6e7ada7b0ee15f0f9dd8213162430bd2c22503372def266c8aa63a4cfde7d5bb8c00c1a6617bb7621a70194d72c94d9412b9d58e18ca6","ssdeep":"6144:iqUe5EV6gJgJN+0Qcr1f4bVMbNYFfeV8dL7LcyWa4EDLiQKr3McvjolUlnuI542:VTtbNO7dL7LcyWaZDLiQA8mEe","tlshash":"93b47dd4b251b1681bb709d2847f4419b33e7a16740d8030f32dec9a36ac699b17ffa9","size":506551,"data":"","first_seen":"2026-06-23T09:57:29.584544Z","last_seen":"2026-06-23T09:58:30.305776Z","times_seen":4,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-23","alert":"Detects file containing Telegram Bot API","trigger":"www.usdt-ils.xyz/static/js/main.4f6d6acf.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/web-vitals.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"40bad0569789999bcb1541198620fa48","sha1":"8e776d3c859d5fddda48614d07b57ac26657fe72","sha256":"eb3f494aa34624b6e9b1010d8a242de308dc344c0011f3686784c9b5977d9ea4","sha512":"5bc9d4e6237640cdb37a6bc48264c604ba37492b6113d699444a6b35b3dce1408d8b9eab9d306e4f6ec23384baf4b0f0f7a154d2e7092ddb6e9db8d4166b94f5","ssdeep":"96:t/CG4vzq4AQ6lXT2AWUlDmSpHmU9ef1yhyljTjPmVDD5LoNUKpwmDUePij:1CG7FNToU0jki1XljfCSGKp4yij","tlshash":"83d1e8f9af81d43812bed1ba90795153323567a1a509419ce23fffe018ac8c6635bf32","size":6460,"data":"","first_seen":"2026-06-19T11:10:18.47296Z","last_seen":"2026-06-27T23:45:30.088224Z","times_seen":576,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/posthog-recorder.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5438c96d315735fadb9879cf2cdc85cd","sha1":"ebad97bc3ff1835da256f84741526ff8b77ca518","sha256":"63040c5e72195e7e02ae8c654e5468b9f37848cbe5cc4300dd77bb1366ab7431","sha512":"ec691d0374d383ec9fce904225d4af39fef7c8229b11ace618feb4c6950f9a590a56b3325bc25fd2026538a223c06a298abc098b22b7020a9e94ef6ba654ea43","ssdeep":"3072:kxL4xa7FMZcGPOdkxYWwqrrMe9bf264yVqP:kxL4x4FxGPOdkxY3qrrMe96hH","tlshash":"87f34ccab765a03357e5512980af0203f2353619704a80a8f2aed9e9357c9c771b7f7e","size":157914,"data":"","first_seen":"2026-06-22T15:44:20.426719Z","last_seen":"2026-06-23T10:17:43.398989Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/3c4efe6d-b355-48a0-811e-61560b9754d7","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"","is_inline":false,"md5":"90b8ffebf84eea5b4d43bbf88bb65041","sha1":"95b004eef5c66492d14e5ef15f07189c9aa88f1d","sha256":"952559adfd1d4fd0cfd141306cbfc139dad87b27859d12356ff9beffd86ecf0d","sha512":"5a12e7aecb00eac81a4fc91873a6c4ebcb56904b754d85192a76be73764d9d0267caeaeff19b0a8daf924ab55fd6f4e374bfbc2b920ab843841c4ce68ec93d93","ssdeep":"","tlshash":"e17151847eb3190800e3b3ae76af5208f13aad173286ed64bb5d53610f5a01575b7fe8","size":3709,"data":"","first_seen":"2026-06-19T14:03:36.439411Z","last_seen":"2026-06-27T19:52:05.064424Z","times_seen":128,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/dead-clicks-autocapture.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"60fac29e4712c229038ece9718066a57","sha1":"7e75b16edff67d2713998c45b807aa0251eefb7b","sha256":"4a4ae8c4165ac8bf7fe71dbcb8b7237de3c74688aaa061b6a6321e342dfc7d3b","sha512":"ebf645bed430436d08dabd393b58c9ed18c68655b03bc64039440bae5489c87d0bc2f2a4987b42661e22a96556af18ca777d3d08462677079a515671b3d5c5b4","ssdeep":"384:ZjlS6fltqEYdkfgpvB568Hkjy5FWHUzk/6Z0+EUHTF6:ZwEB8HD5FUUzk/I0+EUHTF6","tlshash":"bb52fac8b650e2721adb095a807f0702f13a6a18654bcc24f155edcd74adb8251fbe7f","size":14500,"data":"","first_seen":"2026-06-22T15:44:20.414337Z","last_seen":"2026-06-23T10:53:58.192711Z","times_seen":46,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"assets.emergent.sh/scripts/emergent-main.js","fqdn":"assets.emergent.sh","domain":"emergent.sh","tld":"sh"},"ip":{"addr":"3.164.230.32","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3d509e6f6db7779da7ac19a653b6fa67","sha1":"3044f3e4ae0831e7bf9338316dc00f4e3b1f164e","sha256":"d44385a34c94f150e551d65d61953b869e2d092178381669d4d73f602770761f","sha512":"27aaafb9e1def6121a9a6b31ddb6fb73861bc12c62fd96a397fa2b95cd69057c431635936399e927c406af91f9ea911534bfe8ee78c79b797f7d96417ba7e680","ssdeep":"192:0j1rXaJq4F9cxfs5a6aJVg2E8FzCQfuV4HlT80Q5xmQalUwbCMLnzvXgqHO0bHOu:2rYZIdFWVA0ApLnzvwiMHZg6Q","tlshash":"1c82961649a10033492791ad2b8bb585323080471d52fcb8bfcd87983f9d56e9bf27ee","size":18985,"data":"","first_seen":"2026-06-18T16:40:57.304484Z","last_seen":"2026-06-27T19:46:53.606733Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/array.js","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ffdb0f2bfc52d604a5f4a7053795ed10","sha1":"cfa2f7982c753289d8fb789038afdacea355075a","sha256":"b17f1d58ec538092f68dc2d7b3d659b675c00987eac4935dd3400ac44e63445f","sha512":"b26a3e8b510a1209b1f7ee1e80a98685343c1cc64f28b67d42a8e14395f7740602343c7f620cb9286c5dbe0e7a3ca4567580aa1e1a09514eff319e9655acdeb8","ssdeep":"3072:V3sR8nyt6+VXn7KCOyOFev8cdhc0zfiBfweO:V3sR8JgXnuCOyJ/dhc0+BfvO","tlshash":"9b24fa87b77ad03246e690a5d03a0103e32a7b4a6159c06cf36edccd359d58ab277f36","size":211638,"data":"","first_seen":"2026-06-22T15:56:13.447386Z","last_seen":"2026-06-23T11:07:14.260015Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"assets.emergent.sh/scripts/emergent-main.js","fqdn":"assets.emergent.sh","domain":"emergent.sh","tld":"sh"},"ip":{"addr":"3.164.230.32","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.528Z","timestamp":1782208624528,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"assets.emergent.sh","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 17 Sep 2025 00:00:00 GMT","end":"Fri, 16 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"32:7F:85:1D:EE:8D:63:A0:65:71:AB:DB:CE:D9:4D:23:E6:8D:C9:93","sha256":"D9:37:38:24:9C:9E:D3:58:DC:D1:82:40:0B:A1:B1:14:E0:DF:6D:C2:A7:7C:13:92:56:B7:24:0A:16:32:B6:CB"}}},"request":{"raw":"GET /scripts/emergent-main.js HTTP/1.1\r\nHost: assets.emergent.sh\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/javascript\r\nlast-modified: Thu, 18 Jun 2026 14:04:15 GMT\r\nserver: AmazonS3\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: jyB3I5Q7s9yxaEzemXVB443kJ4X72eZQ\r\ncontent-encoding: gzip\r\ndate: Mon, 22 Jun 2026 14:08:54 GMT\r\netag: W/\"7959b4996fa8c5d01998df94ad7dd751\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 7146458eabc0c79851363d3a7ad4d72c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P1\r\nx-amz-cf-id: K68u76xDZwYtpgfJ3yqw0mhqTzZGtYCuprBeif5MrV_loLlneat9Mg==\r\nage: 71294\r\nvary: Accept-Encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":18987,"size_decoded":6024,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"3d509e6f6db7779da7ac19a653b6fa67","sha1":"3044f3e4ae0831e7bf9338316dc00f4e3b1f164e","sha256":"d44385a34c94f150e551d65d61953b869e2d092178381669d4d73f602770761f","sha512":"27aaafb9e1def6121a9a6b31ddb6fb73861bc12c62fd96a397fa2b95cd69057c431635936399e927c406af91f9ea911534bfe8ee78c79b797f7d96417ba7e680","ssdeep":"192:0j1rXaJq4F9cxfs5a6aJVg2E8FzCQfuV4HlT80Q5xmQalUwbCMLnzvXgqHO0bHOu:2rYZIdFWVA0ApLnzvwiMHZg6Q","tlshash":"1c82961649a10033492791ad2b8bb585323080471d52fcb8bfcd87983f9d56e9bf27ee","first_seen":"2026-06-18T16:40:57.304484Z","last_seen":"2026-06-27T19:46:53.606733Z","times_seen":69,"resource_available":true,"data":null}},"time_used":39,"timings":{"blocked":-1,"dns":4,"connect":9,"send":0,"wait":11,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.810Z","timestamp":1782208624810,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 461351\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-28T00:18:18.529489Z","times_seen":220484,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":35,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8985091533:AAE72fpF3qP7tZ9Az9JVEQZ2YNuUwE6rIUk/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.084Z","timestamp":1782208625084,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"POST /bot8985091533:AAE72fpF3qP7tZ9Az9JVEQZ2YNuUwE6rIUk/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nContent-Length: 165\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx/1.30.1\r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/json\r\ncontent-length: 532\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.30.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":532,"size_decoded":917,"mime_type":"application/json","magic":"JSON text data","md5":"da622c048feb6f2442d3165813c4fd6c","sha1":"57c9a23c25dd409e0d9838abe447f106f803ac69","sha256":"0e5e7843434d21f48dd2576c7bd3001093ee71cbef194be2bdc91440153bb501","sha512":"ee2a340fd2442d439d7a54d1ae51088c39607346b3c61a0067320a157f72966b309ff4f001ae456ebdb89ddddc8ab31f0460e77ddffc0534f45157632f7e995c","ssdeep":"","tlshash":"38f0c06d47556dae009dabdcccda3daa848d612311c9dc388295b86d7260064f10d813","first_seen":"2026-06-23T09:57:41.774043Z","last_seen":"2026-06-23T09:57:41.774043Z","times_seen":1,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/favicon.svg","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.352Z","timestamp":1782208625352,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\nage: 62546\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"favicon.svg\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\netag: W/\"3e11659b202b9db24eb6d99075d9ea41\"\r\nlast-modified: Mon, 22 Jun 2026 16:34:39 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::mk57f-1782208625358-3ecce1ebad17\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":1198,"size_decoded":1026,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e11659b202b9db24eb6d99075d9ea41","sha1":"56dcd50cf75e77df8738a1e1fb339b9c35fe096e","sha256":"a47eee267a4424e6174d7c3d8702be43b507340438266709ac1985578a8b4c74","sha512":"62d0152ff4f55f992f790b1db6fff101a4d7d8a78f1cacc1c3e78efd9367d8ac3ac9c9152708bcb91d9162d8f6457c3687cd898a152c0ef5dee4eae6a46ef733","ssdeep":"","tlshash":"e021dd55c6c94966e801831bdb18f429123f478326468724787e2b396f9479b27ab3ec","first_seen":"2026-06-23T09:57:29.589812Z","last_seen":"2026-06-23T09:58:30.303062Z","times_seen":4,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/surveys.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.778Z","timestamp":1782208625778,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 21:41:31 GMT","end":"Sun, 16 Aug 2026 22:41:30 GMT"},"fingerprint":{"sha1":"65:54:A8:E7:4A:54:52:B8:AD:56:6E:86:56:B4:80:CE:AE:0D:DE:6C","sha256":"26:C1:37:27:1D:31:15:CA:10:5E:F2:91:E8:1C:A7:AA:B5:DE:94:21:D8:9A:4A:1B:63:2A:D2:B5:87:38:6D:B8"}}},"request":{"raw":"GET /static/surveys.js?v=1.392.0 HTTP/1.1\r\nHost: us-assets.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/javascript\r\ncf-ray: a102a0671d2756a5-OSL\r\ncf-cache-status: MISS\r\nx-amz-version-id: WJ9J9Mss0Sg1s0lzXYpyTuKkTIkbX9xc\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\nx-amz-server-side-encryption: AES256\r\nlast-modified: Mon, 22 Jun 2026 15:27:12 GMT\r\nserver: cloudflare\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\naccess-control-allow-methods: POST, GET, DELETE, PUT\r\naccess-control-expose-headers: ETag\r\naccess-control-max-age: 3000\r\nx-amz-id-2: toZs/vJ15eSq8GXz/7UsQ1GkPjQin0BrSeOycFVxpFkjOPikKiZvOHQn0RmXP8aL43pmQw4FL4Q1Lo88vmGhhZpq0c7sKCHF\r\nx-amz-request-id: BPJ2TKXKY5R3RZER\r\netag: W/\"719d628e2d1fbaf4c26f33782cbc1b9f\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":96801,"size_decoded":33370,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"719d628e2d1fbaf4c26f33782cbc1b9f","sha1":"78228da71ab8d00a1c46b15bc2fd231f2357cb80","sha256":"46a76d7ad75b55688b54565afbd03cd8092440c0c44d20dc39a3e57d95296a2e","sha512":"b2bf163e1a92482e2914afd5ee9c8a72efff89e4fb1be6a1190a32972615c0c0d1e588aba226fb56c64cf2e8eda4ded3d11787ff540fae7bb2496a71c0f82296","ssdeep":"1536:d9/oVWud2F9fQvo7aTP09+k1IdxUSSPYdoDKPFWM:dxbuGqo7R57Adp4M","tlshash":"f2934cd5ba00f06e51eb80b810be5843f33d6b1afa0d4c54b1179c943dd6988a39ffa6","first_seen":"2026-06-22T15:44:20.381458Z","last_seen":"2026-06-24T15:04:59.574855Z","times_seen":196,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/web-vitals.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.781Z","timestamp":1782208625781,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 21:41:31 GMT","end":"Sun, 16 Aug 2026 22:41:30 GMT"},"fingerprint":{"sha1":"65:54:A8:E7:4A:54:52:B8:AD:56:6E:86:56:B4:80:CE:AE:0D:DE:6C","sha256":"26:C1:37:27:1D:31:15:CA:10:5E:F2:91:E8:1C:A7:AA:B5:DE:94:21:D8:9A:4A:1B:63:2A:D2:B5:87:38:6D:B8"}}},"request":{"raw":"GET /static/web-vitals.js?v=1.392.0 HTTP/1.1\r\nHost: us-assets.