{"report_id":"39291016-24ed-4bd5-96c8-6e8b51a63661","version":6,"status":"done","tags":["suspicious","telegram_bot"],"date":"2026-05-15T03:48:21Z","url":{"schema":"http","addr":"xrpwalletdoff.com","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"104.21.1.219","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"title":"XRP Wallet — Official Self-Custodial Wallet","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xrpwalletdoff.com","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"104.21.1.219","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-19T03:48:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-15","alert":"Detects file containing Telegram Bot API","trigger":"xrpwalletdoff.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"xrpwalletdoff.com","ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-13","domain_rank":0,"first_seen":"2026-05-15T03:48:19.765374Z","last_seen":"2026-05-15T03:48:19.765374Z","alert_count":8,"request_count":6,"received_data":3504471,"sent_data":2723,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-05-10T22:17:57.86744Z","alert_count":0,"request_count":9,"received_data":341063,"sent_data":4877,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-10T22:20:44.526759Z","alert_count":0,"request_count":1,"received_data":15918,"sent_data":580,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.coingecko.com","ip":{"addr":"172.66.172.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-03-26","domain_rank":442226,"first_seen":"2018-05-18T12:16:11Z","last_seen":"2026-05-09T23:52:16.597471Z","alert_count":0,"request_count":1,"received_data":30690,"sent_data":546,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":[{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"md5":"6909ce4252e107d77ce2e75c26cb6aa1","sha1":"b0ec7431f1c2c10ab755a4f954ca130a2e054313","sha256":"cd167c286127b65432f8fab341a3848b71d6594ce9bf358985bbda24c1367ef4","sha512":"0ca1129cd853d0db0db8671190db4e7dcfd8f9f8adde04453f2eb8321ed9062a86a7ddeccbd44280920d5348385de577439f8d965b737170c34765f59c7dac52","size":40973,"token":"8551676585:AAHHq0dwcmDFZaeEVw7rMYHUSe8Xo3sIwbU","is_revoked":false,"bot":{"token":"8551676585:AAHHq0dwcmDFZaeEVw7rMYHUSe8Xo3sIwbU","user_id":"8551676585","username":"DevosusOtstukBot","first_name":"DevosusOtstukBot","last_name":"","chat":{"chat_id":"-1003702077442","title":"otstuk | devosus","type":"supergroup","bot_is":"administrator","total_users":4,"active_members":null,"admins":[{"user_id":8551676585,"username":"DevosusOtstukBot","first_name":"DevosusOtstukBot","last_name":"","is_bot":true},{"user_id":8213612730,"username":"devosus","first_name":"Devoys","last_name":"","is_bot":false}]},"pending_messages":1}}],"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"d41f450e0df794f7db3e95563410a17a","sha1":"6fe8916d8f80a029aa39c817cfea7a60ac73f06c","sha256":"df46b0bc9ee22bddceaee6aa59b4cb439a4ef0b11b9bafa9344c99b52d4bc911","sha512":"3cd7bf59235e12a157654ca8267821d9313b7046dcb7805be743ea39ccb1192d55deaef5ee2c9bf01ef21afe474315239c10199e171ae5cfea3de91f767f951a","ssdeep":"","tlshash":"28b02b90c239e02222b00dc5310a37162880845320070230c2056830dcc7073730070e","size":123,"data":"","first_seen":"2026-05-15T03:48:24.053044Z","last_seen":"2026-05-15T03:48:24.297732Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-05-15T06:59:49.169229Z","times_seen":339318,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"b38d9d574eba26a9d6f356ad45333f2e","sha1":"de9011a0f3b48d10e0bf1b7fb2980bf77e8b6ad3","sha256":"638fb88a875b1568d703c2fa268ad7978b5557e6645bd7a2e9a50956ef19d3e8","sha512":"aeabc7420b0a56c9e6809510903353802addf076cbdc04df146ef3e9f850a1b2bf4455afc11e37703754c6b65437e1a9564833a5f9f6f8c63652c9ab3e56f28a","ssdeep":"","tlshash":"55c02bc19776e11223b48dc53105276b3894c45b30824338da11a435dccb8b3772173e","size":147,"data":"","first_seen":"2026-05-15T03:48:24.062806Z","last_seen":"2026-05-15T03:48:24.298362Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e0adbd77ba3c09470a8c7c1ebff49d77","sha1":"f39bacd9435984c4fffb2d803ae343aa2237014b","sha256":"1b47ea44b59f28468a7411d29d5defe3d9483e7c494c6005a3069da53a148217","sha512":"734f7d9e7ba4f4d68e73eea1e2841b66f491fe6daef0f88d831aaa99b66b5b275bf531ac4a9064dab3d1275eecfb8d4eea656db323c5b038e2137b2e5b16332f","ssdeep":"","tlshash":"0a01999d2c93b0a663fb2129cf6ba614332613473482c4417e9e81403fb654b89a6fcd","size":720,"data":"","first_seen":"2026-05-11T06:19:22.026931Z","last_seen":"2026-05-15T03:48:24.299028Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"6909ce4252e107d77ce2e75c26cb6aa1","sha1":"b0ec7431f1c2c10ab755a4f954ca130a2e054313","sha256":"cd167c286127b65432f8fab341a3848b71d6594ce9bf358985bbda24c1367ef4","sha512":"0ca1129cd853d0db0db8671190db4e7dcfd8f9f8adde04453f2eb8321ed9062a86a7ddeccbd44280920d5348385de577439f8d965b737170c34765f59c7dac52","ssdeep":"768:atvWhKU0CFW/7XB83NLcMIHwF2QupkSqT:atvWhKU0CFhpIQF2QuuSqT","tlshash":"1703b5a6317a22b608bb5c5909b74f9226714401e40bf59d3a6c41c20fbb9d4edf3fe5","size":40973,"data":"","first_seen":"2026-05-15T03:48:24.0649Z","last_seen":"2026-05-15T03:48:24.299644Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-15","alert":"Detects file containing Telegram Bot API","trigger":"xrpwalletdoff.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"73d2d2fbb733e3bf2a60182900ac5d68","sha1":"41982509850fabaa1aa759c9a5d333ddfd0874e1","sha256":"850e06013c8ea01ef2757c27626aa393166b7008603dfc22e33459eaa6d594a9","sha512":"afd293eb1a55f78efddbfa72ab9e2528dea180b0d75929a745bad114a07ef326b9a0e2f284edc9e30ee4ee0d9529ea94178909088b34a1173e9d87d8288fc9c3","ssdeep":"","tlshash":"c6b02b808231e01212700eca310927281880845320070234c2056c30dcc7073730170e","size":122,"data":"","first_seen":"2026-05-15T03:48:24.058193Z","last_seen":"2026-05-15T03:48:24.30025Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"9f2fa7e23765e49274e1413e2d197c66","sha1":"067fc398f28b6589d7c6d4f253eeabe0cd76f531","sha256":"ba1e9643f9a802070dd66e57aceda70cc0a1d283e898fd5318c626c7496e2a42","sha512":"46e9e095556d8edc40660e3d750f0ffe0ce0529e36a89da711a406d4f1cf0a41459a5a384a4e86010b09c1a340447ddf163018bfbcf280cb1da6918192ff739f","ssdeep":"","tlshash":"0db02b808231e01222700dc5310927562880c45330070230c2056830dcc7473730170e","size":123,"data":"","first_seen":"2026-05-15T03:48:24.055102Z","last_seen":"2026-05-15T03:48:24.30109Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"f3c442af80f4bb3c147d089e34a1a6c2","sha1":"afe8ba265f83116aa592c51176aaf5e46a2b6c65","sha256":"e782d156e5499df13b85db6785c2f7b08d7fb97167397791d15b95fa6cfac902","sha512":"02f1ca23ab366e913deac0a97b68b813b61f5ff5a6e3aa10ddd1fb2ec03aff7f1d5cb755d29f94ad8558944de9bdd507f509dcc905e6745072e57037c7326d47","ssdeep":"","tlshash":"3eb01288254e0712198c872101641f853237044c2100a13d6a101c600d09cf429241e4","size":92,"data":"","first_seen":"2026-05-15T03:48:24.050655Z","last_seen":"2026-05-15T03:48:24.30193Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xrpwalletdoff.com/xrp-xrp-logo.png","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.542Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xrpwalletdoff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 14:00:57 GMT","end":"Tue, 11 Aug 2026 14:00:56 GMT"},"fingerprint":{"sha1":"33:B4:3E:DA:CE:01:95:4C:49:6D:B3:4C:A7:59:B4:A1:16:34:4B:D7","sha256":"72:6F:14:21:17:1C:69:16:31:15:2F:9E:3F:93:0F:DA:6F:F2:78:B6:93:68:DE:4E:AD:A6:BC:99:D0:FC:73:3D"}}},"request":{"raw":"GET /xrp-xrp-logo.png HTTP/1.1\r\nHost: xrpwalletdoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xrpwalletdoff.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nage: 2\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CkWIvtWyvYfak7o%2BmLRisJh%2B%2Fa7wtYqKBBSAsuLgzY8M%2FlIG5lAocq%2FzBAmmxT5RRdj%2F%2FS7VhBg8YJvnEkLMna5dUsXZsqDdi%2F7AtVS9QFJf4eZ3TAriKdhuBtrysNnzEEJEiA%3D%3D\"}]}\r\ncf-ray: 9fbf2a12e89d4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-05-15T07:12:01.0213Z","times_seen":11503,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Hp2ywxg089UriCZOIHTWCBl0-8Q.