{"report_id":"24525bc8-11a4-41f7-9ff9-ce094866f02a","version":0,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-06-18T11:02:29Z","url":{"schema":"http","addr":"coinapibase.appletteron2fa.xyz","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"ip":{"addr":"79.133.41.61","port":0,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"coinapibase.appletteron2fa.xyz/","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"title":"CoinBase Landing - Secure Portfolio","dom":{"size":20458,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9405)","md5":"52e6b396b1b166a02803cbd4217fe081","sha1":"5eb98ec2b1a1e66851eea96732907a9546bc4665","sha256":"6c5003573e4ca518aa9509c8a5a912a46c4dfb616994b7ad8d9e907090773fa8","sha512":"7c543100d1df506e93bab93d4e870d3c7dd0db2b65a2ef7d38b338fbf58d98375346c36e18e5a8dff528afcf424c8ae26fb4132ef49a1b8f570fb5ee22a38f15","ssdeep":"192:IhJwfJH7JXeS7JXex/27xeqSm0RdYJ4UJovlOv+9oOhKpKZp6p2upN6pzc9lRgz9:IohL7QQ0RWnKgW91eu5","tlshash":"8192d82a66b0047e6c53c1e2f971b719ba14e5c3ea3bc5e5b68d0550afcbd638d83308","dom_hash":"domhashf8b3c8181b38c60de37df45dbe467515","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"coinapibase.appletteron2fa.xyz","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"ip":{"addr":"79.133.41.61","port":0,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-23T11:02:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-18","alert":"Detects file containing Telegram Bot API","trigger":"coinapibase.appletteron2fa.xyz/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"coinapibase.appletteron2fa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"www.zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"coinapibase.appletteron2fa.xyz","ip":{"addr":"79.133.41.61","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2026-06-12","domain_rank":0,"first_seen":"2026-06-18T11:02:30.469959Z","last_seen":"2026-06-18T11:02:30.469959Z","alert_count":4,"request_count":2,"received_data":13143,"sent_data":1035,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"www.zupimages.net","ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-03-28","domain_rank":476411,"first_seen":"2012-10-19T21:50:23Z","last_seen":"2026-06-12T09:20:04.413529Z","alert_count":4,"request_count":4,"received_data":357487,"sent_data":2124,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-06-15T07:55:39.485413Z","alert_count":0,"request_count":2,"received_data":408703,"sent_data":966,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-06-14T23:49:50.803257Z","alert_count":0,"request_count":1,"received_data":90143,"sent_data":495,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"zupimages.net","ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-03-28","domain_rank":32352,"first_seen":"2012-08-24T16:06:23Z","last_seen":"2026-06-12T09:20:04.853204Z","alert_count":4,"request_count":4,"received_data":2276,"sent_data":2236,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"coinapibase.appletteron2fa.xyz/","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"ip":{"addr":"79.133.41.61","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"md5":"f7762c372ad3d2d4f842ceaf36ef0488","sha1":"1015a0d7936f1780b8a885d5a082bb0759800e7a","sha256":"0b16889def7d02c52d2a6b11f34da6f104fd9cf6fb13cb58c79384358c764218","sha512":"1a3773f4b4e15121dc0e0053248169b12f81a116d388e7af22dcf23020e8045178a5cafcf56d014f22765a33a66d67d3ff2607865b5b5e6bd47985bcce0e3fd0","size":1698,"token":"8807611218:AAGzBTtYSdxc2VlNt2P-HdBiXz8BeIWQ7zM","is_revoked":false,"bot":{"token":"8807611218:AAGzBTtYSdxc2VlNt2P-HdBiXz8BeIWQ7zM","user_id":"8807611218","username":"apiiiiiiii_bot","first_name":"api","last_name":"","chat":{"chat_id":"-1004318147674","title":"API","type":"supergroup","bot_is":"administrator","total_users":5,"active_members":null,"admins":[{"user_id":1093628610,"username":"bskeiim","first_name":"Xx","last_name":"","is_bot":false},{"user_id":1044731237,