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/javascript\r\ncf-ray: a102a0672d3056a5-OSL\r\ncf-cache-status: MISS\r\nx-amz-version-id: ndFSIjz2Fm83FIcTBJaIqV3y2c_2TmVF\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\nx-amz-server-side-encryption: AES256\r\nlast-modified: Mon, 22 Jun 2026 15:27:12 GMT\r\nserver: cloudflare\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\naccess-control-allow-methods: POST, GET, DELETE, PUT\r\naccess-control-expose-headers: ETag\r\naccess-control-max-age: 3000\r\nx-amz-id-2: Mo1R4Gv2dQff7f/aqBYN5AsTBx9iBHu6Hg7ny82OJ5Q8PuSnyi9BtgsPqPFfmmwAI39ZkFvT2yQ=\r\nx-amz-request-id: BPJ182WKK0M8G82M\r\netag: W/\"40bad0569789999bcb1541198620fa48\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6460,"size_decoded":3401,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6420)","md5":"40bad0569789999bcb1541198620fa48","sha1":"8e776d3c859d5fddda48614d07b57ac26657fe72","sha256":"eb3f494aa34624b6e9b1010d8a242de308dc344c0011f3686784c9b5977d9ea4","sha512":"5bc9d4e6237640cdb37a6bc48264c604ba37492b6113d699444a6b35b3dce1408d8b9eab9d306e4f6ec23384baf4b0f0f7a154d2e7092ddb6e9db8d4166b94f5","ssdeep":"96:t/CG4vzq4AQ6lXT2AWUlDmSpHmU9ef1yhyljTjPmVDD5LoNUKpwmDUePij:1CG7FNToU0jki1XljfCSGKp4yij","tlshash":"83d1e8f9af81d43812bed1ba90795153323567a1a509419ce23fffe018ac8c6635bf32","first_seen":"2026-06-19T11:10:18.47296Z","last_seen":"2026-06-27T23:45:30.088224Z","times_seen":576,"resource_available":true,"data":null}},"time_used":135,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/static/js/main.4f6d6acf.js","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.530Z","timestamp":1782208624530,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET /static/js/main.4f6d6acf.js HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\nage: 32053\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"main.4f6d6acf.js\"\r\ncontent-encoding: br\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\netag: W/\"98652a77bfeb994f8eae8bff1444bd2b\"\r\nlast-modified: Tue, 23 Jun 2026 01:02:50 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::6t5rt-1782208624538-60d5f02a409d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":506551,"size_decoded":159112,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65465)","md5":"98652a77bfeb994f8eae8bff1444bd2b","sha1":"cb4304d3bed97eecb272fc8d977602e438f0bffa","sha256":"325be39710b0bdd9b143ed984fa94df65488bcf498558542375e2b0cb972c0da","sha512":"a5e699cb9c04f1f16bf6e7ada7b0ee15f0f9dd8213162430bd2c22503372def266c8aa63a4cfde7d5bb8c00c1a6617bb7621a70194d72c94d9412b9d58e18ca6","ssdeep":"6144:iqUe5EV6gJgJN+0Qcr1f4bVMbNYFfeV8dL7LcyWa4EDLiQKr3McvjolUlnuI542:VTtbNO7dL7LcyWaZDLiQA8mEe","tlshash":"93b47dd4b251b1681bb709d2847f4419b33e7a16740d8030f32dec9a36ac699b17ffa9","first_seen":"2026-06-23T09:57:29.584544Z","last_seen":"2026-06-23T09:58:30.305776Z","times_seen":4,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-23","alert":"Detects file containing Telegram Bot API","trigger":"www.usdt-ils.xyz/static/js/main.4f6d6acf.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700;800;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.592Z","timestamp":1782208624592,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:19 GMT","end":"Mon, 17 Aug 2026 08:38:18 GMT"},"fingerprint":{"sha1":"4D:E0:8E:62:2F:B2:3D:28:5D:7D:B5:8D:C5:3A:72:E4:EE:AB:7D:93","sha256":"AE:0B:4F:B5:B7:41:E5:0C:70:C0:E1:2A:F9:DB:AD:A8:64:94:F3:70:6D:38:1C:8A:8A:CA:52:96:5C:D8:5C:87"}}},"request":{"raw":"GET /css2?family=Inter:wght@300;400;500;600;700;800;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 23 Jun 2026 09:57:04 GMT\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17689,"size_decoded":1563,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"30e76aaeae29f594433bc728a08b4d8f","sha1":"ac1b677b4d702295e7802802376ddd8c84acbc13","sha256":"395e51e3dc84faf99710da8cf316e573703addd6eb598e1b334eff76653e820d","sha512":"93b1661d34210abbdb2c6cca46bb229254b615ba07c05dbcadb65199b9d1e61e18dbb4302236e89188ddc34be20528f503f6140358f82385b1f0e621f93ec4d8","ssdeep":"192:wNA1cO3lnxirNNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kV:8KYXuM0p2+g7GQK","tlshash":"b1828892002ba400ab971dc233cf7f3aaece10896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-11T05:09:40.151737Z","last_seen":"2026-06-27T23:34:18.951706Z","times_seen":4596,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"104.26.9.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.749Z","timestamp":1782208624749,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 05:11:37 GMT","end":"Sun, 13 Sep 2026 06:11:34 GMT"},"fingerprint":{"sha1":"CE:63:0D:F2:C0:D2:04:93:CA:AE:0D:AA:ED:9F:31:01:7A:BC:69:40","sha256":"0D:2E:E4:8D:BD:B6:76:95:B5:BD:B8:C5:CE:61:98:B9:6E:81:B5:4B:16:5C:C0:0C:C9:FB:54:0B:B4:A6:7C:65"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: POST, OPTIONS, HEAD, GET, OPTIONS\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://www.usdt-ils.xyz\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SX6d6e1PpILCyOkeWwRRTWmz58PhZovNv9P0o%2ByfpU71wkxnCEwmzn6HChOCtkvGR1ozqWN8oJAc6uakgTtXZgfDHoLmbfkFB8vUXrvP3L4uK6q8aX4efXYZ\"}]}\r\ncontent-encoding: br\r\ncf-ray: a102a060c8d7b4f7-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":740,"size_decoded":2100,"mime_type":"application/json","magic":"JSON text data","md5":"d2af8351f20ddbf5b2dd20e207a1cef8","sha1":"320e39a537d22eb872fd51219487845fbc7ed793","sha256":"847f90de7d1ee517a339c14ad8df1ff72221f972c2f38d1c0994aa7e88e91fc0","sha512":"f49b84ce692f58fdb320a179feab901b308f8ba2d32ec903a7969c1d8635c5f8c87c8453d7d0d431acf97bd141405bf756ba000616449852442d10e987d95dc2","ssdeep":"","tlshash":"3501df68e4780f7b9cb8135870786817113422175e563a8e7bd4a74d0f8d8bf30b135e","first_seen":"2026-06-12T21:51:12.464949Z","last_seen":"2026-06-27T23:42:24.745488Z","times_seen":654,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":0,"dns":4,"connect":1,"send":0,"wait":243,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.807Z","timestamp":1782208624807,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 