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Hp2ywxg089UriCZOIHTWCBl0-8Q.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 62460\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 10 May 2026 16:15:50 GMT\r\nexpires: Mon, 10 May 2027 16:15:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 387128\r\nlast-modified: Wed, 10 Sep 2025 16:30:17 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 62460, version 1.0","md5":"4c04ee82dc1deb4f32b244195d258e9b","sha1":"9bd2bc9c6f54075acd20589f87c17a73e3ab07b3","sha256":"ab72fd10c9ac5633c1f9ae4267864b674596062e023458e02973080bd1098904","sha512":"43bd417c75382fbcad7a44c73db7ec8e883bb505b63215ec67488eb205b61acd94031d5740bdf70cf413fcb126ac6a567b4c71831eeb063e5643fa0adc704895","ssdeep":"1536:Hjv9lkTtdw0aS3yPvWdfDSFdW6KK8zPJ86DQMBXQX:Hz9ceS3y2FDSFdRKNzPJj5gX","tlshash":"8753028264d3489c8c8b69d354847f1c707ef88fc1b88995a8e33ca14d4b1e6e85ad7f","first_seen":"2025-09-11T19:26:36.805532Z","last_seen":"2026-05-15T07:07:51.069484Z","times_seen":12743,"resource_available":false,"data":null}},"time_used":348,"timings":{"blocked":120,"dns":5,"connect":16,"send":0,"wait":104,"receive":10,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sora/v17/xMQbuFFYT72XzQUpDg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/sora/v17/xMQbuFFYT72XzQUpDg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 33652\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 04:33:52 GMT\r\nexpires: Fri, 14 May 2027 04:33:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 83646\r\nlast-modified: Mon, 08 Sep 2025 17:59:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33652,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 33652, version 1.0","md5":"0d0e5e4d2f9fef29f3aff5e8e0e659c4","sha1":"93f322133a56cd58cb13fd9d3e3555426875e255","sha256":"fa26406eeda9a3c6ec3d9ea8813c3045d6dc755e30c716d5c094e8ef43be5a7f","sha512":"5b62778ffd0054b895ddb493ff46f760f96d0dcbc6e171466ea5497c02ce02c7a12238ebde1e73c7e95530634a0eab7fe1c4f1ca9d24f6f54cf6a9e9d9bab9f2","ssdeep":"768:ROxePX1Sw4LXk9Hj8lO1W87tUx7HfPrKF5:RBdS7jk48W86xL0","tlshash":"64e2f15d7d932490c4b41899c6e20e56eac508e1bad5ead3ff1b0d0eb71a4f4ce4e1e8","first_seen":"2025-09-09T08:23:20.681058Z","last_seen":"2026-05-15T07:18:18.964596Z","times_seen":2461,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":43,"dns":0,"connect":0,"send":0,"wait":101,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-15T03:47:58.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xrpwalletdoff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 14:00:57 GMT","end":"Tue, 11 Aug 2026 14:00:56 GMT"},"fingerprint":{"sha1":"33:B4:3E:DA:CE:01:95:4C:49:6D:B3:4C:A7:59:B4:A1:16:34:4B:D7","sha256":"72:6F:14:21:17:1C:69:16:31:15:2F:9E:3F:93:0F:DA:6F:F2:78:B6:93:68:DE:4E:AD:A6:BC:99:D0:FC:73:3D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xrpwalletdoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Wed, 13 May 2026 15:21:01 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4yDFNdu6Ko9kICc3RrgONcsJp2famzMkiBvZjJBVkXAlC92p5yNRPAGexpuqzOPs%2F5oroQ%2FFofAZ1TlR0K5%2Fua10%2BsAz%2BfwHKt7p0DlhKvkQKmCLST13ODbWSIhdz34hP4ecRg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9fbf2a105fd356c4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":167235,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (313)","md5":"e1e467c62d2a7baebef6c9f029b48da2","sha1":"ba1c6ca9080312b87ab7f030898e8b41cf46ae77","sha256":"68fef01d79756dbb4193130a419abebb36fc522c3483bc2d84f5f1a9cf12f175","sha512":"2d03d6c8c206b4b3d95cd7c2acfec30ad5676daa406817f264df565c7713eb03218cdc9bb575659e661c7b86628111380e3040ad941b892d14c9ea3e017f7eea","ssdeep":"3072:KEzZq2lxIu1/+yltvWhKU0CHpIg27uSqtN:1zkqGqtvWhKU0COzA","tlshash":"d6f393712174603664779cd565b50faf35a0e503d90b9258faac43e04ffbee2de23a48","first_seen":"2026-05-15T03:48:24.029845Z","last_seen":"2026-05-15T03:48:24.291007Z","times_seen":2,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":21,"dns":1,"connect":1,"send":0,"wait":46,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-15","alert":"Detects file containing Telegram Bot API","trigger":"xrpwalletdoff.com/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Sora:wght@300;400;500;600;700;800\u0026family=IBM+Plex+Mono:wght@300;400;500;600\u0026family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.142.