"username":"btrdz","first_name":"🇩🇿N","last_name":"BTR","is_bot":false},{"user_id":8807611218,"username":"apiiiiiiii_bot","first_name":"api","last_name":"","is_bot":true},{"user_id":8389289938,"username":"Satocxi","first_name":"Satocxi","last_name":"","is_bot":false}]},"pending_messages":53}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","size":407279,"data":"","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-06-20T15:29:29.552632Z","times_seen":41110,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-20T15:23:35.730733Z","times_seen":482799,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coinapibase.appletteron2fa.xyz/","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"ip":{"addr":"79.133.41.61","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"f7762c372ad3d2d4f842ceaf36ef0488","sha1":"1015a0d7936f1780b8a885d5a082bb0759800e7a","sha256":"0b16889def7d02c52d2a6b11f34da6f104fd9cf6fb13cb58c79384358c764218","sha512":"1a3773f4b4e15121dc0e0053248169b12f81a116d388e7af22dcf23020e8045178a5cafcf56d014f22765a33a66d67d3ff2607865b5b5e6bd47985bcce0e3fd0","ssdeep":"","tlshash":"6b31af55faba2d1046377087633b9001272594473915ddb4b64dd2d46f1ea69e092acc","size":1698,"data":"","first_seen":"2026-06-18T11:02:37.983691Z","last_seen":"2026-06-18T11:03:49.437089Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-18","alert":"Detects file containing Telegram Bot API","trigger":"coinapibase.appletteron2fa.xyz/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"warn","text":"cdn.tailwindcss.com should not be used in production. To use Tailwind CSS in production, install it as a PostCSS plugin or use the Tailwind CLI: https://tailwindcss.com/docs/installation","filename":"https://cdn.tailwindcss.com/","line_number":0,"column_number":0}]},"http":[{"url":{"schema":"https","addr":"zupimages.net/up/26/25/nn4s.png","fqdn":"zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.417Z","timestamp":1781780523417,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/nn4s.png HTTP/1.1\r\nHost: zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\ndate: Thu, 18 Jun 2026 11:02:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://www.zupimages.net/up/26/25/nn4s.png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zCuY2vTzITnBt0ExcBo%2FFFd1QxV3Sytng3OrUamm%2FJXdJ%2Bw7nInzEsH0D1ZQEepHTizOOUfOm70Q4yExYN00%2B7BviUGIIkOuQsrU98PPLoaOo3vDJ1733jJt1bJ1ryoK\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: a0d9ccb139dca0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T15:29:45.20464Z","times_seen":16582925,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":292,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"coinapibase.appletteron2fa.xyz/favicon.ico","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"ip":{"addr":"79.133.41.61","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:10.286Z","timestamp":1781780530286,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.coinapibase.appletteron2fa.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 17 Jun 2026 17:17:18 GMT","end":"Tue, 15 Sep 2026 17:17:17 GMT"},"fingerprint":{"sha1":"79:35:74:4F:C1:02:7A:E5:6F:7F:C9:A9:E4:81:C1:19:69:77:1C:E0","sha256":"97:6E:4A:72:B1:EB:85:FA:9A:11:6B:13:A4:A6:54:E9:A5:DD:B7:4A:62:88:AF:5E:AA:1D:EE:22:CC:9F:0B:F3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: coinapibase.appletteron2fa.