{"report_id":"39514bc2-0980-43fc-a7aa-cb079bccf657","version":6,"status":"done","tags":["suspicious"],"date":"2026-02-25T22:08:28Z","url":{"schema":"http","addr":"punchsonsol.com","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"172.67.166.104","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"punchsonsol.com/","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"title":"$PUNCH - The Sanctuary Monkey","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"punchsonsol.com","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"172.67.166.104","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-01T22:08:28Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":8,"urlquery":2,"analyzer":11}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54056,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.802595+0000\",\"flow_id\":1643338017416047,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":54056,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":54056},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-02-25T22:08:06.795503+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54072,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.806734+0000\",\"flow_id\":1806059295879427,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":54072,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":54072},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2672,\"start\":\"2026-02-25T22:08:06.798979+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48282,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.813169+0000\",\"flow_id\":427443513343732,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":48282,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":48282},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-02-25T22:08:06.802548+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48312,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.825609+0000\",\"flow_id\":1573033697769583,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":48312,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":48312},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-02-25T22:08:06.817263+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48294,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.832237+0000\",\"flow_id\":2038782098831050,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":48294,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":48294},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-02-25T22:08:06.816842+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48296,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.833649+0000\",\"flow_id\":283757529954244,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":48296,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":48296},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-02-25T22:08:06.817092+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:06Z","timestamp":1772057286,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48324,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:06.999696+0000\",\"flow_id\":1469520690939226,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":48324,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":48324},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-02-25T22:08:06.984410+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-25T22:08:07Z","timestamp":1772057287,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48340,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-02-25T22:08:07.082127+0000\",\"flow_id\":1974099891392521,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.31\",\"src_port\":48340,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.31\",\"port\":48340},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-02-25T22:08:07.069641+0000\"}}"}],"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-02-25","alert":"Hunting_JS_WebAssembly","trigger":"uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2026-02-25T03:05:04.781981Z","last_seen":"2026-02-25T03:05:04.781981Z","alert_count":8,"request_count":8,"received_data":5020571,"sent_data":3848,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"connect.sol.ms","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-10","domain_rank":0,"first_seen":"2026-01-18T23:46:03.161332Z","last_seen":"2026-02-25T21:51:48.33221Z","alert_count":0,"request_count":1,"received_data":2847697,"sent_data":579,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"punchsonsol.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-02-17","domain_rank":0,"first_seen":"2026-02-25T22:08:33.117885Z","last_seen":"2026-02-25T22:08:33.117885Z","alert_count":31,"request_count":15,"received_data":3153297,"sent_data":7011,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"uygft-a78s.vercel.app","ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-01-28","domain_rank":0,"first_seen":"2026-02-25T18:10:52.490414Z","last_seen":"2026-02-25T18:10:52.490414Z","alert_count":0,"request_count":4,"received_data":2851633,"sent_data":2256,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"punchsonsol.com/","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"629078d1ed0fb11110f56abc8ff98943","sha1":"5a3fb703d414ccc06ab74faf60c8c4c50e96ba8c","sha256":"c33e0ef6c8323435a822064a6d4519aeef0232b138891b0545502e458dc7f937","sha512":"eee866f9dfbe77192377df8713018f75004b0dbc0a9438d74e764bbc16f555a064c91717b2ccb4cb7c1a84b392495f79b09f3dadd11d8eb8c7fd98048ca0fc0d","ssdeep":"","tlshash":"a3c012597031656a418d7c6e0c4f048d7a368412610959c698ddc8507fb6f7846a084c","size":181,"data":"","first_seen":"2026-02-17T15:01:35.026544Z","last_seen