{"report_id":"2ae25476-04ff-4d97-b8b2-da949ef57f56","version":6,"status":"done","tags":[],"date":"2026-04-12T12:04:37Z","url":{"schema":"http","addr":"cashbackterminal.xyz","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"172.67.158.26","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"cashbackterminal.xyz/","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"title":"Pump.fun Cashback - Get % Back on Your Losses","dom":{"size":18961,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (11696)","md5":"a98501efac9792adbfb6021dba5c3048","sha1":"386bafc91426edd326bf4207890d5a69e8f83032","sha256":"1be02945c4b20a8d16f894bffba008a016768dffb92056474c013f5f42dcefdf","sha512":"895aa5f40cd5d9272ac687c1aa22e292c35f5b7d5c44a201ea264fe0bed416faa2107c1a5967d8fe7ba3775adf06fa738ee64950d5480f5ba0a5f49c98914fc1","ssdeep":"192:wrJSNC/CnYq6f3mEpvyJjeE08img/+p/Ea55aUsc7/laUkL/dafZadeJgJSJb5Bv:R0KJZXEP8kh0AQ0C","tlshash":"35826164b7c704131e4bed2a2d94f6b89708ec1b2197cccfb61d13e8bf81b6ad585644","dom_hash":"domhash0f35d52163ad29fe660afbb1a34b656e","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cashbackterminal.xyz","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"172.67.158.26","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-17T12:04:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"fn02ro.vercel.app","ip":{"addr":"216.198.79.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-01-28","domain_rank":0,"first_seen":"2026-02-22T13:27:21.588777Z","last_seen":"2026-03-23T02:21:51.876537Z","alert_count":0,"request_count":1,"received_data":481,"sent_data":550,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cashbackterminal.xyz","ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-11","domain_rank":0,"first_seen":"2026-04-12T12:04:38.458126Z","last_seen":"2026-04-12T12:04:38.458126Z","alert_count":13,"request_count":13,"received_data":1313796,"sent_data":6353,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-05T22:16:34.770209Z","alert_count":0,"request_count":5,"received_data":283227,"sent_data":2803,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-05T22:20:18.514512Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cashbackterminal.xyz/_nuxt/assets/index.js","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bba55ee9e6c11d91b559560005b6022a","sha1":"3f3b0059602bbcb7246776e9a52c07c6849f22df","sha256":"a7541b9c95b6917fbf7fbcf87dfd868474d7b44fb283c9468e7d51a46ce06c95","sha512":"a977e42795a8a56360b4babd433e5b3c14e2bd8ca6e54942c773410e1528b33b0208103ce11aefead9f3314bbcb03679eeb0811efce9351ec2d88fb044bb023a","ssdeep":"12288:7qxo8hUvftg7EboGcu1JfHn1jgTRboQ+RClsIlr7gJji05//4j/YWY5hSxAXy6:7kOvftg7EsAOsIh7gL2j/YWAXb","tlshash":"1415c7af3378f052259868ec2fa19c7854ca65d2ebce03fb63469c44d0e05afb355e91","size":935675,"data":"","first_seen":"2026-04-06T06:20:41.293589Z","last_seen":"2026-04-12T18:56:39.522432Z","times_seen":82,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"d64f4a45cbab9edc6c232f134bdd5d09","sha1":"73eceb543529820390e1d82f794075d0d3111dff","sha256":"995de1cbdb64097bdff3f8a98178d8dc1317554807544567a27540577ac95386","sha512":"41a8caa7399d0ab0723408a4707bfe27e7e08ad3af06c50e414e04e024816e5e96dced3bd56871e01cbaeaeabe727d5e855680d8da4ee7eb6c960634bd1433fb","ssdeep":"12288:UKRgIFKLDtC7MC6Wsa71h7gvNKoz/PonlYDMiBJ:UcILDtC7MC6WsaL7g/MnlYDMiBJ","tlshash":"7515c46d3378f012668d40ec3f9288c864cd55e2dbce07fbab945445d5e0a9fb16aee0","size":904819,"data":"","first_seen":"2026-04-06T06:20:41.306246Z","last_seen":"2026-04-12T18:56:39.526836Z","times_seen":81,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"fn02ro.vercel.app/demo.php?antibot=false\u0026id=69923965562d44580b7b4501\u0026parent_url=pump-cback.fun%2F%3Fcopy\u0026source=solana-iframe","fqdn":"fn02ro.vercel.app","domain":"fn02ro.vercel.app","tld":"vercel.app"},"ip":{"addr":"216.198.79.131","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"moz-nullprincipal:{a311574f-b743-4d64-ade2-5d60cd153400}?https://cashbackterminal.xyz","date":"2026-04-12T12:04:14.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"GET /demo.php?antibot=false\u0026id=69923965562d44580b7b4501\u0026parent_url=pump-cback.fun%2F%3Fcopy\u0026source=solana-iframe HTTP/1.1\r\nHost: fn02ro.