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 \r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Thu, 18 Jun 2026 11:02:10 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1251,"size_decoded":1637,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF, LF line terminators","md5":"8150f458ed6fb9b1db4e5cfa57a1a281","sha1":"6e5726854d28687b560d7fdcb5c782c425c7dfb9","sha256":"4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896","sha512":"4cc6a112673aef8bb8bb8a385c26791b805d43bb707b509880e894f1c83bab4e16f13de187036c5f660c3bec1d286258396b7bde65c5d7945c5019665196818c","ssdeep":"","tlshash":"c021353ec1c1560ae0271164fbc1f7a86669825291970f703b9eb176f6cd0bb56a36c8","first_seen":"2024-02-08T16:48:55Z","last_seen":"2026-06-20T15:29:59.91325Z","times_seen":134839,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"coinapibase.appletteron2fa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zupimages.net/up/26/25/xw27.png","fqdn":"zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.415Z","timestamp":1781780523415,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/xw27.png HTTP/1.1\r\nHost: zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\ndate: Thu, 18 Jun 2026 11:02:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://www.zupimages.net/up/26/25/xw27.png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y2hQs2Hj9YWhfzSxmvUTbARZaNDWMpPkxFbPrLmtxq8J%2FkNMhrZ6eP7Q7Z%2BNxesfIVVyDGB9EaL3BiMvQRLRIGeoydZ9AkkwNaeLg45mzUeO5JyEUD0p1EZiSoO7o8VQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: a0d9ccb139e0a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T15:29:45.20464Z","times_seen":16582925,"resource_available":true,"data":null}},"time_used":299,"timings":{"blocked":293,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zupimages.net/up/26/25/0ek3.png","fqdn":"zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.418Z","timestamp":1781780523418,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/0ek3.png HTTP/1.1\r\nHost: zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 \r\ndate: Thu, 18 Jun 2026 11:02:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://www.zupimages.net/up/26/25/0ek3.png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hzpFYVBX7Q497Q6nuY4KDCCUKKuI8n0QLYAQhqazP%2BbFMtKUICVfTd%2BPFHNKGVFb64g2fWD3yHOh9DLsanLuLElOZ%2BMa428lQiI4kOtq6Dvwlz5AQ2G1iY1YTtWLB6Q1\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: a0d9ccb139d7a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T15:29:45.20464Z","times_seen":16582925,"resource_available":true,"data":null}},"time_used":530,"timings":{"blocked":291,"dns":0,"connect":3,"send":0,"wait":8,"receive":0,"ssl":226},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.zupimages.net/up/26/25/xw27.png","fqdn":"www.zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.727Z","timestamp":1781780523727,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/xw27.png HTTP/1.1\r\nHost: www.zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 18 Jun 2026 11:02:03 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: filename=\"xw27.png\"\r\nstrict-transport-security: max-age=15768000\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Thu, 18 Jun 2026 11:02:03 GMT\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d8h1Osj5TLzBUJIrnFc8fB5Lo0O1a1s3ZmA%2FYv6mW02%2BKNX11Eu1u%2B6Hs%2FiVlpE4CprZb48Zrd0zczizVYah9smE2oaxZGFNnuQ1LQiXl%2FwGCvSyOt1av1ckyS5AaQ1nfehEJQ%3D%3D\"}]}\r\ncf-ray: a0d9ccb1bbdca0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":139882,"size_decoded":140612,"mime_type":"image/png","magic":"PNG image data, 1190 x 864, 8-bit/color RGBA, non-interlaced","md5":"675f7f3bac8b15fe40bcde76d887ca92","sha1":"a4ac312f13e70f6d5bdc9cbaffff913b27915b53","sha256":"808372d12ec4863b2d82426a7b3e1043da330494ecfcf7e134c7620447141387","sha512":"1c3632e63494fac2857f181025c981b7329a475a9f196697b0872767e5f2831fb50915136915fac425f60eb44c1115b2ce441df9d3c1f8b5abc4788d135d3950","ssdeep":"3072:zxTDBKBVkhayUCqLXB+cljC1x89u+jYq+O9kiytJ4sA1PR:lTDBKBShayUCqLXBljCyvjYq+dtSf","tlshash":"dbd3029682bbc5289fff5ab0ab071f876937044c97d07bb4e171a68ce553c5e1f80881","first_seen":"2026-06-18T11:02:37.977702Z","last_seen":"2026-06-18T11:03:49.413946Z","times_seen":2,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"www.zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.zupimages.net/up/26/25/0ibg.png","fqdn":"www.zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:09.861Z","timestamp":1781780529861,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/0ibg.png