461351\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-28T00:18:18.529489Z","times_seen":220484,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":27,"receive":51,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7W0I5nvwUgHU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.813Z","timestamp":1782208624813,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7W0I5nvwUgHU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 84924\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 21 Jun 2026 12:22:18 GMT\r\nexpires: Mon, 21 Jun 2027 12:22:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 164086\r\nlast-modified: Tue, 09 Sep 2025 18:33:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":84924,"size_decoded":85737,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 84924, version 1.0","md5":"f5b588b5cfef2173838149769c8a0269","sha1":"5312086a01f8e8299094ddee5819b9727a19cae2","sha256":"b8811a6cd6f7e0707dfc9e9e6f1daf5f6f450b51e887e163945a9ade91c2720f","sha512":"05d5271c633bbe102775c0b6df9c5e110dae3a2517061714bb5c26ec66a00f8e1b62961135ec96962e7ccaf3942d8e32bd86f42558cbac8ee16ff6c333117886","ssdeep":"1536:PABWz4rSN/GzH27xN5UR1OnX+uyRsd1osLZBi/JGyQI01xDj+C:PAG4rCGa7L5UR1OnX+fGd/VB03QI+xP","tlshash":"378302b4ae71b3968f1c7fe46396273c2a7bdf41053950aeae44e16787f00dba148784","first_seen":"2025-05-29T19:39:57.235915Z","last_seen":"2026-06-28T00:18:18.526615Z","times_seen":16526,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":55,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.i.posthog.com/i/v0/e/?_=1782208633954\u0026ver=1.392.0\u0026compression=gzip-js","fqdn":"us.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"100.56.80.14","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:13.968Z","timestamp":1782208633968,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 16 Nov 2025 00:00:00 GMT","end":"Tue, 15 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6A:93:A0:4B:D8:27:D0:2A:1E:35:71:6C:A2:1C:2A:2C:2E:E1:A7:D7","sha256":"2A:1F:69:7F:28:B0:DA:BD:59:C5:0F:27:B3:35:6D:E9:5B:8B:A2:4A:F8:89:F1:F0:10:CD:CD:8F:62:8E:07:E6"}}},"request":{"raw":"POST /i/v0/e/?_=1782208633954\u0026ver=1.392.0\u0026compression=gzip-js HTTP/1.1\r\nHost: us.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\ncontent-type: text/plain\r\nReferer: https://www.usdt-ils.xyz/\r\nContent-Length: 5361\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:14 GMT\r\ncontent-type: application/json\r\ncontent-length: 15\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: https://www.usdt-ils.xyz\r\naccess-control-allow-credentials: true\r\nx-envoy-upstream-service-time: 23\r\nserver: envoy\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":15,"size_decoded":425,"mime_type":"application/json","magic":"JSON text data","md5":"c86a47ac0d792e37182689c73fcbf6ad","sha1":"8fd92e4671341e79f0a3529ac5e9d59d38db9e78","sha256":"0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1","sha512":"827cafe34edc64ac15f9bb3d269d338f8161a08d174071ed415b8a9e78d0672327e09034445292f90b81f5a063c8606d36ee66b20e0fff0446130303d598a8d3","ssdeep":"","tlshash":"1b600000000000030fc00c00000cc03c3ff30fc0003f00c0030fc0300c030c0c00c000","first_seen":"2023-04-06T21:35:05Z","last_seen":"2026-06-28T00:08:30.337295Z","times_seen":37486,"resource_available":false,"data":null}},"time_used":120,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":119,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdt-ils.xyz/","fqdn":"usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-23T09:57:03.569Z","timestamp":1782208623569,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:52:08 GMT","end":"Sat, 19 Sep 2026 16:52:07 GMT"},"fingerprint":{"sha1":"42:B9:FB:B2:10:4E:45:C7:93:97:9F:14:E6:A5:F6:F8:5B:77:9B:D8","sha256":"6E:EB:8E:65:6E:7A:6B:10:52:2B:DD:81:21:1D:91:40:BD:63:19:6C:54:53:F9:73:EB:4D:AB:FC:B0:95:C3:CC"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 308 \r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/html\r\ndate: Tue, 23 Jun 2026 09:57:03 GMT\r\nlocation: https://www.usdt-ils.xyz/\r\nrefresh: 0;url=https://www.usdt-ils.xyz/\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-id: arn1::l9xns-1782208623879-002709ff90a8\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"308","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-28T00:17:42.149206Z","times_seen":16774226,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":-1,"dns":265,"connect":1,"send":0,"wait":11,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/api/config","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.745Z","timestamp":1782208624745,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: application/json\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::iad1::6t5rt-1782208624751-655ced6ac545\r\ncontent-length: 74\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74,"size_decoded":399,"mime_type":"application/json","magic":"JSON text data","md5":"bb95bee9e938b7d1617331ca5623d55d","sha1":"f67b4ae000d8f3aa960ee1dd67e4b8de1ac02f7d","sha256":"5c46c6a391341fdd9f71bbb18b628e7fc26d3d20d68c71f6260036273c0fe63d","sha512":"fffa4adec5a11098fbaf9b7684c2957d6daaf833da927036fe256e746743f05279c3d25929a3c640bb15d69a33619b2b5b66ec840390b8dbdfa3aff0c5c8fff6","ssdeep":"","tlshash":"e6a024f113001731430c0170340440c44c1074f57cf4cc5350c00dc07075740101cc71","first_seen":"2026-06-23T09:57:41.781639Z","last_seen":"2026-06-23T09:58:30.297308Z","times_seen":2,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/api/config","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.747Z","timestamp":1782208624747,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: application/json\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::iad1::l4zt5-1782208624753-0b285f3aea66\r\ncontent-length: 74\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74,"size_decoded":399,"mime_type":"application/json","magic":"JSON