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: null\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/plain; charset=utf-8\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-vercel-error: DEPLOYMENT_NOT_FOUND\r\nx-vercel-id: arn1::tddvs-1775995454605-04860590c0b9\r\ncontent-length: 107\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":107,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"35d92040b95952efc9debfa0b3b22378","sha1":"e502afdedbf4566ba39a2ed591b5e0aaeb2e6144","sha256":"b9f475432c11cfa705b65913e39d8ec02a1ca2ff000792260630200ca50d1b18","sha512":"39ddda186d92ce1778ddb8a50a031a388ea6354d44b3daca0dc0c3f71120554efe8f6efecd1338953f3e1ad1b5fffbc0897a5125d96469eb365a4ed5dde2023a","ssdeep":"","tlshash":"23b0220f008a0c882acac00020002a3330802230aca0b380e0e8a228b002c80a300082","first_seen":"2026-04-12T12:04:41.868301Z","last_seen":"2026-04-12T12:04:41.868301Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":61,"dns":33,"connect":1,"send":0,"wait":18,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2 HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 48256\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\netag: \"69dae630-bc80\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4pwgMlPhEIvWQitCs3GcE2RQ8HVkB0NKY9tju4GA%2FQ6oqP2ab0xkyP4lF3w%2FH5wwTR5rA53yDR%2BdvQZEEG0Xglou7C7dGL9GBq1l42NtMcgL152YrC7WOUcPIgd20Mu0LkrbnPvXvQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a84bb90b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-12T17:54:17.482682Z","times_seen":14175,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":233,"receive":126,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/api/config","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cashbackterminal.xyz/\r\ncontent-language: en-US,q=0.8;en\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:15 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q%2BDuiOyxtZN03gqCCn87VMUva%2F3yLJdMvkGrj3QWMYNEmh1QQr0YOuvOQUFkrJJ3Hsfyg7DdeMGApz8jEj0TXZrDabLF7p%2BkfmG%2FgaG3YM89EIJSfO2eBbeLTmnkQk4k0eK%2FHU%2Fy%2FA%3D%3D\"}]}\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217ab3bd50b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":448,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"28579a3531c6ece7b5c45a80dec2fb82","sha1":"d0ab072b541520d6a62f08f09db88ddc2400f8e8","sha256":"abfdffc1b2602f45154450fc5dc22b97e6bb5a71d318e58e2e5ea0fbc4e331f0","sha512":"bbae9ebdb3e7934defc88b7b7b5ae0c77045b99e75851677494005648983df5a621b41ec87eeec1464cc0ad25aba06d26494a82a933f95b20243b7800c44bdb4","ssdeep":"","tlshash":"c3f023a8f3654b65d28a4c6b442a71234c47e1257c364344d332c9de4e05404ef5d2db","first_seen":"2026-04-12T12:04:41.871942Z","last_seen":"2026-04-12T12:04:41.871942Z","times_seen":1,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cashbackterminal.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 272303\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-12T19:02:10.372462Z","times_seen":141372,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":104,"dns":1,"connect":7,"send":0,"wait":23,"receive":8,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cashbackterminal.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 272303\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-12T19:02:10.372462Z","times_seen":141372,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":102,"dns":0,"connect":21,"send":0,"wait":23,"receive":10,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-12T12:04:13.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: text/html; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ia0STYMTTk3Z%2FrTcYlUU1%2Brqkf0wYH5tnddoUvD177LqRulhHvbuxTjS2wXvhzwlV%2FuUOgawG6q0UwU2nPoyoPs60e9EWBCsDgde11xFofDA5964kS3mU2LBSkYBLQuLGJQBXtPGqw%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9eb217a3ef815a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":55720,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12258)","md5":"d111fd94d3cbd8430789b706154add45","sha1":"04dc1d4a1503afb49d27d2925bf6cd11fde169c1","sha256":"d431465322ad7d448fc03756fc05622cfb7d54428fbeea848e92352ce9fa961c","sha512":"455ec7bdc52d52e09d69618d26806b2bc0f4659efa58907feecef639e3bb254e2838d4754cffc4f6a97294e04d6a187645647a69c0d26002be552dd9ea4a5d18","ssdeep":"384:8SAwbd36AnpsKnhGkuXThTriy7QZg9Otj4o1vTo8IhNnN5lci7+dhw0ajh5CbLTh:8GhFjGRjr7Jo1Gd0mh5CbLT6Ig7g7gK","tlshash":"6343e76163d7053ba90786e86b2177b92246da236607908ef6fd13f86f80d87dc7718c","first_seen":"2026-04-12T12:04:41.875041Z","last_seen":"2026-04-12T12:07:18.848999Z","times_seen":2,"resource_available":true,"data":null}},"time_used":397,"timings":{"blocked":76,"dns":61,"connect":1,"send":0,"wait":245,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/_nuxt/assets/index.js","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /_nuxt/assets/index.js HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nlast-modified: Sun, 05 Apr 2026 15:00:24 GMT\r\netag: W/\"69d27908-e4c6b\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, must-revalidate\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZH1WiYJqdfH1kFt%2BTqxOSBVi5zb1mPrC9zTMlThdkykWeHF42vaYqfoIAiLF4QodjtMJR3v8aWF4LAcjzQcC2hOH%2FSB3OE3dVchaj18LeCJf5YXvTlbmJhlwRsD%2FlNFRIWS2o9yT6g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a67b9a0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":937067,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (63334), with no line terminators","md5":"fddc62d37efef71956a3e69316655d2a","sha1":"784a88307258220bf5d99b5e950a570c27de62ee","sha256":"ef698b0a770e1df89ba8b6cda83a52cf4990b92493390a95403b128496fb62e7","sha512":"2be4dab73731c2d3bd85dc6bceacfaa6aa399d293d4c309621011e0e696571cf3cf4169a95a426ef611b7f8f5c59f1aafe3970a95f76ce80cfa9178cfdd448cb","ssdeep":"12288:7qxo8hUvftu1oGcu1JfHn1jgTRboQ2xsOBi05//4j/YWY5hSxAXy6:7kOvftumEr2j/YWAXb","tlshash":"ba25827f237de362216468f82ba15c2414c571f2da8e0bfb6247f84d94d392eb311da6","first_seen":"2026-04-12T12:04:41.877283Z","last_seen":"2026-04-12T12:04:41.877283Z","times_seen":1,"resource_available":false,"data":null}},"time_used":456,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":205,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/images/image_b37951e967df5b53bd4446b1a3e48c1bd56d9a42.svg","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /images/image_b37951e967df5b53bd4446b1a3e48c1bd56d9a42.svg HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qrxHG6JQoLXX7VZVJEqZ%2FVybvznv6o5ji0OlSFRtv%2ByS5PCIVk%2FBcXFMAmiIPdH8GhSo786iPgwu6dk4Zv9IJdFG7E0gQCWMfm0cp6571qhPc46tj5q%2FH4uhGxCALJJbG1%2BQauR%2BZQ%3D%3D\"}]}\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\ncf-cache-status: MISS\r\netag: W/\"69dae630-a64\"\r\ncf-ray: 9eb217a67b9c0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-04-12T13:46:49.702112Z","times_seen":115,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2 HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 48256\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\netag: \"69dae630-bc80\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NBUXsKpkh%2Fsa7VwlmaEV5zCkto4pN5BQy4Qm%2FjPcldw%2BkZ1ZaR9rZI2uzkmVjJ5GyHOI9YZFY6fzMO0M8dT%2BV%2BOTDfa3kNFMM3YL3%2FDuv1Ij%2BdZXFgNVQW3EsT%2BngpxZfHw7B4WLWA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a84bba0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-12T17:54:17.482682Z","times_seen":14175,"resource_available":false,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":230,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:38 GMT","end":"Mon, 15 Jun 2026 08:38:37 GMT"},"fingerprint":{"sha1":"C3:E4:BE:7B:38:DD:F1:59:DC:DF:FA:8A:48:52:C7:1D:D2:BF:F7:5E","sha256":"31:F4:52:B9:AA:C3:06:E9:A3:71:DA:02:A5:63:C9:78:CC:3A:04:07:E1:B4:42:F5:DC:BF:40:0F:BE:3E:6F:9E"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 12 Apr 2026 12:04:15 GMT\r\ndate: Sun, 12 Apr 2026 12:04:15 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-04-12T18:10:44.672422Z","times_seen":20733,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":91,"dns":1,"connect":9,"send":0,"wait":19,"receive":0,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7W0I5nvwUgHU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa25L7W0I5nvwUgHU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cashbackterminal.