HTTP/1.1\r\nHost: www.zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 18 Jun 2026 11:02:10 GMT\r\ncontent-type: image/png\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncontent-disposition: filename=\"0ibg.png\"\r\nstrict-transport-security: max-age=15768000\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Thu, 18 Jun 2026 11:02:10 GMT\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wKKMBGZwblTgShG72A%2FJjWMrmnrXS4GEmNQ9jKKbO4WXuAXMZnwoRSGeu4lH4089F6W5aVCRSHHBMACo8m5EDv%2Ferk1jfGkGx6Wki177Q3X6erT%2BVht%2BvRnvMNooFnpSt0JWCg%3D%3D\"}]}\r\ncf-ray: a0d9ccd7ab4e56c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16451,"size_decoded":17201,"mime_type":"image/png","magic":"PNG image data, 404 x 264, 8-bit/color RGBA, non-interlaced","md5":"5ebc0b3da39896282ea0a6b454bf3321","sha1":"8dd7f3a941a15ec4c95781dcb11b5f36caa2b063","sha256":"be27bb5a03b0caa22f3b1a40913e10a10add51111beabb03f9df38e9737bed9c","sha512":"1376a2afc5477ca023c721a166aa1c9543020a9436acb9e098f0c4509819007c53eb5143d272f3258fee87024b15e43f3205bd2a48b0e91991b62e452ab5e286","ssdeep":"384:RgNsv+W81lvOWDVQ4SKB6/P38W4tlRMb1v3HSeCxgh2gQQQtCzGEazskv:Rgrvbr7wP74Q1voCiH","tlshash":"e272d084b2d6c360434860b1f9d0a9131fb001169b347e6b39a07e7e96f3da20c7db95","first_seen":"2026-06-18T11:02:37.978764Z","last_seen":"2026-06-18T11:03:49.415586Z","times_seen":2,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"www.zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.404Z","timestamp":1781780523404,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 May 2026 14:31:45 GMT","end":"Mon, 17 Aug 2026 15:31:39 GMT"},"fingerprint":{"sha1":"B6:67:6F:5A:BE:B9:2A:B2:16:10:49:96:1E:1F:99:2B:44:AF:EA:A6","sha256":"63:A9:BF:FB:46:E0:B8:37:95:77:F3:63:84:AE:78:22:46:11:85:5E:DF:87:F6:4B:EF:F2:2E:24:D5:74:70:39"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\ndate: Thu, 18 Jun 2026 11:02:09 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::npjt8-1781779999762-ae9daac261af\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 529\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=M1uC5PzhhbVuTwhO13o1uiBmyK7APQM%2Fi%2BdmczAnG2C2WGknuwCvnqyZxij0EDen0qZuB7gEVbVkev6gMDPfzLnwtep6PUpE5IM46tf5ntK7lewTNS3BGrVLQ3%2FtlQkuFlxusUo%3D\"}]}\r\ncf-ray: a0d9ccd7499f7131-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T15:29:45.20464Z","times_seen":16582925,"resource_available":true,"data":null}},"time_used":6403,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":9,"receive":0,"ssl":6389},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.1.155","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.406Z","timestamp":1781780523406,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 20 May 2026 00:00:00 GMT","end":"Fri, 04 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"DE:F8:0F:C4:8F:BC:F5:01:B1:66:91:CC:15:DC:D8:6E:5D:2F:45:4E","sha256":"05:8E:2E:14:85:E2:41:28:F5:18:A4:37:49:31:2B:0E:24:53:64:3F:02:15:BE:63:EF:F4:B8:53:5A:8B:6D:29"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 18 Jun 2026 11:02:03 GMT\r\nage: 655123\r\nx-served-by: cache-lga21931-LGA, cache-bma-essb1270069-BMA\r\nx-cache: HIT, HIT\r\nx-cache-hits: 373015, 241383\r\nx-timer: S1781780523.446043,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":89501,"size_decoded":31517,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-06-20T15:23:35.730733Z","times_seen":482799,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":4,"connect":9,"send":0,"wait":10,"receive":3,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zupimages.net/up/26/25/0ibg.png","fqdn":"zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.414Z","timestamp":1781780523414,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/0ibg.png HTTP/1.1\r\nHost: zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 301 \r\ncontent-type: text/html; charset=UTF-8\r\ndate: Thu, 18 Jun 2026 11:02:09 