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"25:C3:78:A0:E1:97:BA:8A:CE:43:FA:9C:BF:89:EF:DD:A3:CD:9C:40","sha256":"C1:18:7F:C1:92:8E:D0:83:CA:E8:62:DB:BE:FE:89:B2:84:13:70:FA:0E:40:65:D2:B6:8C:09:37:73:46:4D:4B"}}},"request":{"raw":"GET /css2?family=Sora:wght@300;400;500;600;700;800\u0026family=IBM+Plex+Mono:wght@300;400;500;600\u0026family=DM+Sans:opsz,wght@9..40,300;9..40,400;9..40,500\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xrpwalletdoff.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Fri, 15 May 2026 03:47:58 GMT\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15232,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"978f0da2cfa17bfa59d8df04d51ab061","sha1":"1ebf93a3e2bfca26e6ca18566e2c1f752e4258a1","sha256":"eda71c9e977ca93adbc827874777053f76d8e33de80ccae4b4c74733f774f016","sha512":"2a4fdada6f5e31ad34250df2610cb0f535e3158809b416b21fe054b83ba67b41ece19d006b8e3b5dc7e6a3d41567d923d376ead185cf677a27d23a8361b0c336","ssdeep":"192:JciIcDPc8g40fsdMNWpYpZQxFPE26Bs3U3IFvXesa4Ghb1dz1J1dS1a1dB131doz:t+so3Qustus0rfg6lFaA/jEV","tlshash":"9862cec1446ba400eb931cc123cebe36ae5e61917445c939affe2c98ec9fc261365b5d","first_seen":"2026-05-11T06:19:22.022299Z","last_seen":"2026-05-15T03:48:24.291948Z","times_seen":4,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":85,"dns":1,"connect":8,"send":0,"wait":18,"receive":0,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xrpwalletdoff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 14:00:57 GMT","end":"Tue, 11 Aug 2026 14:00:56 GMT"},"fingerprint":{"sha1":"33:B4:3E:DA:CE:01:95:4C:49:6D:B3:4C:A7:59:B4:A1:16:34:4B:D7","sha256":"72:6F:14:21:17:1C:69:16:31:15:2F:9E:3F:93:0F:DA:6F:F2:78:B6:93:68:DE:4E:AD:A6:BC:99:D0:FC:73:3D"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: xrpwalletdoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xrpwalletdoff.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript\r\nexpires: Sun, 17 May 2026 03:47:58 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xjCMIi5HlisrJvgqVIAEa1%2BIe5aOjN7yWj1DmrQGEkJnHXnguGnC64avQzi5wTi973TlDP25aG8xzkLjl4z%2Bf5Xe8OWfcOpCTfZfgXoEy4Ri%2FbqwmseHgVGG4AjITc%2FNAo8pCg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncf-ray: 9fbf2a11b88e4e4c-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-05-15T06:59:49.169229Z","times_seen":339318,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.coingecko.com/api/v3/coins/ripple?localization=false\u0026tickers=false\u0026community_data=false\u0026developer_data=false","fqdn":"api.coingecko.com","domain":"coingecko.com","tld":"com"},"ip":{"addr":"172.66.172.219","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.coingecko.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 05 May 2026 16:58:26 GMT","end":"Mon, 03 Aug 2026 17:58:05 GMT"},"fingerprint":{"sha1":"DC:08:FF:A1:6A:95:9C:7C:1F:98:80:9A:AC:EE:45:7C:D4:B2:28:85","sha256":"0E:0C:B6:2A:98:40:7E:DD:99:04:83:DF:20:58:3D:1E:3C:A1:5E:C1:D8:16:22:52:DF:73:F4:67:E0:D8:D9:68"}}},"request":{"raw":"GET /api/v3/coins/ripple?localization=false\u0026tickers=false\u0026community_data=false\u0026developer_data=false HTTP/1.1\r\nHost: api.coingecko.