text data","md5":"bb95bee9e938b7d1617331ca5623d55d","sha1":"f67b4ae000d8f3aa960ee1dd67e4b8de1ac02f7d","sha256":"5c46c6a391341fdd9f71bbb18b628e7fc26d3d20d68c71f6260036273c0fe63d","sha512":"fffa4adec5a11098fbaf9b7684c2957d6daaf833da927036fe256e746743f05279c3d25929a3c640bb15d69a33619b2b5b66ec840390b8dbdfa3aff0c5c8fff6","ssdeep":"","tlshash":"e6a024f113001731430c0170340440c44c1074f57cf4cc5350c00dc07075740101cc71","first_seen":"2026-06-23T09:57:41.781639Z","last_seen":"2026-06-23T09:58:30.297308Z","times_seen":2,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":297,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7W0I5nvwUgHU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.808Z","timestamp":1782208624808,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7W0I5nvwUgHU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 84924\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 21 Jun 2026 12:22:18 GMT\r\nexpires: Mon, 21 Jun 2027 12:22:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 164086\r\nlast-modified: Tue, 09 Sep 2025 18:33:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":84924,"size_decoded":85737,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 84924, version 1.0","md5":"f5b588b5cfef2173838149769c8a0269","sha1":"5312086a01f8e8299094ddee5819b9727a19cae2","sha256":"b8811a6cd6f7e0707dfc9e9e6f1daf5f6f450b51e887e163945a9ade91c2720f","sha512":"05d5271c633bbe102775c0b6df9c5e110dae3a2517061714bb5c26ec66a00f8e1b62961135ec96962e7ccaf3942d8e32bd86f42558cbac8ee16ff6c333117886","ssdeep":"1536:PABWz4rSN/GzH27xN5UR1OnX+uyRsd1osLZBi/JGyQI01xDj+C:PAG4rCGa7L5UR1OnX+fGd/VB03QI+xP","tlshash":"378302b4ae71b3968f1c7fe46396273c2a7bdf41053950aeae44e16787f00dba148784","first_seen":"2025-05-29T19:39:57.235915Z","last_seen":"2026-06-28T00:18:18.526615Z","times_seen":16526,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":49,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7W0I5nvwUgHU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.049Z","timestamp":1782208625049,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1pL7W0I5nvwUgHU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18940\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 21 Jun 2026 16:06:51 GMT\r\nexpires: Mon, 21 Jun 2027 16:06:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 150614\r\nlast-modified: Tue, 09 Sep 2025 18:33:46 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":18940,"size_decoded":19753,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18940, version 1.0","md5":"5c8b2708e9cd88a6c9e2172fd1a09d80","sha1":"f8da9a4c7fe5fbb441e8e1e2587f8e7e8e25bf8b","sha256":"20fc1e117a255531a9f1bfc780fa9827a22820f8e07560b155323dff5fd908f2","sha512":"d56292486b6274e3d0d5a00cfa19573469ac4d4173fbdc786cdede8d9e18b8eecba8aa647a115b32770feea0ac2d59c54092642863d4cc2ea725560435c6b780","ssdeep":"384:B5OeSmylzizCljGvu0333XLJyBo9/fsItLbLvAsik1LJ57o:BTylizClUpH9mo1UIt/Lykpno","tlshash":"3c82e0a7f1a24589d84b87c02098e7546967b70821d6acea411be4d90bdbf5e20ad32e","first_seen":"2025-09-12T00:27:30.877732Z","last_seen":"2026-06-27T21:23:50.777006Z","times_seen":2656,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/array/phc_xAvL2Iq4tFmANRE7kzbKwaSqp1HJjN7x48s3vr0CMjs/config.js","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.613Z","timestamp":1782208625613,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 21:41:31 GMT","end":"Sun, 16 Aug 2026 22:41:30 GMT"},"fingerprint":{"sha1":"65:54:A8:E7:4A:54:52:B8:AD:56:6E:86:56:B4:80:CE:AE:0D:DE:6C","sha256":"26:C1:37:27:1D:31:15:CA:10:5E:F2:91:E8:1C:A7:AA:B5:DE:94:21:D8:9A:4A:1B:63:2A:D2:B5:87:38:6D:B8"}}},"request":{"raw":"GET /array/phc_xAvL2Iq4tFmANRE7kzbKwaSqp1HJjN7x48s3vr0CMjs/config.js HTTP/1.1\r\nHost: us-assets.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/javascript\r\ncache-control: public, max-age=300\r\nvary: Origin, Referer,origin, access-control-request-method, access-control-request-headers, Accept-Encoding\r\naccess-control-allow-origin: https://www.usdt-ils.xyz\r\naccess-control-allow-credentials: true\r\nx-envoy-upstream-service-time: 26\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nlast-modified: Tue, 23 Jun 2026 09:57:05 GMT\r\ncf-cache-status: MISS\r\ncf-ray: a102a0661bec56a5-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1566,"size_decoded":1405,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1367)","md5":"2b5888bf4718f3b67a3d9cc47f41bbe7","sha1":"24cd6e92dc7be07f39aa1e8dbe07489c811a989d","sha256":"d0b9ab2470bf717462eeea653d0c1c8a1a0eeee0f4fc3e2128b0e75afeab0276","sha512":"bb6083a3bfc4207cdac81419b6288f4457be90e65743e0bb2005e28d1d6e0dff18c0e82c3ec51dff951c7c9a152c4589f16d0a2d3e0b9bd278f5e646fa0d5060","ssdeep":"","tlshash":"8031872f1e1d2831aaaa5325e6d77f456ffe0233314c2848f8dc029452dd7db9987507","first_seen":"2026-04-14T07:13:14.744737Z","last_seen":"2026-06-27T19:46:53.621683Z","times_seen":241,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/dead-clicks-autocapture.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.779Z","timestamp":1782208625779,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 21:41:31 GMT","end":"Sun, 16 Aug 2026 22:41:30 GMT"},"fingerprint":{"sha1":"65:54:A8:E7:4A:54:52:B8:AD:56:6E:86:56:B4:80:CE:AE:0D:DE:6C","sha256":"26:C1:37:27:1D:31:15:CA:10:5E:F2:91:E8:1C:A7:AA:B5:DE:94:21:D8:9A:4A:1B:63:2A:D2:B5:87:38:6D:B8"}}},"request":{"raw":"GET /static/dead-clicks-autocapture.js?v=1.392.0 HTTP/1.1\r\nHost: us-assets.