GMT\r\nlocation: https://www.zupimages.net/up/26/25/0ibg.png\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FaI38BehivnkGtAVFdYyUJ1Kkhzf9E9krWtJZqCCNg4jycPpiP6BsPCIcWfxTBcw8%2BneH%2FFQqFarBTQeXDizGi5ZIV9sr5LqIdcb2GZxs7QEvGuDgbLHZ0Xf6585LFQV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=5,i\r\ncf-ray: a0d9ccd76b4b56c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-20T15:29:45.20464Z","times_seen":16582925,"resource_available":true,"data":null}},"time_used":6417,"timings":{"blocked":6389,"dns":0,"connect":10,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.zupimages.net/up/26/25/nn4s.png","fqdn":"www.zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.729Z","timestamp":1781780523729,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/nn4s.png HTTP/1.1\r\nHost: www.zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 18 Jun 2026 11:02:04 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: filename=\"nn4s.png\"\r\nstrict-transport-security: max-age=15768000\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Thu, 18 Jun 2026 11:02:04 GMT\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1Oa4hDvwig3t7k%2BBQzy%2FA3QwzQrARhwXed7PefqrmQAd%2FSME%2BwDVYGMF7gOrXXDzTJawJjQ3ViO8wxTBhjdli%2FjYjsPsS7c%2B2t4BEhTffrQHsqFAkx%2BkKz1mOGtyuVroXkrxug%3D%3D\"}]}\r\ncf-ray: a0d9ccb30959a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":99542,"size_decoded":100276,"mime_type":"image/png","magic":"PNG image data, 1919 x 730, 8-bit/color RGBA, non-interlaced","md5":"c8b097a753e9e56689d7109deace88d9","sha1":"4f1da1bc77c1bf12bd59c3089b16efa0c78a422c","sha256":"cb8871a29fcca48f3083f5c447fc01b3d91a628edda2710adde6f408a8b2005e","sha512":"417c0bbe94fa5a73ffdd151145207c21aa5b1d15b0a2bebfaa271f02a4ef557a056dbe999739309baf8bc7bf91e7c1e2fdd85dd95af96ba2a9a17489b1e0dbac","ssdeep":"3072:conos3DNANzfkbObNo3kjIQtEscdRQJmwvUs08Jk:poszNANzfyO5oZ8Escum208u","tlshash":"62a3e09d7943d99bceef59fc7a0b6760a07369893041063a5fb0c7cecb913645bca160","first_seen":"2026-06-18T11:02:37.980319Z","last_seen":"2026-06-18T11:03:49.417059Z","times_seen":2,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":274,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"www.zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.2.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:09.813Z","timestamp":1781780529813,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 May 2026 14:31:45 GMT","end":"Mon, 17 Aug 2026 15:31:39 GMT"},"fingerprint":{"sha1":"B6:67:6F:5A:BE:B9:2A:B2:16:10:49:96:1E:1F:99:2B:44:AF:EA:A6","sha256":"63:A9:BF:FB:46:E0:B8:37:95:77:F3:63:84:AE:78:22:46:11:85:5E:DF:87:F6:4B:EF:F2:2E:24:D5:74:70:39"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 18 Jun 2026 11:02:09 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::vhhlv-1778775055415-ee1be01c049f\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 3005472\r\nlast-modified: Wed, 03 Jun 2026 02:11:42 GMT\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2pGXmggWkILpiQJ3IAEns8y2C08U%2FIM85eajKLJ7DkB9UhN0pz%2FtcpYW4xWGfNJlnVxlV1XOZmYCs%2BnQZBar7QJe6lIODaBX1YrVN2HcO2LpxW6%2BkzaRF6hlf61piY4NegM1Bzg%3D\"}]}\r\ncf-ray: a0d9ccd759b97131-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":407279,"size_decoded":127119,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-06-20T15:29:29.552632Z","times_seen":41110,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"coinapibase.appletteron2fa.xyz/","fqdn":"coinapibase.appletteron2fa.xyz","domain":"appletteron2fa.xyz","tld":"xyz"},"ip":{"addr":"79.133.41.61","port":443,"asn":44066,"as":"firstcolo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-18T11:02:02.511Z","timestamp":1781780522511,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.coinapibase.appletteron2fa.xyz","organization":""},"issuer":{"commonName":"YR2","organization":"Let's Encrypt"},"validity":{"start":"Wed, 17 Jun 2026 17:17:18 GMT","end":"Tue, 15 Sep 2026 17:17:17 GMT"},"fingerprint":{"sha1":"79:35:74:4F:C1:02:7A:E5:6F:7F:C9:A9:E4:81:C1:19:69:77:1C:E0","sha256":"97:6E:4A:72:B1:EB:85:FA:9A:11:6B:13:A4:A6:54:E9:A5:DD:B7:4A:62:88:AF:5E:AA:1D:EE:22:CC:9F:0B:F3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: coinapibase.appletteron2fa.