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://xrpwalletdoff.com/\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: POST, PUT, DELETE, GET, OPTIONS\r\naccess-control-expose-headers: link, per-page, total\r\naccess-control-max-age: 7200\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=30, public, must-revalidate, s-maxage=30\r\naccess-control-request-method: *\r\naccess-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\netag: W/\"11d7a3291cc76afb7ca84a0b702ceb7c\"\r\nx-request-id: 5ea46010-06ab-40a9-ae9c-a9db11e68f6d\r\nx-runtime: 0.022825\r\nalternate-protocol: 443:npn-spdy/2\r\ncontent-security-policy-report-only: script-src https://accounts.google.com/gsi/client; frame-src https://accounts.google.com/gsi/; connect-src https://accounts.google.com/gsi/;\r\nstrict-transport-security: max-age=15724800; includeSubdomains\r\nage: 4\r\ncf-cache-status: HIT\r\ncf-ray: 9fbf2a130e795a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29463,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ef279602f15a57f2feb25847b398148f","sha1":"dd76f7cc457325f974a1ac1b76c66e3bed863fdc","sha256":"1ca325b30b4782637677b4570cf5f634a3dbec5cc21c401fc929291600983db4","sha512":"4855deb3a6aa285141cb2efd460934766126fc7f498f6bf56b417fe2d00a07e1c91a5c9c533193a76f218a58141d5715dd1f09eb05c4f305bdb9ce2533750650","ssdeep":"768:iTfanxieQRj3evh8bMXFck6pgZCe67uIqncocHgV+LT7ovYP:aaxGRj3HbMXFcvpgZCB7uIqncoA3LT7x","tlshash":"c8d2c6620f7c20f0c4b966490e513b52ac29f3af51c84fa776a0ea5dd2ac5bb750781f","first_seen":"2026-05-15T03:48:24.018634Z","last_seen":"2026-05-15T03:48:24.293276Z","times_seen":2,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":19,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ibmplexmono/v20/-F6qfjptAgt5VM-kVkqdyU8n3twJwlBFgg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.583Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/ibmplexmono/v20/-F6qfjptAgt5VM-kVkqdyU8n3twJwlBFgg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14888\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 10 May 2026 11:52:33 GMT\r\nexpires: Mon, 10 May 2027 11:52:33 GMT\r\ncache-control: public, max-age=31536000\r\nage: 402925\r\nlast-modified: Mon, 15 Sep 2025 17:07:53 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14888,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14888, version 1.0","md5":"b1c8a895f5fd3fe6cbf5b4cf95c58d87","sha1":"d32f0e0701ac62043840131a800ce717a86e4ee2","sha256":"01d285447409c8a588692162439a038b8cbd7871309ee20267b0d2d91c6e8e22","sha512":"8e5f116c757f033e001d1622798ef0e689d860b6e4102c6d760398ebe653c6ec257bdcee0d8ec1ca7cf5663269ae36b79f8d44b5a0a81298c816ac5ed9a020ed","ssdeep":"192:0oK9+lgWZm57bYBeze/iw+Lp3HIpY4uY8rHcT1DHC4cIIK/Cgb2n5ZXwMEBHr5F3:9K+nro0uYQ6cECVnTXwRtQnyYS5qb/f2","tlshash":"f962be3785690217eb1df96f6133e205ccdede83877bc23262b2955b01cfbea5019255","first_seen":"2025-09-19T17:22:27.509445Z","last_seen":"2026-05-15T03:48:24.294015Z","times_seen":754,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":96,"dns":7,"connect":28,"send":0,"wait":112,"receive":2,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ibmplexmono/v20/-F6qfjptAgt5VM-kVkqdyU8n3vAOwlBFgg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/ibmplexmono/v20/-F6qfjptAgt5VM-kVkqdyU8n3vAOwlBFgg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15620\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 03:43:10 GMT\r\nexpires: Fri, 14 May 2027 03:43:10 GMT\r\ncache-control: public, max-age=31536000\r\nage: 86688\r\nlast-modified: Mon, 15 Sep 2025 17:09:44 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15620,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15620, version 1.0","md5":"5a2ce7798732476dec03a9561de231fe","sha1":"ce9a5ca3a874da9201c2630c5cb7bfaa9688c052","sha256":"0d1f0b8d0722224e32e9f28261bdc86c79115be73444ae5eceb73976a1bcdf83","sha512":"5c4ebd97feaabdb478b615990f286b114ee3b76ce43dfe4122b4e6ec998ae3d4110a4a893b65f6ba81c25da0d3ad7e5a5221fb8c8efb58e5d06e9b3c890f9832","ssdeep":"384:AcHslrQJgsgNQhzVr/oaqSeH04dAM4PmV:7slrULvz9/NqSZLZOV","tlshash":"4162d010270e7176dc461378dd56c9e30476ffbec8120f6b7e91a9a258c5fd4722127a","first_seen":"2025-09-19T17:22:27.512197Z","last_seen":"2026-05-15T03:48:24.294691Z","times_seen":718,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":111,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Hp2ywxg089UriCZOIHTWCBl0-8Q.