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:06 GMT\r\ncontent-type: application/javascript\r\ncf-ray: a102a0671d2956a5-OSL\r\ncf-cache-status: MISS\r\nx-amz-version-id: 5KEJPLNkga_q4_yArOM3jtVEzFEfoc_1\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\nx-amz-server-side-encryption: AES256\r\nlast-modified: Mon, 22 Jun 2026 15:27:12 GMT\r\nserver: cloudflare\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\naccess-control-allow-methods: POST, GET, DELETE, PUT\r\naccess-control-expose-headers: ETag\r\naccess-control-max-age: 3000\r\nx-amz-id-2: kgGHDM3S6NLkiaq3+y7SM30CwfsJlhDikwpemK5VV4wkTzb6TmqA6ckwX8NhO6xI7WJHKGUtE7FDj+eRxuhhxL47CuHryJWf\r\nx-amz-request-id: VJ929RAKEBQF1R1D\r\netag: W/\"60fac29e4712c229038ece9718066a57\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":14500,"size_decoded":6318,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14447)","md5":"60fac29e4712c229038ece9718066a57","sha1":"7e75b16edff67d2713998c45b807aa0251eefb7b","sha256":"4a4ae8c4165ac8bf7fe71dbcb8b7237de3c74688aaa061b6a6321e342dfc7d3b","sha512":"ebf645bed430436d08dabd393b58c9ed18c68655b03bc64039440bae5489c87d0bc2f2a4987b42661e22a96556af18ca777d3d08462677079a515671b3d5c5b4","ssdeep":"384:ZjlS6fltqEYdkfgpvB568Hkjy5FWHUzk/6Z0+EUHTF6:ZwEB8HD5FUUzk/I0+EUHTF6","tlshash":"bb52fac8b650e2721adb095a807f0702f13a6a18654bcc24f155edcd74adb8251fbe7f","first_seen":"2026-06-22T15:44:20.414337Z","last_seen":"2026-06-23T10:53:58.192711Z","times_seen":46,"resource_available":true,"data":null}},"time_used":510,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":510,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/static/css/main.54babbb1.css","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.533Z","timestamp":1782208624533,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET /static/css/main.54babbb1.css HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\nage: 32054\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"main.54babbb1.css\"\r\ncontent-encoding: br\r\ncontent-type: text/css; charset=utf-8\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\netag: W/\"e9485b84211af80b79ce382bdbc1b5c0\"\r\nlast-modified: Tue, 23 Jun 2026 01:02:49 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::nk4k6-1782208624539-c0d3f8eb12ab\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":68795,"size_decoded":13485,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (63157)","md5":"e9485b84211af80b79ce382bdbc1b5c0","sha1":"c6e92b93db990000effc7ba794117e0696ce49cf","sha256":"590d2b9854f8300b87e744df61a05ca6afbe0f5803f65a830b352609fee843f6","sha512":"cf9d07e4ae08e8577af32c55ce936de4c7f8dca8e9be87182ea75b53030966d787493d7cfdaf6128779a2283115ee6612acbc37a56a6640f012217081808ed6a","ssdeep":"1536:aFsofh7+HY5VaxYF6ccw5G6jaDPgvl9DNtnG/Wxm7hbbH0E:aFsofh7+MVaxYBcw5G6jaDPgvl9DNtns","tlshash":"d263a52aa958503f7c23a1f8c3dcb9ec511af0c0dd3b07f9b996512467e36f529ab604","first_seen":"2026-06-23T09:57:29.588227Z","last_seen":"2026-06-23T09:58:30.301328Z","times_seen":4,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.telegram.org/bot8985091533:AAE72fpF3qP7tZ9Az9JVEQZ2YNuUwE6rIUk/sendMessage","fqdn":"api.telegram.org","domain":"telegram.org","tld":"org"},"ip":{"addr":"149.154.166.110","port":443,"asn":62041,"as":"Telegram Messenger Inc","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.086Z","timestamp":1782208625086,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.telegram.org","organization":""},"issuer":{"commonName":"Go Daddy Secure Certificate Authority - G2","organization":"GoDaddy.com, Inc."},"validity":{"start":"Tue, 11 Nov 2025 15:14:09 GMT","end":"Sun, 13 Dec 2026 15:14:09 GMT"},"fingerprint":{"sha1":"EC:27:13:72:1E:6C:94:9F:47:59:A4:24:4F:AB:9B:02:E3:6E:54:41","sha256":"64:47:03:9A:C9:ED:B9:03:8C:07:6E:AA:3D:BF:75:4B:4C:C1:4E:C1:A5:8C:83:2D:3E:FD:0C:E7:F7:82:C2:71"}}},"request":{"raw":"OPTIONS /bot8985091533:AAE72fpF3qP7tZ9Az9JVEQZ2YNuUwE6rIUk/sendMessage HTTP/1.1\r\nHost: api.telegram.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.usdt-ils.xyz/\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 \r\nserver: nginx/1.30.1\r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: content-type\r\naccess-control-expose-headers: Content-Length,Content-Type,Date,Server,Connection\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"","fingerprints":[{"name":"Nginx:1.30.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":334,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-28T00:17:42.149206Z","times_seen":16774226,"resource_available":true,"data":null}},"time_used":65,"timings":{"blocked":0,"dns":0,"connect":19,"send":0,"wait":18,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.i.posthog.com/e/?_=1782208625635\u0026ver=1.392.0\u0026compression=gzip-js","fqdn":"us.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"100.56.80.14","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.639Z","timestamp":1782208625639,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 16 Nov 2025 00:00:00 GMT","end":"Tue, 15 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6A:93:A0:4B:D8:27:D0:2A:1E:35:71:6C:A2:1C:2A:2C:2E:E1:A7:D7","sha256":"2A:1F:69:7F:28:B0:DA:BD:59:C5:0F:27:B3:35:6D:E9:5B:8B:A2:4A:F8:89:F1:F0:10:CD:CD:8F:62:8E:07:E6"}}},"request":{"raw":"POST /e/?_=1782208625635\u0026ver=1.392.0\u0026compression=gzip-js HTTP/1.1\r\nHost: us.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\ncontent-type: text/plain\r\nReferer: https://www.usdt-ils.xyz/\r\nContent-Length: 845\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:06 GMT\r\ncontent-type: application/json\r\ncontent-length: 15\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: https://www.usdt-ils.xyz\r\naccess-control-allow-credentials: true\r\nx-envoy-upstream-service-time: 22\r\nserver: envoy\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":15,"size_decoded":425,"mime_type":"application/json","magic":"JSON text data","md5":"c86a47ac0d792e37182689c73fcbf6ad","sha1":"8fd92e4671341e79f0a3529ac5e9d59d38db9e78","sha256":"0c40bafcfdc8adc6db63a6a5bfdb3dd5201798e6163fc674dc2fcbdb2a4134f1","sha512":"827cafe34edc64ac15f9bb3d269d338f8161a08d174071ed415b8a9e78d0672327e09034445292f90b81f5a063c8606d36ee66b20e0fff0446130303d598a8d3","ssdeep":"","tlshash":"1b600000000000030fc00c00000cc03c3ff30fc0003f00c0030fc0300c030c0c00c000","first_seen":"2023-04-06T21:35:05Z","last_seen":"2026-06-28T00:08:30.337295Z","times_seen":37486,"resource_available":false,"data":null}},"time_used":408,"timings":{"blocked":0,"dns":3,"connect":94,"send":0,"wait":119,"receive":0,"ssl":192},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.524Z","timestamp":1782208624524,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:19 