{"report_id":"47c01eee-b309-4e46-bc39-ee1a0f6e1f63","version":6,"status":"done","tags":[],"date":"2026-03-07T00:52:57Z","url":{"schema":"http","addr":"xn--pnp-8na.fun","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xn--pnp-8na.fun/","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"title":"pump","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"xn--pnp-8na.fun","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-11T00:52:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":8,"urlquery":0,"analyzer":8}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43206,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.426903+0000\",\"flow_id\":903128389281275,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":43206,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":43206},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-07T00:52:36.419323+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43210,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.428429+0000\",\"flow_id\":1695485430887391,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":43210,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":43210},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-07T00:52:36.422879+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47212,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.441989+0000\",\"flow_id\":2205426897945199,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":47212,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":47212},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-03-07T00:52:36.426607+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47228,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.446991+0000\",\"flow_id\":1587954482198006,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":47228,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":47228},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2672,\"start\":\"2026-03-07T00:52:36.439798+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47254,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.460109+0000\",\"flow_id\":284292321426053,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":47254,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":47254},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2674,\"start\":\"2026-03-07T00:52:36.440965+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47238,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.464280+0000\",\"flow_id\":865656947128756,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":47238,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":47238},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2599,\"start\":\"2026-03-07T00:52:36.440756+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47258,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.661019+0000\",\"flow_id\":1842379754879544,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":47258,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":47258},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2026-03-07T00:52:36.637496+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-07T00:52:36Z","timestamp":1772844756,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47268,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-07T00:52:36.784640+0000\",\"flow_id\":1879421700330873,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.32\",\"src_port\":47268,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.32\",\"port\":47268},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2674,\"start\":\"2026-03-07T00:52:36.775545+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null},"summary":[{"fqdn":"xn--pnp-8na.fun","ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":30,"received_data":3713076,"sent_data":13503,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.reown.com","ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2000-01-28","domain_rank":0,"first_seen":"2025-09-26T22:04:59.160341Z","last_seen":"2026-02-28T08:59:50.494431Z","alert_count":0,"request_count":7,"received_data":338255,"sent_data":3360,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2026-02-25T03:05:04.781981Z","last_seen":"2026-03-04T13:08:02.812325Z","alert_count":8,"request_count":8,"received_data":6670387,"sent_data":3800,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(9).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(9).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ASx%2Ff%2F3p%2FFxjL7JMWpt1spaW2Wj2VSHwDn53CWkQOeFAYQF1V5bkgD9%2F4ZFJIspxLTmZIRoQsd6b7eVHX4kDEk794N8d4bDVkogDwzaN9w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"f2e-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd7f1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3886,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f5bb103a9cb785c5a65fdcece3403c95","sha1":"29638d23bda212e5868b0c8c4dceed6a2523d0e3","sha256":"0c6609f85bae03c61eaf9b65e38a8e81791d59d3ba0e465e7f6d079ea191c58d","sha512":"a235117c71aeb30bfe4187981456f6d5672ccf1f3fbecbfdbfff419cb519e59dbd5889f2731130566f7508f71f9539b1885d2eda5f01c65482f8087dce980154","ssdeep":"","tlshash":"b08176a25b58006c240203f9caf5b4b6373f71de75d40684bdbc8772b4426afc887959","first_seen":"2026-03-03T14:41:54.826694Z","last_seen":"2026-06-01T09:54:50.02642Z","times_seen":50,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTekaMono-Regular.woff2","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.138Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTekaMono-Regular.woff2 HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 35836\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4198\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\netag: \"d9f04a87559c7cb8fd4dc85e16f292c6\"\r\nlast-modified: Wed, 13 Aug 2025 13:41:59 GMT\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2f3c371ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 35836, version 