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Hp2ywxg089UriCZOIHTWCBl0-8Q.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 62460\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 10 May 2026 16:15:50 GMT\r\nexpires: Mon, 10 May 2027 16:15:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 387128\r\nlast-modified: Wed, 10 Sep 2025 16:30:17 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 62460, version 1.0","md5":"4c04ee82dc1deb4f32b244195d258e9b","sha1":"9bd2bc9c6f54075acd20589f87c17a73e3ab07b3","sha256":"ab72fd10c9ac5633c1f9ae4267864b674596062e023458e02973080bd1098904","sha512":"43bd417c75382fbcad7a44c73db7ec8e883bb505b63215ec67488eb205b61acd94031d5740bdf70cf413fcb126ac6a567b4c71831eeb063e5643fa0adc704895","ssdeep":"1536:Hjv9lkTtdw0aS3yPvWdfDSFdW6KK8zPJ86DQMBXQX:Hz9ceS3y2FDSFdRKNzPJj5gX","tlshash":"8753028264d3489c8c8b69d354847f1c707ef88fc1b88995a8e33ca14d4b1e6e85ad7f","first_seen":"2025-09-11T19:26:36.805532Z","last_seen":"2026-05-15T07:07:51.069484Z","times_seen":12743,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":42,"dns":0,"connect":0,"send":0,"wait":59,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/xrp-xrp-logo.png","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xrpwalletdoff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 14:00:57 GMT","end":"Tue, 11 Aug 2026 14:00:56 GMT"},"fingerprint":{"sha1":"33:B4:3E:DA:CE:01:95:4C:49:6D:B3:4C:A7:59:B4:A1:16:34:4B:D7","sha256":"72:6F:14:21:17:1C:69:16:31:15:2F:9E:3F:93:0F:DA:6F:F2:78:B6:93:68:DE:4E:AD:A6:BC:99:D0:FC:73:3D"}}},"request":{"raw":"GET /xrp-xrp-logo.png HTTP/1.1\r\nHost: xrpwalletdoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xrpwalletdoff.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nage: 2\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rv7uSp%2FhYvya3g69mWTjexp%2FlbVxgkjp1Eqq5SsJlhk743LaOIWe1HOeTDBhTadUnvVs89UmMhw7P2%2B3D4PNW0GdYSMYWjyCDZlNJK5nzO14N%2BtMrmZzsc4SC7YD%2B1kaQjzwlA%3D%3D\"}]}\r\ncf-ray: 9fbf2a11a88d4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-05-15T07:12:01.0213Z","times_seen":11503,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sora/v17/xMQbuFFYT72XzQUpDg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.564Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/sora/v17/xMQbuFFYT72XzQUpDg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 33652\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 04:33:52 GMT\r\nexpires: Fri, 14 May 2027 04:33:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 83646\r\nlast-modified: Mon, 08 Sep 2025 17:59:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33652,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 33652, version 1.0","md5":"0d0e5e4d2f9fef29f3aff5e8e0e659c4","sha1":"93f322133a56cd58cb13fd9d3e3555426875e255","sha256":"fa26406eeda9a3c6ec3d9ea8813c3045d6dc755e30c716d5c094e8ef43be5a7f","sha512":"5b62778ffd0054b895ddb493ff46f760f96d0dcbc6e171466ea5497c02ce02c7a12238ebde1e73c7e95530634a0eab7fe1c4f1ca9d24f6f54cf6a9e9d9bab9f2","ssdeep":"768:ROxePX1Sw4LXk9Hj8lO1W87tUx7HfPrKF5:RBdS7jk48W86xL0","tlshash":"64e2f15d7d932490c4b41899c6e20e56eac508e1bad5ead3ff1b0d0eb71a4f4ce4e1e8","first_seen":"2025-09-09T08:23:20.681058Z","last_seen":"2026-05-15T07:18:18.964596Z","times_seen":2461,"resource_available":false,"data":null}},"time_used":335,"timings":{"blocked":107,"dns":4,"connect":29,"send":0,"wait":113,"receive":7,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/ibmplexmono/v20/-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/ibmplexmono/v20/-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14708\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 10 May 2026 10:24:00 GMT\r\nexpires: Mon, 10 May 2027 