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/html\r\nlast-modified: Wed, 17 Jun 2026 23:22:34 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2369\r\ndate: Thu, 18 Jun 2026 11:02:02 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11077,"size_decoded":2798,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"75a989163aaddf308fe92c5de3737aee","sha1":"99bc48a6e8017a8e7b7e865d5b53f6fba55b3673","sha256":"c69cacc617efd24521c2a3b95eb32d3eb116fa2c978c1d4c180fbea1ab6a3e27","sha512":"ddfbedccd4e9e9aa51b8f15feaa9219cc9568842b978b5075d9a2dc066ea21a6ee655b6596004e9131c36a37f2bf4454d3c0dd03bdb0d3c6c65447b84ad8e9a8","ssdeep":"192:ehJwfJjv+9oOhKpKZp6p2upN6pzc9lRgzUEH:ekW91eu9","tlshash":"1c32933625f019bb2183c2e2b6367b26bf54da17e527844973ac42d06fd7d62ce43348","first_seen":"2026-06-18T11:02:37.981822Z","last_seen":"2026-06-18T11:03:49.409866Z","times_seen":2,"resource_available":true,"data":null}},"time_used":403,"timings":{"blocked":-1,"dns":315,"connect":20,"send":0,"wait":24,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-18","alert":"Detects file containing Telegram Bot API","trigger":"coinapibase.appletteron2fa.xyz/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"coinapibase.appletteron2fa.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"www.zupimages.net/up/26/25/0ek3.png","fqdn":"www.zupimages.net","domain":"zupimages.net","tld":"net"},"ip":{"addr":"104.21.25.188","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://coinapibase.appletteron2fa.xyz/","date":"2026-06-18T11:02:03.730Z","timestamp":1781780523730,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zupimages.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 22 May 2026 01:49:50 GMT","end":"Thu, 20 Aug 2026 02:48:13 GMT"},"fingerprint":{"sha1":"F5:B9:BA:3A:93:DA:E8:9A:1C:A3:90:5C:32:2A:CD:B4:EA:44:EA:C3","sha256":"46:53:0B:56:AD:25:39:D9:95:4C:1A:F1:0A:FD:0D:E5:B9:4C:61:20:2F:72:27:7E:5E:08:FB:B4:BD:D6:7E:94"}}},"request":{"raw":"GET /up/26/25/0ek3.png HTTP/1.1\r\nHost: www.zupimages.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://coinapibase.appletteron2fa.xyz/\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 18 Jun 2026 11:02:04 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-disposition: filename=\"0ek3.png\"\r\nstrict-transport-security: max-age=15768000\r\nx-xss-protection: 1; mode=block\r\nlast-modified: Thu, 18 Jun 2026 11:02:04 GMT\r\ncache-control: max-age=2678400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6VIc%2B59om8v%2BNjEX8Owt8emhMD2As%2FHhcieMiBtUXDizC7dBXTgDo8X0hyRCOCXM3i2N1W36JPGkj993x64b5F%2FIw2oPHZ%2BOS2cKJ2xk5omBxROHMowX1WaUPBwJLGQ13H%2Fd7A%3D%3D\"}]}\r\ncf-ray: a0d9ccb30960a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":98666,"size_decoded":99398,"mime_type":"image/png","magic":"PNG image data, 1120 x 666, 8-bit/color RGBA, non-interlaced","md5":"a5431d9f8b289dd837d896663ab2b0a6","sha1":"6232d9f15ff0f6560d838ecea9debd0f42ca1845","sha256":"824dfb612b27281453d200bbddd5861e02b753994167ed811624f2e98aaed1e7","sha512":"93bc7980c91e81d08855e63888b1487bbb280a8d49335a11b26a1c509b35c17913b28e3ff85ef42a87b24b6331c96eec56a285cc5811ecdb5b1e3d7f28bfdca3","ssdeep":"1536:SPK5OufVQRlXH10T5aTyLLoUlf3XFIC7sBffkbDFeg3wIDQH0F6QJN+zIZVv:NLeRl31mauLLowlm+egEUp8zy","tlshash":"e9a3f18804f7d1101d1f623829a7af02f567291e69e1ef3ed07690ece957ce4642b1b3","first_seen":"2026-06-18T11:02:37.982815Z","last_seen":"2026-06-18T11:03:49.433479Z","times_seen":2,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":275,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-06-18","alert":"Sinkholed","trigger":"www.zupimages.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}}]}