":"2026-03-04T16:41:50.603909Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3f9305bfe231b46f46f6aa4f9601f2a2","sha1":"8d69cdd50045daa452152815e21bc2affd617503","sha256":"8bd4b9b1946d5eeeb34ec58e7a74084486a14275555be285f9f000a66be65dad","sha512":"09b1ca85d25a7310e780af028459e9a82c4f0e7724e51d2df745acbe0becfd442c2fd31a336fc36f8d3467a29d265db1c4cbbfef732ecdf67b0d980e0890901a","ssdeep":"","tlshash":"cd21d01be5a36471f866306e67cbf60531375847810eda047e0c9d017fa5116873e6da","size":1378,"data":"","first_seen":"2026-02-25T03:05:09.99146Z","last_seen":"2026-03-05T13:47:43.068318Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3571233ccd51cb26312529755d004802","sha1":"42d34e5527c268957df718662c6c9adfb79efa24","sha256":"c7cc1ab710099b1d8b1bc760c5de52486c3ace98a5505e00eb05b2d9ffd225b1","sha512":"3292a17bf029770003f361a3f54229f1dc9bdfc4bf5d4c1fff6351953a6a3a9817c7c9a4310e9bee4c29b89b710826411e4674420580562506bd918713a6cc44","ssdeep":"","tlshash":"f7c01247151a15b2252644009b273a857d62216e29449094ea2496541ea4587c6b81ed","size":177,"data":"","first_seen":"2026-02-25T22:08:37.714995Z","last_seen":"2026-02-25T22:08:37.714995Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"e43358d5ad43818811926c1cdf117e00","sha1":"da456772ef8eea1c2d6137b143afbbf80755395e","sha256":"e707689b29b9990b3e53955ff2b47b3aa571e27736ea8f14eaeb0710ccaf6d62","sha512":"6fa79cc8a27fab19fd41ed2246ac2ab4fec75340b56f3d2ac5e88ee45ea2afd041f358c72ce48c8901535d01d7ff7e24151759492e312645c4c5821d5e62ef6a","ssdeep":"49152:R4+xtaUFAYp8Su3ilTYDMsvpXrdVCiG/NdUgmS9UT9bCWCawOJGSH17129hBpWL2:lxuitgJCWCawOJq","tlshash":"0ed57cb073b1707907e792d454a71100f234a44a700984bcfbec95e7af9aaca957bf78","size":2843020,"data":"","first_seen":"2026-02-25T22:08:37.716375Z","last_seen":"2026-02-25T22:53:16.936448Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-02-25","alert":"Hunting_JS_WebAssembly","trigger":"uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"5d6b40c4aae225122c4040d46a729db5","sha1":"41eefc481944f0260ae76d248dac1edc387ea81a","sha256":"7f39019c2d30e14c179f9b069915bae19bffe491c2c87a47a3fe1e198beec4b5","sha512":"9cc352f30fb38faf36907d320c59648f90a596e43b1221b2f897e5d2ecf5dbe204d979f2ade2073d0e155acb7c45b703da08a989d9112a45529b29f4a5fae21d","ssdeep":"96:x1GTFGKLAbwozNgFtxni/gwEUG4K5pWAWZB4724qQ4q/qu3Q5KUDQ5bi2IcrYtx9:x1GhXu1Ybi4wcls47223QpQ+X9UDa","tlshash":"7d12878dbef22175b567602a1b5f620c75772007244dcd21b6ac87003f60b66a67bfed","size":9085,"data":"","first_seen":"2026-02-25T22:08:37.717577Z","last_seen":"2026-02-25T22:53:16.930983Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-06-03T14:16:15.147553Z","times_seen":3139,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cfbf65bcacdd7622bf02a61b12330408","sha1":"0c3267e406a427e4d1ace0f374b70df0a0290da8","sha256":"2cf043362265d647b503452b77cacf1e24d5537fecbe1dc25aa292e6e2fd3070","sha512":"cfbe640e14b51d4e1315d15d09de7018f86a3b840201bfee25c088a0de557c1387a3e898ced2339f233a0fbda5751f3ccfb2e6c1bc82c5c7b90dec87a38023de","ssdeep":"192:xocdYtm8ZdQbHp3nOU/fBrBNKDlWShsd+/IVhJZ1XwO17igOZmxOYv0Vp:xZSm6UnOUhrBuWmsd+/IVh3u5uPva","tlshash":"e6420aa7ce8b2d11cfa04b0417de1cda091e1f8a58e385cc9f0aabc4568f86745ec5ec","size":12225,"data":"","first_seen":"2026-02-25T22:08:37.719025Z","last_seen":"2026-02-25T22:53:16.933954Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"punchsonsol.com/moonshot-icon-Bztdtrh4.png","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /moonshot-icon-Bztdtrh4.png HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 15086\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"adb6d2eeaf2b36fb3ce4ffc2eab2c9d6\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8BPUBFwZmzhD6Rn3CgkNHN81GQO14Eq93M6JqPyND6vUWBsAXRJZU0I6qbsYAMydi%2FNdeDxeH%2FG2SEokVVirkKRV%2BNiBJdazM2Pgf6PtJg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84e96f4ade4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/png","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"a2e5f67b4eb9a016c2ca745613d4d682","sha1":"8580d082af65d9fb1e8bbdb3244b89af982a9358","sha256":"5f0143cdd2081b2c185ae85a0939ccbd59a5810a108e1ec3f30de012b6e5b462","sha512":"c29554a972bacce0448a51ed79a77419540f8b28507736df2592e8bd2bf8590e912c615cf3747540f26342866c8929a15bae4a93da236fe1a1d83eb16ddefefb","ssdeep":"384:jHcbimE0SBu5wj85RR+Cu8q3ovBouqrlXwdvcuPl00D1F3FNvZzi6HLM:1mBmUR+Cu8q3ovBouqrlXwdvc4hF3FNQ","tlshash":"0a6223551b77499feea10b3c45420b3bfdb88d1d443e95ed6fa27e688a3f280bac5140","first_seen":"2025-09-17T08:05:11.181885Z","last_seen":"2026-06-04T07:10:47.774273Z","times_seen":38,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.279Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /6xKtdSZaM9iE8KbpRA_hK1QNYuDyPw.woff2 HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://punchsonsol.com/css2.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28336\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"c43a54eb03f3cc244717351f331d8582\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tlwBNwR2IFThIyh6GTJm%2F8PQj4KZJuFo9CJgkrx9q4R6D9D0H54ZUD%2BktTVv4h%2BCKd3RoTa3KfN%2BpQa4Rqyp1Vx7gg28rdlBXfBRARhEvQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\ncf-ray: 9d3a84eaba66de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28336,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28336, version 