10:24:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 408238\r\nlast-modified: Mon, 15 Sep 2025 17:09:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14708,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14708, version 1.0","md5":"79936b18df9f734fb6b0a256b20d36b4","sha1":"bb87500e3204a3a7c65d6633c79c5c840c3be8d3","sha256":"08949f728dc52d528e69b1667d15c89a5686a4ee9a296ff90983985f99c380f7","sha512":"d5b9ed102916ebc2e1ddfe322a5dee1302329de23c0c7895639106766a52906b8ec2b9bf3ac7884dbdce6166e27d315808128d35d9609e45841e3c8c2818031a","ssdeep":"384:i54PnCNUhrlC/trZov44r9cmuyWPCZpMbyKdlm+:i2P0mrlC/cv46VuyVZSFdl","tlshash":"c962b073691e2539e1c2afb0c6c81f6c50f8d70b5ba5c6109378a063b7615ae361e9b1","first_seen":"2025-09-19T06:27:38.321624Z","last_seen":"2026-05-15T03:48:24.295972Z","times_seen":1556,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":94,"dns":8,"connect":16,"send":0,"wait":117,"receive":1,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/sora/v17/xMQbuFFYT72XzQUpDg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/sora/v17/xMQbuFFYT72XzQUpDg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 33652\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 14 May 2026 04:33:52 GMT\r\nexpires: Fri, 14 May 2027 04:33:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 83646\r\nlast-modified: Mon, 08 Sep 2025 17:59:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":33652,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 33652, version 1.0","md5":"0d0e5e4d2f9fef29f3aff5e8e0e659c4","sha1":"93f322133a56cd58cb13fd9d3e3555426875e255","sha256":"fa26406eeda9a3c6ec3d9ea8813c3045d6dc755e30c716d5c094e8ef43be5a7f","sha512":"5b62778ffd0054b895ddb493ff46f760f96d0dcbc6e171466ea5497c02ce02c7a12238ebde1e73c7e95530634a0eab7fe1c4f1ca9d24f6f54cf6a9e9d9bab9f2","ssdeep":"768:ROxePX1Sw4LXk9Hj8lO1W87tUx7HfPrKF5:RBdS7jk48W86xL0","tlshash":"64e2f15d7d932490c4b41899c6e20e56eac508e1bad5ead3ff1b0d0eb71a4f4ce4e1e8","first_seen":"2025-09-09T08:23:20.681058Z","last_seen":"2026-05-15T07:18:18.964596Z","times_seen":2461,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":96,"dns":2,"connect":28,"send":0,"wait":112,"receive":5,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/peak-connect-v1.3.min.js","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.356Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xrpwalletdoff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 14:00:57 GMT","end":"Tue, 11 Aug 2026 14:00:56 GMT"},"fingerprint":{"sha1":"33:B4:3E:DA:CE:01:95:4C:49:6D:B3:4C:A7:59:B4:A1:16:34:4B:D7","sha256":"72:6F:14:21:17:1C:69:16:31:15:2F:9E:3F:93:0F:DA:6F:F2:78:B6:93:68:DE:4E:AD:A6:BC:99:D0:FC:73:3D"}}},"request":{"raw":"GET /peak-connect-v1.3.min.js HTTP/1.1\r\nHost: xrpwalletdoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xrpwalletdoff.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Fri, 15 May 2026 03:47:58 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 13 May 2026 14:51:27 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6a048fef-302c26\"\r\nexpires: Fri, 15 May 2026 15:47:55 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 2\r\npriority: u=3,i=?0\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BSEDUW1wl%2FA4wbpE9o11C%2BWzf2W%2B%2F513UdbslyfHdZqNKfwqIkve9cwAURwu89K0zxAoF4q9PtGaFL1fV7dshulIfy4uj%2FDw7SSyuZOxh3%2FJlycVI%2BVHDbbL9D6xIG9nFbo3qg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fbf2a11b88f4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3157030,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"247ff109c3d690269e7a322fd4d2bc44","sha1":"774abdc5329e38f08461fa88e4f9645d74ba5fb1","sha256":"652d0d691375e7671f228c33c81751826f091c6b0ea4bbb15f317ba31fe3d47d","sha512":"e7c2625020a483866d721d3ca0666f97f16a94874240b294595119d9a4c815d0454a229046cce27f891a95e7be4260cada7a5b42387b7bbcca772a63457ce4b0","ssdeep":"24576:WN38EPhmsUvS9tVd99ltRNsKT30icFORx1Jlpth1hddKg2kApX1I9SENjoB8LRYO:WN3ipUyf35NJXXmjRTSg","tlshash":"53258513a2d038d641d75eb1b72750dafc2d4bafb58c9afa998cf830bce1054e598634","first_seen":"2026-05-15T03:48:24.047229Z","last_seen":"2026-05-15T03:48:24.296591Z","times_seen":2,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":35,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v17/rP2Hp2ywxg089UriCZOIHTWCBl0-8Q.