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 84924\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 10 Apr 2026 21:23:35 GMT\r\nexpires: Sat, 10 Apr 2027 21:23:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 139240\r\nlast-modified: Tue, 09 Sep 2025 18:33:55 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":84924,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 84924, version 1.0","md5":"f5b588b5cfef2173838149769c8a0269","sha1":"5312086a01f8e8299094ddee5819b9727a19cae2","sha256":"b8811a6cd6f7e0707dfc9e9e6f1daf5f6f450b51e887e163945a9ade91c2720f","sha512":"05d5271c633bbe102775c0b6df9c5e110dae3a2517061714bb5c26ec66a00f8e1b62961135ec96962e7ccaf3942d8e32bd86f42558cbac8ee16ff6c333117886","ssdeep":"1536:PABWz4rSN/GzH27xN5UR1OnX+uyRsd1osLZBi/JGyQI01xDj+C:PAG4rCGa7L5UR1OnX+fGd/VB03QI+xP","tlshash":"378302b4ae71b3968f1c7fe46396273c2a7bdf41053950aeae44e16787f00dba148784","first_seen":"2025-05-29T19:39:57.235915Z","last_seen":"2026-04-12T18:22:49.343525Z","times_seen":7778,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":115,"dns":8,"connect":7,"send":0,"wait":27,"receive":4,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/images/image_b37951e967df5b53bd4446b1a3e48c1bd56d9a42.svg","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /images/image_b37951e967df5b53bd4446b1a3e48c1bd56d9a42.svg HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:15 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vcFmuqW9Z1%2BCSOH71F2SL4o0Xl5edyuojO9j2MpP8H%2BwxGniZm%2FgsSKXLEXgZ7QMWuUNl0Psvp%2BqpJ%2BdR1NpQAexjGGlaLjhhj2l%2FaWURt%2B2dhfxIcKli3f8aQiB1MBHUIBsQVsDjA%3D%3D\"}]}\r\npriority: u=6,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: br\r\nage: 0\r\ncf-cache-status: HIT\r\netag: W/\"69dae630-a64\"\r\ncf-ray: 9eb217adbbfb0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-04-12T13:46:49.702112Z","times_seen":115,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/style.css","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\netag: W/\"69dae630-fb10\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YVr4K94aIzW8w3VqeAYfYQ0NAmnskyybv6Ucfl3FFsirSR77V1ZR2VDBgi%2BVbRZHbZexw%2BuLCf3YDktEbkeEaBLzMXqmwetxiDRleL42f2MZL8NUbIYq%2F%2BPTQvIZQwv5z5MNjTjiBw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a67b9b0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64272,"size_decoded":0,"mime_type":"text/css","magic":"HTML document, ASCII text, with very long lines (678)","md5":"d1cab8a747b0c5ed2856335923ac7a5b","sha1":"f988def9aeae79df030e53d421bda532fe17d1d8","sha256":"9b91a73c1eb0bd32c69605856aef46ae995bd2942871d35c5ca0411fd09daa67","sha512":"bdb74e448c0fecd1247e0e81f9522f26ef0d7259c035c867a83d289e810cdb3b4d6299eb4f590d6ee4092d00e42a39c706c8ef3842e3284cc734ddab9251ad2f","ssdeep":"384:JDxelchNhkhbPHKYoxfIZFoJ8PAiaBSluhDiZVq4PL7z4i9PvAq4/+C6qkxeC0iH:JDAlchWjHmfIZFoJ7FBWuQQ4PL7zHhV","tlshash":"ee53a492262325957d27a9e53bef6b65325c60439109cc6e7fec314c8fc93f851a2b8c","first_seen":"2026-02-28T21:01:26.712652Z","last_seen":"2026-04-12T12:07:18.853429Z","times_seen":10,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2 HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 48256\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\netag: \"69dae630-bc80\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=933hy3BzrJvnIebWlf5pOKJy5CHdDRmsjpAnnfKtSXNsMZ5pQ62wXEcufztgyL8Q00xit5CrTdEGd6wbO4%2FUrJKec6Kf9RYiHGhjz3z0MRrju50QWWdpseKgqk6Rg4%2FKGgoOSyFsNg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a83bb60b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-12T17:54:17.482682Z","times_seen":14175,"resource_available":false,"data":null}},"time_used":368,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":241,"receive":127,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2 HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 48256\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\netag: \"69dae630-bc80\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oCTr28RQgoTo2eyYOGQ%2BJ4Iby8BuUFU8nX95DzF2H4AwowM%2BKj2aZAjPT7vii%2B7nx1ja1rvcLNDLG6RD5SLOg%2BUe5JeuCTRYR0muLESTVOu6cyliz7iViy%2FyYeTAt0%2FLc1ZgZfWOFw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a84bbb0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-12T17:54:17.482682Z","times_seen":14175,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":225,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/api/is-banned","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /api/is-banned HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cashbackterminal.