1.0","md5":"068c503647ace91cce6adc5b017dabaa","sha1":"f82805e27e919f768d4b09795f8ce830378a7a6b","sha256":"1b092c711df1c7ad200c2bc73305c792315ff882adbac925d79fb432bc0673c3","sha512":"6dd0f29b9958189bafae2c1c435921bfd7981cfbb3e539498dc6885ee13b6b57dd2c24a48e5f240341cdda59b1a9e40999d0f2d45ae1b9930e8061cae91bd1b3","ssdeep":"768:G1GVHDpdLWI8N0tdmdk8yb2BNadHc7Qv8uzk58iF0s+:TdLlw2dmdk8y+aNOuY58M0t","tlshash":"f3d2f2bf22665b83cb87506f0d8da181df4fa99cd703886e0957157d5ad4193ce0392d","first_seen":"2025-09-05T09:07:09.035131Z","last_seen":"2026-06-08T10:28:04.90625Z","times_seen":616,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":46,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/favicon.png","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 1661401\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"4fe2f09efc8abebe41726208b9569b52\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UGoKfSkTC93rNYgcsnwF0nznVdQvbN5iLuTIOIP7sjHmmDMPA%2Ft7JMJJChU0Dfgyu92MbpuI4%2Ft8IBU%2FTbPaE7ECNzw8xa1rgHZOKqcPlA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=6,i=?0\r\ncf-ray: 9d3a84eb6bb6de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1661401,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"eff526a069ca8d9ae8bcb424e369cd5a","sha1":"1bf25380b4a3826d753a71e1356d328134237c58","sha256":"7e38c898082469e9fd51c8844c125e6f7a64459c592e8cd5d8095bd33ee68324","sha512":"59c67501beeb9641f4d93063f85dff6581b6168ce940f840709976c91d1d385e566ee5c9b8fa68766bd09bf2e41ff9391182f678624e3b5fe7bc988268a7794d","ssdeep":"24576:r/8yIRjHvrkWPpAi0B/82Yx3EAlweTyBVUWOv:Lp+jHvrkoAi0BdYx3E0TjWOv","tlshash":"a1253367bbe47b61c375346692d25a73b3c4f823363a06020c5ca964fb297ec22587d7","first_seen":"2026-02-17T14:21:32.251647Z","last_seen":"2026-03-07T02:08:56.713728Z","times_seen":31,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/api/v2/binary","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Feb 2026 09:22:01 GMT","end":"Tue, 26 May 2026 09:22:00 GMT"},"fingerprint":{"sha1":"43:A7:0E:2A:17:34:DC:42:83:88:AE:D6:95:95:09:58:26:71:E6:C5","sha256":"ED:6F:3E:CA:2F:60:5F:3F:0D:72:55:8C:78:B7:4E:0A:E1:37:CD:EE:4D:72:9D:FC:CE:FE:66:8B:2E:C3:13:95"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: uygft-a78s.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nX-Session-Id: 7a35cfb102e46db9dbac9ce8906d86ae\r\nX-Config-Id: 69942fd9d3ed144b17dc6119\r\nContent-Length: 99\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 25 Feb 2026 22:08:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lHPt06GYOAf%2FQKh3rjMFRN3jI%2FKS5xmYSJ7N6F%2B3GcEDygEHzaOIzdyEvlxVPkI6RDNUCXm6na6NDqaAwTLjCF3Tk0mUOtI7kC7bIaUQdZG5QwQ052WEC%2FMB4KRMFkl8wF8HEQ%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::wph2w-1772057286774-e8c5f9880f98\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"c6117b947e3836f733f0465d474ffe35","sha1":"ae8d924f03ce6cfbbfe70196881f834df71211f5","sha256":"8bd892f729c2535a7fb6a8e4ecce237e82f5b8f60d2505ad380f9c34dfbff92c","sha512":"5e354cc57d5de8f613cb8a14c029328466160c0b553e7b2556043b475d9551509d125c33b0dd5ea7a3077abd5e4aae4e1797dd785155982771877d1d47cddd9c","ssdeep":"","tlshash":"26b01286d6160530e07c2a775bc1584899ca680444a0028c21489104e44cc26c2ad481","first_seen":"2026-02-25T22:08:37.698079Z","last_seen":"2026-02-25T22:08:37.698079Z","times_seen":1,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":106,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.812Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:07 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:06:40 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84fbed3cb28a-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"589dfc1cda320239b5ffa144fbc72c39","sha1":"bc905d626cc383b1c3e161d585df3a667164c927","sha256":"3ed7ae1939c55ffa191a3d546b810f7d83dae59763af66f696ea8c793aa64128","sha512":"c802caae51ba658070a7a46765e5a6bf8d6d4d7a3d264cfe5b7d13794f087536e4fb417240cb646133ab4d8a83d6823d19e88a2ed0e6ae4510d2aa1bdedf936c","ssdeep":"12288:bw+YEyoNI/qVAQPiktG7xzVnTRZQ7UarysToF0O4aNwT5+8YI7r8CUBJGszdI:bDYQNB1s7x5nT9wysI0jlfn8CUBJRzdI","tlshash":"2bf423b8e03c5657d6a62025391d27c0bde7e0299cfe7d3233c898218bdb5bd1d58a1e","first_seen":"2026-02-25T03:05:09.974212Z","last_seen":"2026-03-07T02:01:37.473104Z","times_seen":25,"resource_available":false,"data":null}},"time_used":370,"timings":{"blocked":168,"dns":4,"connect":5,"send":0,"wait":120,"receive":32,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:07 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:07:07 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84fc59522678-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":119251,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"a77fbaf007e1321c604c7a7b1addf8e4","sha1":"5fa9374e453dcffc95bd81f2c489a613b7628806","sha256":"fb3479adbfd857a386a4964c59379d74de0d32ed9c22b66b6bbb8f5f30f988cf","sha512":"7505e39e16b38d58d86b9350775873f00488d988728e70a09947002d4cc7519a3be76b76a53243635f03ea7fc28372f73438bd6732bdbc033bf27c6b8acc8fd8","ssdeep":"3072:bf5Iz++emEBeefEU69n8DMeI7bRooWIWGSICgjY0:bfw++FELEn9n81uoNI/s0","tlshash":"77c312c6f07fdb18eee024b4275a59c93ed6027abcbe3c320580985d6f839665e0c965","first_seen":"2026-02-25T22:08:37.700738Z","last_seen":"2026-02-27T18:39:02.129008Z","times_seen":2,"resource_available":false,"data":null}},"time_used":693,"timings":{"blocked":257,"dns":0,"connect":2,"send":0,"wait":403,"receive":4,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/368c3cd160cdf7bdb68422318fb4843d76277b57.png","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /368c3cd160cdf7bdb68422318fb4843d76277b57.png HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 1684\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"6645b3f94f044a031cdb3831c53fa2c5\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7iHvLhf4Jo5xKDfz3dlZyg7meRnSEE%2BvV0F%2FRP1TkNFwc1k1tp839%2FE8CZRSG8xXOxw9AjoXH0WKRJKdAepiphZskYAahVoOgq0%2Bvgp3wQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84e95f45de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1684,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit colormap, non-interlaced","md5":"cfbee30423be9a136c62a587241892ec","sha1":"368c3cd160cdf7bdb68422318fb4843d76277b57","sha256":"f4a71a2875311839b77b9983773b9a0f9a16cd1c0a4b2326487f80347608c9e8","sha512":"4806328ff7dc91240714259505cf28f02c8a4a449fd9716808da345a7ad304fa3277adf999d090a50db5a8f15233bca8039035b19544a7d949fde6b7d51fbb65","ssdeep":"","tlshash":"12311a7a4b2d0f31c6a7fc380680d2f7bc573968f8ba05a38619d5634905b8e5bd5f11","first_seen":"2026-02-17T14:21:32.240025Z","last_seen":"2026-04-19T19:45:04.639227Z","times_seen":13,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/XRXV3I6Li01BKofINeaBTMnFcQ.woff2","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /XRXV3I6Li01BKofINeaBTMnFcQ.woff2 HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://punchsonsol.com/css2.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 39152\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"b059a3b4a2f48ef1e8bfe7e118288e5b\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TpEWD0dGvVOnB9A9okoMrt6LEV6%2FPkMijG3WJ1z%2FTLF9h4f%2FBZaBPflTpFQtvf2aMtx9OlpZ4KidpEMdHGGOHtIaLBfnKA9LJJoJRlE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\ncf-ray: 9d3a84eaba71de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39152,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39152, version 1.0","md5":"acfce21e9f6eaf62a1058b502b920e06","sha1":"c67f96573543ec91b416b0da07f979f80b89b6b6","sha256":"20fc9b6fc618e7c3c68d3ac750a2a5dfbceb8521675458d2cea580b5693e4798","sha512":"213daf669f64b3d1c2e86311afdb173873ee379bccd1e7c2a891bb17cd5f0c01e485bbed331b34aeb8cf0ff7b8962fefa136533e9b9218174eb6a72cf3c5eb00","ssdeep":"768:8oje8HA6B+ldUVqnpuc8oq8OlKJZejd5sSuSbccIeC8MQ:8oy8Hf+DcqpWo3OWZc/sscccQ","tlshash":"a603f13825463274fa888f297b2485859d2c3cd68d25e9339cefa35d2302d7915bbdec","first_seen":"2025-09-17T21:27:48.949651Z","last_seen":"2026-06-08T20:45:30.612526Z","times_seen":2152,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":48,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"connect.sol.ms/modal?id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F","fqdn":"connect.sol.ms","domain":"sol.ms","tld":"ms"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sol.ms","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 10 Jan 2026 13:14:54 GMT","end":"Fri, 10 Apr 2026 14:13:18 GMT"},"fingerprint":{"sha1":"23:13:25:E8:BB:B1:A7:64:03:A6:FA:74:FE:64:83:16:36:18:78:2F","sha256":"09:BC:C7:26:D6:B6:3E:5F:F6:A0:08:0F:2E:59:DE:F1:93:17:47:57:05:FE:C4:42:22:CD:D7:A4:86:1B:45:B7"}}},"request":{"raw":"GET /modal?id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F HTTP/1.1\r\nHost: connect.sol.ms\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-length: 0\r\nlocation: https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe\r\nvary: Origin\r\nx-ratelimit-limit: 50\r\nx-ratelimit-remaining: 49\r\nx-ratelimit-reset: 600\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bY5CrEr4ttNoST2a1RHc%2F5q%2BHWb7U%2FcXAHUIV8nfg%2B01Fc4fr17xYHl3vQqWyS33isDZRblcMYWIWtC7kZIpB3Yuy3%2FHIuhfhphcdxIu\"}]}\r\nserver: cloudflare\r\ncf-ray: 9d3a84ebea68bb02-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2846967,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T21:16:18.866443Z","times_seen":16250262,"resource_available":true,"data":null}},"time_used":376,"timings":{"blocked":114,"dns":61,"connect":8,"send":0,"wait":151,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/api/v2/handshake","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Feb 2026 09:22:01 GMT","end":"Tue, 26 May 2026 09:22:00 GMT"},"fingerprint":{"sha1":"43:A7:0E:2A:17:34:DC:42:83:88:AE:D6:95:95:09:58:26:71:E6:C5","sha256":"ED:6F:3E:CA:2F:60:5F:3F:0D:72:55:8C:78:B7:4E:0A:E1:37:CD:EE:4D:72:9D:FC:CE:FE:66:8B:2E:C3:13:95"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: uygft-a78s.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 25 Feb 2026 22:08:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wr3Lc71OvkPye2rgC%2FqG1BezbcwxcMl5bIgYg2F8uXpcocZaG4RKge62hI8IsuP%2Bh2sOuPJR%2Bz6ZvP0juWpjokjkHXXGNi4arehycP2W5IarILwxke94D3i%2Fx%2FCLULO4%2F%2FCBDg%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-session-id: 7a35cfb102e46db9dbac9ce8906d86ae\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::wph2w-1772057286451-2e510c0dd3a7\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"07f03228114965063532769152e80f41","sha1":"1544b92924d4b4deb1f926d2f247cfd69dbaf9d4","sha256":"ce208af9871c38931eef752c0b51cf294258f4ea3d3263c155dbc06fccc59bb9","sha512":"f3395aaf267076943bad3669d73b07f62950682d56723a6783e1c1b041488f9248675c85a99775a7dcf670ed650d751bd3f53c20fab2b280ecd54692ac990b99","ssdeep":"","tlshash":"a6a012c050d3f20c4c83403404484f449cc0b2f100114c8662a48506281c000869206c","first_seen":"2026-02-25T22:08:37.703Z","last_seen":"2026-02-25T22:08:37.703Z","times_seen":1,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:06 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:05:42 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84facad676ef-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"77c8cf44927733853063e12a9c919838","sha1":"e753f4fab619a4ad9c7e362f7dbca7d28c6af569","sha256":"0a412e42c896359759d6f578d9439fdfa66c8387c55de84440861ea71f463e59","sha512":"23e51c246c2f5f89fb1e53fad2bbba306a23f2a5d708b1b58dd8b8a60a382c9e38d475a7b57e90d617d2f87524659ca3c63da65c0248367925c1f5ab8bb570c6","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxiVUSmj3+SSB9WV:avufiMHLszpYKMLHl4XSjC3h+s","tlshash":"8ff423e9846d4c8222510261295a753c2053b03eddf7bc39b1acdf9dc69ee3e8ce91e5","first_seen":"2026-02-25T03:05:09.958112Z","last_seen":"2026-03-07T02:01:37.50279Z","times_seen":62,"resource_available":false,"data":null}},"time_used":365,"timings":{"blocked":43,"dns":3,"connect":4,"send":0,"wait":128,"receive":146,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/14d846f919c250753292c841c993e60c97cb38c1.png","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /14d846f919c250753292c841c993e60c97cb38c1.png HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 580\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"ff95b702837c278eab990379fb3c04ec\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MKpvYd2lX9fZQRUv53dg%2BnzpRKSUG2y2LJbO8qFeVTMDNySyfLdQSW6K9ev%2BcyM1jBHqU6YUvlVqK5lc%2BlG6eHW2MfybzyE50u%2Buv0a6KA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84e95f49de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":580,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"3844918f86838a166a91bd9084584267","sha1":"14d846f919c250753292c841c993e60c97cb38c1","sha256":"9bae945259048de70ef5fa88b2e850da5b26b2cc4a06c49cf51e3e18d2584cbe","sha512":"469811f250656654e3a515b5ead3179104b6d66d63776b9626d9120f49250b5a5f5c2c1bbb075d7f36bde42e9fa4e7c2a4e093a00a45b5c853ce0d4bc9ebbdfb","ssdeep":"","tlshash":"9bf047da5d587d58d5c1142d9ec3e4cf9420717c4c16a77057a09471b431649a18d0c5","first_seen":"2025-09-29T03:56:36.498311Z","last_seen":"2026-06-07T01:53:19.661447Z","times_seen":36,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Feb 2026 09:22:01 GMT","end":"Tue, 26 May 2026 09:22:00 GMT"},"fingerprint":{"sha1":"43:A7:0E:2A:17:34:DC:42:83:88:AE:D6:95:95:09:58:26:71:E6:C5","sha256":"ED:6F:3E:CA:2F:60:5F:3F:0D:72:55:8C:78:B7:4E:0A:E1:37:CD:EE:4D:72:9D:FC:CE:FE:66:8B:2E:C3:13:95"}}},"request":{"raw":"GET /demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe HTTP/1.1\r\nHost: uygft-a78s.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Wed, 25 Feb 2026 22:08:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Sxcu6%2F4kWqw6iscKazE2D2Thsa45REUFN%2BkviP5Is0mGpdvttDp3Z0qwe0VQnaLwRuCc6OyHt%2Bx%2BDF%2Fqm0uM9iogwosA4IG1SKJFl71pd2yPHieGiPvJBq%2FVwavO32ASv7GLZA%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-ratelimit-limit: 50\r\nx-ratelimit-remaining: 48\r\nx-ratelimit-reset: 538\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::9kp2w-1772057284653-5e0add256116\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2846967,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (33714)","md5":"d6be63dd486e7a74220c7c4e6623adda","sha1":"7d662e78745ae368eae5572269e79cd02c9f5240","sha256":"7f5a8732f4fe6b9199ce72bf48f5a6380958c9152760dfb71a1ebd1d0f5eb8a5","sha512":"4b8d1470ec8306d8f0e6f5da7b592622c28dfc174c3ece0bac4eb2e4dc072a0bbebf7eca13325ddbab439cc5154308001a0b1f5644e53e37e6b19f6fd8030677","ssdeep":"12288:E44LZxNuaZYNUIFPfLUlKY4Ue+jFy1rq6c5249AZQmYN8Ge5CK3i/R0u4gpJF:E4cZxtaUFBE1r5c52aAZSu3iZ0uTJF","tlshash":"e4256cb073a1b07a03eb92d594661100f334941a700d84acfbaca9eb6f959cf957bf35","first_seen":"2026-02-25T22:08:37.704873Z","last_seen":"2026-02-25T22:08:37.704873Z","times_seen":1,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":31,"dns":1,"connect":1,"send":0,"wait":10,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"uygft-a78s.vercel.app/api/v2/binary","fqdn":"uygft-a78s.vercel.app","domain":"uygft-a78s.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.3","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Wed, 25 Feb 2026 09:22:01 GMT","end":"Tue, 26 May 2026 09:22:00 GMT"},"fingerprint":{"sha1":"43:A7:0E:2A:17:34:DC:42:83:88:AE:D6:95:95:09:58:26:71:E6:C5","sha256":"ED:6F:3E:CA:2F:60:5F:3F:0D:72:55:8C:78:B7:4E:0A:E1:37:CD:EE:4D:72:9D:FC:CE:FE:66:8B:2E:C3:13:95"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: uygft-a78s.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nX-Session-Id: 7a35cfb102e46db9dbac9ce8906d86ae\r\nX-Config-Id: 69942fd9d3ed144b17dc6119\r\nContent-Length: 99\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Wed, 25 Feb 2026 22:08:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WfGNpnYZ2Hej8Wsj%2BvXM4t3O9Zpj4MZfVPiJQB6xgIbLjRp1eW6gubmfSqd449KdJ684pak%2B55PFYjzHfi1od7m0dRZoOA2BshGGNLNQJj6zHoDYGf32y2Sm3IZ8p%2BsjHTw%2BLQ%3D%3D\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::wph2w-1772057286639-05e8cc94c2b8\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":995,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"d2e16986e09600b234be308d3f5c91b8","sha1":"50fbe4d00cb400bb1f2cd767f41ab67872f68fa2","sha256":"75310c43ce12f4a234e4b7ed342b7c88083163898d4c6d84fbd012ec4c974ad9","sha512":"29074337f93b1449e577f9241496011f0d5cdf7c27dc8cb65a84ea1fb2383327747b689e6403c421f7122ebad70c84daec517024a258796db3c421bd20a51801","ssdeep":"","tlshash":"9211c861c0b80217845c5b70f3480e07d515338f68fe2d11889d5870116bbe4ad60c9c","first_seen":"2026-02-25T22:08:37.705654Z","last_seen":"2026-02-25T22:08:37.705654Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-25T22:08:03.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:03 GMT\r\ncontent-type: text/html; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FpxkUs7gzVNPL7YOuYR%2BK0EcRNq1dscPB75iYj8e%2BG%2BC744pm0JuJDjfS1yz0Try1tCLkxs6jXHm3hH8Mmm%2BvtxiKPXnQ7ipTw%2FejSzwdQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9d3a84e82ba18687-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":82771,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (35063)","md5":"56cc8b5c5a1784fd40d644504d3a3ef4","sha1":"8a5c6c410ae503c42c98ed20d2cb8ba2b16e7856","sha256":"4b9878a819203f29462757654319142e7bd00cda3285769efe530c8de2e8820e","sha512":"5e344229c591e7c8d0c580002c76ca56e490ce611d4c568bc36ec628e7dfc5506eb82d30e87b445cead1809d7c72377d61fd113c0c2aedce32d3d88345acee15","ssdeep":"1536:AHWXx/c64Jysq7vzJ/RYiyQrBCoU+d+5WDnLuUfkgzQGrRvzoClZyLOBisdrP7:1VrBCoQTUTZN","tlshash":"60834c21e20c163daa0b8698fbc57739512ae383de23445cf25d0066d3c7ee959ee7d8","first_seen":"2026-02-25T22:08:37.706586Z","last_seen":"2026-02-25T22:53:16.906183Z","times_seen":2,"resource_available":false,"data":null}},"time_used":213,"timings":{"blocked":81,"dns":42,"connect":8,"send":0,"wait":51,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"punchsonsol.com/XRXV3I6Li01BKofINeaBTMnFcQ.woff2","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /XRXV3I6Li01BKofINeaBTMnFcQ.woff2 HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://punchsonsol.com/css2.