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:58.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:40 GMT","end":"Mon, 13 Jul 2026 08:36:39 GMT"},"fingerprint":{"sha1":"7F:B3:C1:48:F4:27:B8:68:3C:19:02:13:E1:6F:23:04:AC:C8:65:17","sha256":"FC:08:6D:DD:C4:AF:25:5E:6A:51:A0:A1:4E:27:4A:FF:E3:A5:37:ED:A4:1A:33:C1:27:48:DE:AB:71:AE:5D:2D"}}},"request":{"raw":"GET /s/dmsans/v17/rP2Hp2ywxg089UriCZOIHTWCBl0-8Q.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xrpwalletdoff.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 62460\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 10 May 2026 16:15:50 GMT\r\nexpires: Mon, 10 May 2027 16:15:50 GMT\r\ncache-control: public, max-age=31536000\r\nage: 387128\r\nlast-modified: Wed, 10 Sep 2025 16:30:17 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":62460,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 62460, version 1.0","md5":"4c04ee82dc1deb4f32b244195d258e9b","sha1":"9bd2bc9c6f54075acd20589f87c17a73e3ab07b3","sha256":"ab72fd10c9ac5633c1f9ae4267864b674596062e023458e02973080bd1098904","sha512":"43bd417c75382fbcad7a44c73db7ec8e883bb505b63215ec67488eb205b61acd94031d5740bdf70cf413fcb126ac6a567b4c71831eeb063e5643fa0adc704895","ssdeep":"1536:Hjv9lkTtdw0aS3yPvWdfDSFdW6KK8zPJ86DQMBXQX:Hz9ceS3y2FDSFdRKNzPJj5gX","tlshash":"8753028264d3489c8c8b69d354847f1c707ef88fc1b88995a8e33ca14d4b1e6e85ad7f","first_seen":"2025-09-11T19:26:36.805532Z","last_seen":"2026-05-15T07:07:51.069484Z","times_seen":12743,"resource_available":false,"data":null}},"time_used":360,"timings":{"blocked":134,"dns":1,"connect":29,"send":0,"wait":30,"receive":61,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xrpwalletdoff.com/favicon.ico","fqdn":"xrpwalletdoff.com","domain":"xrpwalletdoff.com","tld":"com"},"ip":{"addr":"172.67.128.24","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xrpwalletdoff.com/","date":"2026-05-15T03:47:59.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xrpwalletdoff.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 13 May 2026 14:00:57 GMT","end":"Tue, 11 Aug 2026 14:00:56 GMT"},"fingerprint":{"sha1":"33:B4:3E:DA:CE:01:95:4C:49:6D:B3:4C:A7:59:B4:A1:16:34:4B:D7","sha256":"72:6F:14:21:17:1C:69:16:31:15:2F:9E:3F:93:0F:DA:6F:F2:78:B6:93:68:DE:4E:AD:A6:BC:99:D0:FC:73:3D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xrpwalletdoff.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xrpwalletdoff.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Fri, 15 May 2026 03:47:59 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nage: 2\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5iu%2FPXh6Ytoi4vhMfmQheDmur5ywFvfDeRziSkiEUYkbwQBAebQx08ir8zrCuAMchOq00TJoY5QznU2dPHUaoscdN%2BMt6X2DaKMBiaaZJEXLVwyxfb3lD4X6fi0d68RIevqpLg%3D%3D\"}]}\r\ncf-ray: 9fbf2a1858ba4e4c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (56756)","md5":"cbb42513032d6c09e496731ac16c20a9","sha1":"c92f38a701aad58408451d24dd4c47b05f158cf0","sha256":"d189695b2f3bb92369881f2428fa861dca9d9a94c638d9bdc4e2fa747d6f315b","sha512":"3d76f1018afceaba7cbb4083f4a5b5758966ec2aa5d5c6b07d72361782809f7ed4bd34ed9e0c4154d01a2db7192155de8251e5a834dd90b8d9823d916e1b7285","ssdeep":"768:cHJYDDQHVZHIs91TXESJBjgBSp00yCqJ3Z+IYM3WiesRQiULO0bpD9tcNQEfdom2:cmDD6oeFUycwpk06hWp1b99c7VM","tlshash":"8443021803de40a2cd8978d9426f2f3d842a1863da1c94bd1f5b6df4ca0d8a4767f1e9","first_seen":"2024-11-25T13:26:01.204756Z","last_seen":"2026-05-15T07:12:01.0213Z","times_seen":11503,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-15","alert":"Sinkholed","trigger":"xrpwalletdoff.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}