GMT","end":"Mon, 17 Aug 2026 08:38:18 GMT"},"fingerprint":{"sha1":"4D:E0:8E:62:2F:B2:3D:28:5D:7D:B5:8D:C5:3A:72:E4:EE:AB:7D:93","sha256":"AE:0B:4F:B5:B7:41:E5:0C:70:C0:E1:2A:F9:DB:AD:A8:64:94:F3:70:6D:38:1C:8A:8A:CA:52:96:5C:D8:5C:87"}}},"request":{"raw":"GET /css2?family=Inter:wght@600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Tue, 23 Jun 2026 09:57:04 GMT\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2591,"size_decoded":1319,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"6047a041c56fc1275ceea606848dc0c8","sha1":"f0d19dbc2cec6c1c8289b577d68060115a5d98f9","sha256":"6f3fe784a8b0168bff4615d82d9e49b7fd85eaa4e5f3e5e2ea6e32bfb902ccd2","sha512":"62430268b9a04bf5edd6accda5a05513580388e26327eb693878e7352d899ad211f4e14beb9ee2518ad1e85e3ba681208f10f0083997062c7e0de2efafdeef5d","ssdeep":"","tlshash":"4351af91002ba500ab871dd673cf3f35aece72482085c5b95bfd0dc59cdae26036978e","first_seen":"2025-09-17T10:36:36.253362Z","last_seen":"2026-06-27T19:46:53.605537Z","times_seen":731,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":14,"send":0,"wait":32,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.812Z","timestamp":1782208624812,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 461351\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-28T00:18:18.529489Z","times_seen":220484,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":24,"dns":0,"connect":0,"send":0,"wait":40,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"us.i.posthog.com/flags/?v=2\u0026_=1782208625814\u0026ver=1.392.0\u0026compression=base64","fqdn":"us.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"100.56.80.14","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.818Z","timestamp":1782208625818,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Sun, 16 Nov 2025 00:00:00 GMT","end":"Tue, 15 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"6A:93:A0:4B:D8:27:D0:2A:1E:35:71:6C:A2:1C:2A:2C:2E:E1:A7:D7","sha256":"2A:1F:69:7F:28:B0:DA:BD:59:C5:0F:27:B3:35:6D:E9:5B:8B:A2:4A:F8:89:F1:F0:10:CD:CD:8F:62:8E:07:E6"}}},"request":{"raw":"POST /flags/?v=2\u0026_=1782208625814\u0026ver=1.392.0\u0026compression=base64 HTTP/1.1\r\nHost: us.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\ncontent-type: application/x-www-form-urlencoded\r\nReferer: https://www.usdt-ils.xyz/\r\nContent-Length: 1293\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:06 GMT\r\ncontent-type: application/json\r\nvary: origin, access-control-request-method, access-control-request-headers, Accept-Encoding\r\naccess-control-allow-origin: https://www.usdt-ils.xyz\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: x-posthog-rate-limit-warning\r\nx-envoy-upstream-service-time: 33\r\ncontent-encoding: gzip\r\nserver: envoy\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":44261,"size_decoded":7277,"mime_type":"application/json","magic":"JSON text data","md5":"c883489e7b943a2afca0714955a400e0","sha1":"e0aa6468ee2b21eda7e5737e55120a51fc7e5a98","sha256":"fc00ed8ca6ea4bcde3681a387e2a1b05ca333b8eed883fe32a593bebf44492e9","sha512":"2ed2e86dedf45ce81c854900e8c524f65495712d195e7784b9b55aaf45b4544718cf5bd9c14c2b9164b95f5a8ecaed3b864bbd6256f9b8331d12e26e0a7876d5","ssdeep":"768:O9GFsBWTE4YR03QeXBk/Si4CmIOOLx44rR:O0FsBWTBYR03QeXBk/Si4CmIOOnrR","tlshash":"d2133831ac14f9b7658fc3a088adfe164b7e277b0a514c500c469a3c43a76f5ba2bc75","first_seen":"2026-06-23T09:57:41.788291Z","last_seen":"2026-06-23T09:57:41.788291Z","times_seen":1,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":0,"dns":0,"connect":93,"send":0,"wait":130,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/api/config","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.726Z","timestamp":1782208624726,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: application/json\r\ndate: Tue, 23 Jun 2026 09:55:54 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::iad1::6mn62-1782208624732-5fa89f2711bc\r\ncontent-length: 74\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":74,"size_decoded":399,"mime_type":"application/json","magic":"JSON text data","md5":"bb95bee9e938b7d1617331ca5623d55d","sha1":"f67b4ae000d8f3aa960ee1dd67e4b8de1ac02f7d","sha256":"5c46c6a391341fdd9f71bbb18b628e7fc26d3d20d68c71f6260036273c0fe63d","sha512":"fffa4adec5a11098fbaf9b7684c2957d6daaf833da927036fe256e746743f05279c3d25929a3c640bb15d69a33619b2b5b66ec840390b8dbdfa3aff0c5c8fff6","ssdeep":"","tlshash":"e6a024f113001731430c0170340440c44c1074f57cf4cc5350c00dc07075740101cc71","first_seen":"2026-06-23T09:57:41.781639Z","last_seen":"2026-06-23T09:58:30.297308Z","times_seen":2,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/posthog-recorder.js?v=1.392.0","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:05.775Z","timestamp":1782208625775,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 21:41:31 GMT","end":"Sun, 16 Aug 2026 22:41:30 GMT"},"fingerprint":{"sha1":"65:54:A8:E7:4A:54:52:B8:AD:56:6E:86:56:B4:80:CE:AE:0D:DE:6C","sha256":"26:C1:37:27:1D:31:15:CA:10:5E:F2:91:E8:1C:A7:AA:B5:DE:94:21:D8:9A:4A:1B:63:2A:D2:B5:87:38:6D:B8"}}},"request":{"raw":"GET /static/posthog-recorder.js?v=1.392.0 HTTP/1.1\r\nHost: us-assets.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/javascript\r\ncf-ray: a102a0671d1d56a5-OSL\r\ncf-cache-status: MISS\r\nx-amz-version-id: KsJkA6Fb_v3feAaj7J.NOTIrWGjmMwTZ\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\nx-amz-server-side-encryption: AES256\r\nlast-modified: Mon, 22 Jun 2026 15:27:12 GMT\r\nserver: cloudflare\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\naccess-control-allow-methods: POST, GET, DELETE, PUT\r\naccess-control-expose-headers: ETag\r\naccess-control-max-age: 3000\r\nx-amz-id-2: dcrMpJv27ksB7mnxdejjbSbO1YN0//rDThlXbAKWAmVnrJnneJZ5Gz4MHuDsX3o5eaBU7sSKjQo=\r\nx-amz-request-id: BPJ4CPK3DQVD8MYE\r\netag: W/\"5438c96d315735fadb9879cf2cdc85cd\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":157914,"size_decoded":51802,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5438c96d315735fadb9879cf2cdc85cd","sha1":"ebad97bc3ff1835da256f84741526ff8b77ca518","sha256":"63040c5e72195e7e02ae8c654e5468b9f37848cbe5cc4300dd77bb1366ab7431","sha512":"ec691d0374d383ec9fce904225d4af39fef7c8229b11ace618feb4c6950f9a590a56b3325bc25fd2026538a223c06a298abc098b22b7020a9e94ef6ba654ea43","ssdeep":"3072:kxL4xa7FMZcGPOdkxYWwqrrMe9bf264yVqP:kxL4x4FxGPOdkxY3qrrMe96hH","tlshash":"87f34ccab765a03357e5512980af0203f2353619704a80a8f2aed9e9357c9c771b7f7e","first_seen":"2026-06-22T15:44:20.426719Z","last_seen":"2026-06-23T10:17:43.398989Z","times_seen":31,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.usdt-ils.xyz/","fqdn":"www.usdt-ils.xyz","domain":"usdt-ils.xyz","tld":"xyz"},"ip":{"addr":"216.150.1.