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:15 GMT\r\ncontent-type: text/plain;charset=utf-8\r\ncontent-length: 1\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncache-control: private, max-age=300\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K0FqPUMmuVuBZfIV3oL2qdXyjjBym7EPFcI6iRWFH4nNAqZNSNdEurPI9KCRgh7mzKp5NcOjmS2YhJAKAdtj20c08ceTH%2BrnQiXUMM%2FrrA%2BidX8%2Bjh6HHXKsez7Haw9kR8eNcGR4Ew%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217ab2bd40b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-04-12T18:59:28.277222Z","times_seen":104626,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cashbackterminal.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 272303\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-12T19:02:10.372462Z","times_seen":141372,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":96,"dns":0,"connect":10,"send":0,"wait":12,"receive":13,"ssl":91},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:37 GMT","end":"Mon, 15 Jun 2026 08:38:36 GMT"},"fingerprint":{"sha1":"F8:24:5E:5A:B0:FB:57:E0:D6:E9:33:BD:54:27:DC:BF:50:74:4A:59","sha256":"A4:18:08:9F:87:3F:1D:A2:3B:7A:25:AA:E0:FF:C8:CB:B1:74:9C:8B:FF:A2:C5:D6:74:BB:B0:A7:97:7E:5B:02"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cashbackterminal.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 08:25:52 GMT\r\nexpires: Fri, 09 Apr 2027 08:25:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 272303\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-04-12T19:02:10.372462Z","times_seen":141372,"resource_available":false,"data":null}},"time_used":409,"timings":{"blocked":197,"dns":0,"connect":23,"send":0,"wait":8,"receive":2,"ssl":176},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:14.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"GET /fonts/font_f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298.woff2 HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cashbackterminal.xyz/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:14 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 48256\r\npriority: u=4,i=?0\r\nlast-modified: Sun, 12 Apr 2026 00:24:16 GMT\r\netag: \"69dae630-bc80\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=864000\r\naccept-ranges: bytes\r\nage: 0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pc%2FvUOF1xicEIDMdw4kM9Vys4BVSzCcKpMnmVBkpA6OtWN%2FjiJRcv2MdLBNSnMgKWi8dnk6irjyLiWMumug0QQ7XmCNEplColyAFnLQrBN5FbRYivoc20V7J4CSyc6Umwh3yoN%2FuFA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217a86bbd0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-04-12T17:54:17.482682Z","times_seen":14175,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cashbackterminal.xyz/api/visit","fqdn":"cashbackterminal.xyz","domain":"cashbackterminal.xyz","tld":"xyz"},"ip":{"addr":"104.21.14.59","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://cashbackterminal.xyz/","date":"2026-04-12T12:04:15.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cashbackterminal.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 11 Apr 2026 16:41:22 GMT","end":"Fri, 10 Jul 2026 16:41:21 GMT"},"fingerprint":{"sha1":"1F:F3:1B:E9:8D:25:CF:FC:65:E5:56:31:62:E3:89:47:74:DB:08:C4","sha256":"11:3F:FD:F1:C9:F5:2B:77:DB:EC:79:2A:1A:A0:EC:F8:BA:2A:AC:44:19:D1:95:C8:2B:AB:E6:A7:F0:71:E3:F5"}}},"request":{"raw":"POST /api/visit HTTP/1.1\r\nHost: cashbackterminal.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://cashbackterminal.xyz/\r\nOrigin: https://cashbackterminal.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 12 Apr 2026 12:04:16 GMT\r\ncontent-type: text/plain;charset=utf-8\r\ncontent-length: 2\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zsc98HCUoLdLedV9Qj8cjNkn6%2B18SJ2mfZcuQkQQufduOly4mhV0meoj6n2x9pqFWRz8P232fruaihY7IkjIxVrl%2FI6%2BSPZK0rqcNRLqw2bDwwOhdiGpmwKeNWY9cQ2WB0iqkWdknA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9eb217adebfd0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-04-12T18:59:28.279108Z","times_seen":394718,"resource_available":true,"data":null}},"time_used":560,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":560,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-12","alert":"Sinkholed","trigger":"cashbackterminal.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}