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 39152\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"b059a3b4a2f48ef1e8bfe7e118288e5b\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TpEWD0dGvVOnB9A9okoMrt6LEV6%2FPkMijG3WJ1z%2FTLF9h4f%2FBZaBPflTpFQtvf2aMtx9OlpZ4KidpEMdHGGOHtIaLBfnKA9LJJoJRlE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\ncf-ray: 9d3a84eaba5bde4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":39152,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39152, version 1.0","md5":"acfce21e9f6eaf62a1058b502b920e06","sha1":"c67f96573543ec91b416b0da07f979f80b89b6b6","sha256":"20fc9b6fc618e7c3c68d3ac750a2a5dfbceb8521675458d2cea580b5693e4798","sha512":"213daf669f64b3d1c2e86311afdb173873ee379bccd1e7c2a891bb17cd5f0c01e485bbed331b34aeb8cf0ff7b8962fefa136533e9b9218174eb6a72cf3c5eb00","ssdeep":"768:8oje8HA6B+ldUVqnpuc8oq8OlKJZejd5sSuSbccIeC8MQ:8oy8Hf+DcqpWo3OWZc/sscccQ","tlshash":"a603f13825463274fa888f297b2485859d2c3cd68d25e9339cefa35d2302d7915bbdec","first_seen":"2025-09-17T21:27:48.949651Z","last_seen":"2026-06-08T20:45:30.612526Z","times_seen":2152,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/CameraPlainVariable.woff2","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /CameraPlainVariable.woff2 HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 133760\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"47772e63d908841c0f9936b68ce09c70\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pRtv214G6E44kR2j2TzWkgggEm8OpwFfsQ4eATDMYVlIc45LOGxX9za%2BnT5q4l3Qw21F7ox6FPJLOakK0fph4lAUZyfVcKL49G4LAOxNQA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\naccept-ranges: bytes\r\ncf-cache-status: MISS\r\ncf-ray: 9d3a84eb1b18de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":133760,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 133760, version 2.0","md5":"c48bd2439e2921fc4d3aaef0e57446be","sha1":"396596764aebbe25ba1c45f19091f48a7e17a9e5","sha256":"0f4491b0f9f6b9c3e6054a9f0036583e3978fd3a8d8f49ba5da05d63cf875cbb","sha512":"cb9ff1ede5ea280e8586c3e6e84c68685b3749fa492fb1babef3d0bb72ab1b095b1c00531554ead12e31139f226c7aa96399b11fd6ae256ea134639d98d95b64","ssdeep":"3072:OWSP0iIzCkvibLej77I/9GRBm7Xy2TJ46tNP7HlgXffTp/CGZ7YpV/z:OdYGkviXe7l87C2XtBC1/CGin/z","tlshash":"d9d3123e2ad0e463aba505b13a7f65808a2e5f11e3c773c145b274cfd5302a8236da7d","first_seen":"2025-04-23T20:37:12.507957Z","last_seen":"2026-06-08T17:57:29.289821Z","times_seen":1059,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:06 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:18 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84faaa2676ef-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"eeebcd74061a9dcd7dfad338ebe1d46a","sha1":"23148fe8cd0cfe6b4379103d03dabde517e9bfd9","sha256":"631978ce1c77fdc8360949130dc08a761d8a5cbf0b87875b7b1556706cabc068","sha512":"e151fd7805ccbf649173ed454739604bbb31cbd0daa1dbf057454363c74532c9a5c2310e516f087f21ef09e5cd7de46e91d67e01815274b82573caae494eff45","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tSKnXb:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVr","tlshash":"41f4233ac26c0681a9a500112e6526604c337cbc54feea3383eddf3adb5b92d6da5295","first_seen":"2026-02-25T03:05:09.955526Z","last_seen":"2026-03-07T02:01:37.494267Z","times_seen":63,"resource_available":false,"data":null}},"time_used":378,"timings":{"blocked":36,"dns":1,"connect":1,"send":0,"wait":153,"receive":151,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/punch-gallery-4-DHouJ9EW.webp","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /punch-gallery-4-DHouJ9EW.webp HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/webp\r\ncontent-length: 73540\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"9bc661b33cac9ce13695f32f02e76e8c\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HP6vHxvb6rnLAfhjoxmdnprgmdQdvMQLwNZrwQEocW4P2cn2f5L0suImbakAH2QmIrIqUTYf%2FwiFpWAQ782%2BEkJ4utgOYyqiV5ElBno%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84e95f41de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":73540,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1152x864, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"ac78f265782bfd05c285eca761e4277e","sha1":"c75cec7db9f5e756dcddf086b2ad5ab48c01bb3c","sha256":"f3c5abb4cbb6d64ead5988d4ecde1f826b526d5b4071eea486f16e6b6a4dbf0c","sha512":"8ae11b51597616645e88887ed3899b241f8d80a5c11909aac7528e266d34ab18cb65a4db885d37dd1bc6500e7d88a226a83b3c3adffe28dd25b576c7f19a1651","ssdeep":"1536:+4Jwg1JQ7DxU5ejeM0iPsSIGYQNt1tf2l+A8e6hRNlJvOOSA9m6:/JRriVvj0SIzQNt1++A8jrJvai","tlshash":"b67312711b8ba48cb64b779b11914b96ac173ec254b3e617ce46ad4ceefc0159f35802","first_seen":"2026-02-25T22:08:37.70835Z","last_seen":"2026-02-25T22:53:16.917719Z","times_seen":2,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:06 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:28:10 