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-23T09:57:03.916Z","timestamp":1782208623916,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.usdt-ils.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 21 Jun 2026 16:51:02 GMT","end":"Sat, 19 Sep 2026 16:51:01 GMT"},"fingerprint":{"sha1":"84:7C:5A:C1:23:2D:84:08:17:C9:2C:56:D8:16:26:E0:F8:44:DB:EE","sha256":"BE:87:8D:14:78:40:A8:1E:B0:9B:23:34:AD:C3:24:92:F5:3C:0C:B4:7D:43:C6:9E:53:EB:33:99:A0:E5:E5:C3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.usdt-ils.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\naccess-control-allow-origin: *\r\nage: 62557\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"index.html\"\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Tue, 23 Jun 2026 09:57:04 GMT\r\netag: W/\"c995ca13e0db6ed27e46ddcf485e6cd9\"\r\nlast-modified: Mon, 22 Jun 2026 16:34:26 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::l4zt5-1782208624072-34a2bcd3e87d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3204,"size_decoded":2155,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (3202), with no line terminators","md5":"c995ca13e0db6ed27e46ddcf485e6cd9","sha1":"e8f60d22cf54f2f7f065d8d4fd06772c1c84cd11","sha256":"8c4e1f232a3ae25033f638667880a47425b5526ab5f0978247f7d1c2473af428","sha512":"d076cb1df24572f9291a63b994365b9996e5b66f51cf2290faf0e6bb37943edf08f5018aaf9066173ee130ba2f8b567278be2a2f4756a6ff08014cf6387ab94f","ssdeep":"","tlshash":"f261a40eed02e83347a0f6e279b6b80ecb5e06884734dd41f5a140c98690ec6891af6d","first_seen":"2026-06-23T09:57:29.592148Z","last_seen":"2026-06-23T09:58:30.304046Z","times_seen":4,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":-1,"dns":116,"connect":1,"send":0,"wait":11,"receive":0,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-23","alert":"Sinkholed","trigger":"www.usdt-ils.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"us-assets.i.posthog.com/static/array.js","fqdn":"us-assets.i.posthog.com","domain":"posthog.com","tld":"com"},"ip":{"addr":"172.66.166.164","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.658Z","timestamp":1782208624658,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.i.posthog.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 18 May 2026 21:41:31 GMT","end":"Sun, 16 Aug 2026 22:41:30 GMT"},"fingerprint":{"sha1":"65:54:A8:E7:4A:54:52:B8:AD:56:6E:86:56:B4:80:CE:AE:0D:DE:6C","sha256":"26:C1:37:27:1D:31:15:CA:10:5E:F2:91:E8:1C:A7:AA:B5:DE:94:21:D8:9A:4A:1B:63:2A:D2:B5:87:38:6D:B8"}}},"request":{"raw":"GET /static/array.js HTTP/1.1\r\nHost: us-assets.i.posthog.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://www.usdt-ils.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Tue, 23 Jun 2026 09:57:05 GMT\r\ncontent-type: application/javascript\r\ncf-ray: a102a0603c0956a5-OSL\r\ncf-cache-status: MISS\r\nx-amz-version-id: 5pXs40xReW.I71RKQxU0f.8Qm_QDtosE\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\nx-amz-server-side-encryption: AES256\r\nlast-modified: Mon, 22 Jun 2026 15:27:12 GMT\r\nserver: cloudflare\r\nvary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method\r\naccess-control-allow-methods: POST, GET, DELETE, PUT\r\naccess-control-expose-headers: ETag\r\naccess-control-max-age: 3000\r\nx-amz-id-2: sNoIvIIMzIAE2+ENtK21ftjCg0g7NucHfJsO67+grgohYc/HlT0bjR4MeJ8+9+UQk9AwvBFCJ1q0h9IUtaQ4E9tsQ+/OFFFj\r\nx-amz-request-id: BPJ2E7BY79XKETWG\r\netag: W/\"ffdb0f2bfc52d604a5f4a7053795ed10\"\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":211638,"size_decoded":70277,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65530), with no line terminators","md5":"ffdb0f2bfc52d604a5f4a7053795ed10","sha1":"cfa2f7982c753289d8fb789038afdacea355075a","sha256":"b17f1d58ec538092f68dc2d7b3d659b675c00987eac4935dd3400ac44e63445f","sha512":"b26a3e8b510a1209b1f7ee1e80a98685343c1cc64f28b67d42a8e14395f7740602343c7f620cb9286c5dbe0e7a3ca4567580aa1e1a09514eff319e9655acdeb8","ssdeep":"3072:V3sR8nyt6+VXn7KCOyOFev8cdhc0zfiBfweO:V3sR8JgXnuCOyJ/dhc0+BfvO","tlshash":"9b24fa87b77ad03246e690a5d03a0103e32a7b4a6159c06cf36edccd359d58ab277f36","first_seen":"2026-06-22T15:56:13.447386Z","last_seen":"2026-06-23T11:07:14.260015Z","times_seen":32,"resource_available":true,"data":null}},"time_used":574,"timings":{"blocked":0,"dns":5,"connect":2,"send":0,"wait":553,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.usdt-ils.xyz/","date":"2026-06-23T09:57:04.805Z","timestamp":1782208624805,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 May 2026 08:38:18 GMT","end":"Mon, 17 Aug 2026 08:38:17 GMT"},"fingerprint":{"sha1":"C4:91:D1:0E:C2:A8:68:24:7B:00:2B:4A:EB:42:41:E0:29:E2:4E:A0","sha256":"68:29:56:08:39:D8:99:7B:20:CC:14:D3:4F:4D:D2:55:68:A6:27:DC:52:E9:7B:CF:CE:6B:D3:13:BC:97:65:C1"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://www.usdt-ils.xyz\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Jun 2026 01:47:53 GMT\r\nexpires: Fri, 18 Jun 2027 01:47:53 GMT\r\ncache-control: public, max-age=31536000\r\nage: 461351\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":48532,"size_decoded":49345,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-28T00:18:18.529489Z","times_seen":220484,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":31,"send":0,"wait":20,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}