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84facf048be6-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"77c8cf44927733853063e12a9c919838","sha1":"e753f4fab619a4ad9c7e362f7dbca7d28c6af569","sha256":"0a412e42c896359759d6f578d9439fdfa66c8387c55de84440861ea71f463e59","sha512":"23e51c246c2f5f89fb1e53fad2bbba306a23f2a5d708b1b58dd8b8a60a382c9e38d475a7b57e90d617d2f87524659ca3c63da65c0248367925c1f5ab8bb570c6","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxiVUSmj3+SSB9WV:avufiMHLszpYKMLHl4XSjC3h+s","tlshash":"8ff423e9846d4c8222510261295a753c2053b03eddf7bc39b1acdf9dc69ee3e8ce91e5","first_seen":"2026-02-25T03:05:09.958112Z","last_seen":"2026-03-07T02:01:37.50279Z","times_seen":62,"resource_available":false,"data":null}},"time_used":343,"timings":{"blocked":43,"dns":8,"connect":2,"send":0,"wait":121,"receive":138,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:07 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:30 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84facd785ebd-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":180224,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"7e47182b9bd1b3916527f9f1445c9b0b","sha1":"0b62ad926dbc914b9fb9754aa1c2e5b44ed98e2c","sha256":"d2db67fbe68da0d9c87899816155b125cbfa51b28117aea040d3edef26e838f1","sha512":"d3513003e51757e65129f9438eabf4d9bd16714a44cf15cc79b59c49910337b6e61188e1381f61cf1a4d4da21fcdb1312dd5f86b3424f2b9e517dcff9d1897b4","ssdeep":"3072:W5q1q9QYl/IpgAudbxUMojrOSzvUR6wFnW5ZLaMoxmKp4AdWkcCVzp:W5q1Y6gAQxUROSc/naZLtHKp4AdWkcCD","tlshash":"9c0412f9a8bc0c46b90a75513756573789aeb01e08f73cb71fe17b813b8e46a02c991d","first_seen":"2026-02-25T22:08:37.709317Z","last_seen":"2026-02-25T22:08:37.709317Z","times_seen":1,"resource_available":false,"data":null}},"time_used":476,"timings":{"blocked":45,"dns":7,"connect":3,"send":0,"wait":383,"receive":4,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/punch-cutout-DhN8p0Ob.png","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.066Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /punch-cutout-DhN8p0Ob.png HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 925786\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"93ca62daf4635269294ccd64c7f2c578\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4Y11A5bftg5GCQeJkNAsxkgKZIx0Rv74nJktjUSAozs4wCpWyksqadUB14iPfznxOyTovWt%2F6gB8XHNcMKSVWW8RA2HRr%2BHGZU2pWFh6kA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84e95f3ede4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":925786,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1184 x 864, 8-bit/color RGBA, non-interlaced","md5":"1b6d87a1d7187b75190b6a886065f20f","sha1":"4b939ceff15ac4564debb54655e965a88f28bc3d","sha256":"cba14be5b543d63106d289b4a81555c80a8df17ea6a0a61eb63db96b5240172f","sha512":"44ae99135a4b08c56e36357a2fc2f3bd84f97405c953a78190e6eb5099463e3d78a8d60b9246be802d2bab6a0eb1a0826418d673f42aa73fc6a6e307bfb360ea","ssdeep":"24576:mFiPnUrZ9lkkD9QxWV/2B3FpdGeoa+8tf1SII6nk6Pa5YV6Pl42M:HfUrOv6/yEeoa/3I6koh6G2M","tlshash":"991533e46b375c88c03e040a8da44bc57ce4f8d1bed96a76331d999031daf54f8aeb49","first_seen":"2026-02-17T14:21:32.246667Z","last_seen":"2026-03-07T02:08:56.707785Z","times_seen":30,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:06 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:15 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84fac8883181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"13ec753f0f7ac3f2e09cd8fb3d159fd6","sha1":"fb7c640e5ea1b3eb5af719aec31fe04a971c27db","sha256":"69c12f796a581c42a4dfedd57a615fdc0407867c0ab2577507c6afe5320d5b26","sha512":"79c55e8cc4ba19d93751be035f34ffea46704d06b08da0ee65a013c3bb40a7f3295156bc659db38df831457a65d53ed01bb79812b5903f66de13108d99c85e9a","ssdeep":"12288:WKLOlpdbVhOBbi61VlVP30w5qYO8DgLhC9bxl0zY6+wqzta5YpqXl5M0k+3uJH:WKS1/OBbi61/Vvx5qYONFC9VGM60S15M","tlshash":"b4f433f9941e38c2eb42b5617c2f12219dffb09b487f5fe24b40ba6a23dad4443d9458","first_seen":"2026-02-25T03:05:09.960469Z","last_seen":"2026-03-07T02:01:37.469286Z","times_seen":59,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":42,"dns":7,"connect":3,"send":0,"wait":115,"receive":101,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://uygft-a78s.vercel.app/demo.php?antibot=false\u0026id=69942fd9d3ed144b17dc6119\u0026parent_url=punchsonsol.com%2F\u0026source=solana-iframe","date":"2026-02-25T22:08:06.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://uygft-a78s.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Wed, 25 Feb 2026 22:08:06 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:26 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d3a84fabd3c4c11-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"eeebcd74061a9dcd7dfad338ebe1d46a","sha1":"23148fe8cd0cfe6b4379103d03dabde517e9bfd9","sha256":"631978ce1c77fdc8360949130dc08a761d8a5cbf0b87875b7b1556706cabc068","sha512":"e151fd7805ccbf649173ed454739604bbb31cbd0daa1dbf057454363c74532c9a5c2310e516f087f21ef09e5cd7de46e91d67e01815274b82573caae494eff45","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tSKnXb:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVr","tlshash":"41f4233ac26c0681a9a500112e6526604c337cbc54feea3383eddf3adb5b92d6da5295","first_seen":"2026-02-25T03:05:09.955526Z","last_seen":"2026-03-07T02:01:37.494267Z","times_seen":63,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":41,"dns":3,"connect":1,"send":0,"wait":108,"receive":29,"ssl":40},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-25","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/index-SZfjjG5Z.css","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /index-SZfjjG5Z.css HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lQ7zEBCGcBWU7N5AMAJhYQW4KtjY9ctxebm7BR%2FzVlGfvoGgFLmmwrhFR%2BPmV4wqS9%2FuaLZ6p%2BqBpQW%2FTAqRmiAwIZLlwhqFnQoehzefhg%3D%3D\"}]}\r\netag: W/\"34ae0a5ad9bb8ffa2d47a29c4d155adf\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncf-cache-status: REVALIDATED\r\npriority: u=2,i=?0\r\ncf-ray: 9d3a84e95f38de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":75001,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"39762eff7a521cbc9773cd69cb1102a4","sha1":"626a98af0693196c1bba5c1bf07a584316c2722c","sha256":"b5777dbe06a30d6c318b68a1b90ee6f95e0626799c557029bcb4bf0f212e5548","sha512":"5db7bf351395531b2d79d8371e7e01ba81ad9ec98833f6899c66c6e184448a05e327bad41aec14bfc5e68ac509068c90b53bfa272c3fc8396347aa60a53a6993","ssdeep":"768:c7XhHtNsYdkeQU+ZNYrfAaGsCL4U378VQZkt5FN/GToLAnW:EhHtaYdkdUkaGsCr378VQZkt5FNCoL1","tlshash":"17738419b92da13e2c27a0e983ccbaec611df0c0dd3b06b57e9a412127d27f51dbb558","first_seen":"2026-02-17T14:21:32.245454Z","last_seen":"2026-02-25T22:53:16.909494Z","times_seen":10,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/geckoterminal-icon-BShTt9Xs.png","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /geckoterminal-icon-BShTt9Xs.png HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 53742\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\netag: \"19e5bc49fb17bfd363373318491c82b2\"\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dEDZylPrOSrgbYW4G6xWlayYDVLehwKY8y7MmFXVt4V%2BbC79mdgPR2RJs15IS0q3%2FS6ZELnrnBU68hJ%2Fsbs2WHC9PU5wj0QqrsfCP5nU1Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\naccept-ranges: bytes\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84e95f44de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1080 x 1080, 8-bit/color RGBA, non-interlaced","md5":"5392b87808e89f951bf6b96067e3eeba","sha1":"0906bb158b47690894bee802070eeee8fe54cb75","sha256":"22c2f109087d11d2503811de864ba4e8062dc92de6ae45448f77371f398d5f7d","sha512":"e8cdbad40abb582cdc2cef196031f51dea387f7690d9e7aeb7a1d39e7de6dd7353e474aade7dd2b80fb0cdd93a31e6afeb417195ed95eb82c6f1c4b7eaf187c5","ssdeep":"768:rUUZoIl+prgHwAc+km2memzjS1VUo6vhXcxa7PM19ebLDxE8EBzwPdyvO:rpyJpox2memUGo6vhXcH19ezxgJG","tlshash":"9e3302e9b564f588caa1f8b10443aa514e6f1aefd7cc85124745dce4271c80a02fbf7e","first_seen":"2026-02-17T14:21:32.234965Z","last_seen":"2026-06-08T12:29:11.786232Z","times_seen":27,"resource_available":false,"data":null}},"time_used":134,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/css2.css","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/index-SZfjjG5Z.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vQnlRh1FSLqLQYsPTQeaEFWzVAnZvdNeEkaVdC0LLk7fJYF1XwoyWgUbXU4YA5gmQ0Xfsn0%2F2iq1eydgkiimNzLO25qKNs1KAhmPW6g%3D\"}]}\r\netag: W/\"d2b775c8ab9fe6ba4e2ab9059d561cfa\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncf-cache-status: REVALIDATED\r\npriority: u=2,i=?0\r\ncf-ray: 9d3a84e9d8a1de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11236,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"8f6f686f1e8a8f2abb5512d45e48b603","sha1":"05bbbf39ecfd3be9b9042649f880ce211775e576","sha256":"bfefb51c91089749d56f903759a723078aa7d1da0d24aa1becb59c4cc9fb79ad","sha512":"023a39438bb2772a2fa0b6575ad313bad1d2ae361ed2f168f8a81fcd8b5b25e7df4cbd87e4446d47643aba51dfb39e06a7a32d4d65f8081cadec4b7268467faa","ssdeep":"192:OI+ZZpM3UXI0ZZXW3ewIbZZw13d1IyZZ1w3o/NIRWWOPR1WryRMWEhRTV:JSZo0Z1tZVGZLMHqS","tlshash":"61329890086aa000e7971cc12bce3f33ad4db2547455da386ffe4458acabd2533a6b4e","first_seen":"2026-02-25T22:08:37.712181Z","last_seen":"2026-02-25T22:53:16.913726Z","times_seen":2,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"punchsonsol.com/78716061356dacb37660bc4787244cab5edafe48.svg","fqdn":"punchsonsol.com","domain":"punchsonsol.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://punchsonsol.com/","date":"2026-02-25T22:08:04.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"punchsonsol.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 17 Feb 2026 14:00:06 GMT","end":"Mon, 18 May 2026 14:59:59 GMT"},"fingerprint":{"sha1":"2E:EA:7E:89:C1:23:85:3A:7A:B0:A1:42:05:30:BB:BB:D1:27:67:D1","sha256":"B9:F4:00:DE:4F:93:0F:77:EF:B7:E2:0F:6F:42:47:31:BF:2A:96:37:4B:18:9B:74:B1:D2:99:90:FA:65:85:A4"}}},"request":{"raw":"GET /78716061356dacb37660bc4787244cab5edafe48.svg HTTP/1.1\r\nHost: punchsonsol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://punchsonsol.com/index-SZfjjG5Z.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 25 Feb 2026 22:08:04 GMT\r\ncontent-type: image/svg+xml\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400, must-revalidate\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UQwmdSOggQgq94PPobgeZpx5Tnal1o710mkWuGyw6j6X0U377zKQwkNijtzwcGUvUn8Tn0ZabQQHey6vnPJEfchLbs08cOV2eYHQ%2BRA%3D\"}]}\r\netag: W/\"a17a217c200f7133cb3bc6e90a5c9b0b\"\r\ncontent-encoding: br\r\nserver: cloudflare\r\nvary: accept-encoding\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\ncf-ray: 9d3a84eaaa52de4e-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":257,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"77b43ae6e67ea92c060927d8df956845","sha1":"78716061356dacb37660bc4787244cab5edafe48","sha256":"28333a529a2f0a3228bc969cb9881f06865fa96fa4cae6dd6e251fce1d1cc52b","sha512":"66dad786e10210679b34cd38a66698aafe15f3c94e77cb560069ccbecdc4341186173e70ae5ca0cd0b92a0fa5578a37dd0a37164c6f229ebe5f7419ed5946a6f","ssdeep":"","tlshash":"7ad02b3442d88c0c81144355f7e8cb08228fc08793880a49d0e4399650064e16c2027e","first_seen":"2026-02-17T14:21:32.242515Z","last_seen":"2026-02-25T23:05:25.064111Z","times_seen":12,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-25","alert":"Sinkholed","trigger":"punchsonsol.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}