1.0","md5":"d9f04a87559c7cb8fd4dc85e16f292c6","sha1":"b1c409b4512757654e78381b461e4eae303bd5c3","sha256":"6f0fb7a71d24385e53113fd29c812c8923649e3063e12f8465d3e45a1b183457","sha512":"ee5be9d9cb4ac195c35f0285e971c4db7a6d0c26852ffc7d2c4eaf4c3b3ea311ffed98a20c1afbaf57c6159224cb108d9894a07c999b2f59615397040a28ef2d","ssdeep":"768:rhftQee8/9NOz7HTIMqJVDQtFDGHR91lSIO960XN1zu+aXw:DHe8VNOnzqV8GHj3S5XzubXw","tlshash":"bdf2e16bd8194560f9fcc87a0d8520ca2d81197635738d77f3999342bb9e33b21c789b","first_seen":"2025-09-26T22:05:13.133134Z","last_seen":"2026-06-07T23:41:51.458099Z","times_seen":360,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":95,"dns":11,"connect":3,"send":0,"wait":20,"receive":1,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:05:42 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e500ff81a30-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"77c8cf44927733853063e12a9c919838","sha1":"e753f4fab619a4ad9c7e362f7dbca7d28c6af569","sha256":"0a412e42c896359759d6f578d9439fdfa66c8387c55de84440861ea71f463e59","sha512":"23e51c246c2f5f89fb1e53fad2bbba306a23f2a5d708b1b58dd8b8a60a382c9e38d475a7b57e90d617d2f87524659ca3c63da65c0248367925c1f5ab8bb570c6","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxiVUSmj3+SSB9WV:avufiMHLszpYKMLHl4XSjC3h+s","tlshash":"8ff423e9846d4c8222510261295a753c2053b03eddf7bc39b1acdf9dc69ee3e8ce91e5","first_seen":"2026-02-25T03:05:09.958112Z","last_seen":"2026-03-07T02:01:37.50279Z","times_seen":62,"resource_available":false,"data":null}},"time_used":428,"timings":{"blocked":52,"dns":3,"connect":9,"send":0,"wait":126,"receive":192,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar.svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar.svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wu3gYwa22nJdNuJjUTDxCjnDZTBCZCMNGEttL3BLHxuxipcwR4SADMth4Kq6ZRBgat861o7zTBeJBjRO5Fap52aF0xvyjoXgQiRYlPy9dQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"5e6-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1819\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bad521525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1510,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"18f2fc17ac77fdb973466f124e9ca122","sha1":"68bd6731ed959e1f5dd949626815666e064cffbc","sha256":"b7db6ed11802cefd01a512022a780eb7e2ab34afce94b067af05b000ef74cb65","sha512":"087911d6fc6b0a530a89cfb6f9ef34bc887d37a4a3dec5252e287ccd786eca0fc9a0fa7b48a143c18ec086b3844476b201616d5a96e7321736f92a178fd4790b","ssdeep":"","tlshash":"4d31c29574496822170786a3fefcbd5f403322ef96c540dab9c22853e0b62df1f54b69","first_seen":"2026-03-03T14:41:54.789024Z","last_seen":"2026-06-01T09:54:50.028393Z","times_seen":68,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/test.png","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/test.png HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"264ff-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 156927\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NqfJGnyru%2BhFmTR3m1XZz5yIQgSJQo%2Fcu1xqouB1c6CeNOi9ySU6965N%2BsOSRhuTE3kfPqgLSGf4Sil8XQUchHVVuJ28%2F%2FsvV%2F3nfJhEXw%3D%3D\"}]}\r\ncf-ray: 9d859e2bad571525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":156927,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 520 x 338, 8-bit/color RGBA, non-interlaced","md5":"8b88ddfe90a92454917586cf84e586d7","sha1":"d16259399d44dff391f5974adf775fc23bac4169","sha256":"68107e0adc7f8fe9b7ae440668500d9a043e3586f2065f7e13171a164a3d666d","sha512":"b3353539596b0e19ebf70f89b678c7d86813cf24c183a5fcb06bca78fa6b6ad9a374f08a1d507273fe885a037e4c252e143f60abde391ebfabf993622589f1ec","ssdeep":"3072:bUgx4JxoUU0NBICSF+fPHFgYZSViXpf//ulwweQQ2ccE8MaWb9:bUs4JJUiWF+fPHFgYwVYNeS2ZE8sB","tlshash":"eae312f7b49fb86372b5f667d407bf477bf54104d2ba4229de60562020a7e11d328823","first_seen":"2026-03-03T14:41:54.83931Z","last_seen":"2026-06-04T13:30:34.519555Z","times_seen":159,"resource_available":false,"data":null}},"time_used":40,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/demo.html","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/demo.html HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\ncontent-type: text/html\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H%2BdkcPILLdWq9iiTCB3DzEZLpQ5ztH6rIJwBQ0Gm9%2BqgbAxNcBClez9LTmHPVxWXMAmAQQ%2BWrGSA26xhD7OQrSGdWTxjgJRhX9w5oa3d0g%3D%3D\"}]}\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\ncf-ray: 9d859e2cadaa1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2866601,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (33714)","md5":"081de41f2ca6a28c8f03d16a554f4e07","sha1":"1ebbf100b4f1386b086d610a478f7740ea3bb8e8","sha256":"99b15b0584cbedc55021a0b65d25cca6f6c14e8cb1552120ad39819d5f2127e9","sha512":"9e7b712eaffcd570263b6f616e9407f9a6cbc3fcf0e74021547254ba12c7b376b8011d6b2665231143eac127a51b29871898fbf9f2d7bd9b1bfaee222c3ce2f8","ssdeep":"12288:n44LZxNuaZYNUIFPfLUlKY4Ue+jFy1rq6c5249AZQmYN8Ge5CK3i/R0u4gpJo:n4cZxtaUFBE1r5c52aAZSu3iZ0uTJo","tlshash":"42256cb073a1b07a03eb93d594661100f334941a700d84acfbaca9eb6f959cf957af35","first_seen":"2026-03-03T14:41:54.929999Z","last_seen":"2026-06-01T09:54:50.002646Z","times_seen":38,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/noir.js","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/noir.js HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ILD8YDW0%2FXmIgiM86h1F8aQB7jRuYmnwqw1K8zZKxWsCx08zAESsS%2Bz97kaNA4bT%2FTLfeuVmlc3dMI0WQyx%2BLoTVpKrmt5e8ql5o%2BTB4CA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d859e2bad451525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":277,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"5838dd40f035bde298bd69e3fad817d7","sha1":"46a92b45aad035a02fbb32e4c967feac3dfac065","sha256":"cf482f280cf1270d95055cec2f05e1d8e0c904a27f86a2483e0b86e2bc96bae0","sha512":"0d9ad5b1a271dc1ba415b4416faf981b15d0ac881d22214d2baeec4f37fdd2b876a6465ec21fad880f7a9780ca917f0c7114b33b5c13a4d84005852607853242","ssdeep":"","tlshash":"93d02bde5083a2874912146039c225c2264d12f6a43b42a83d86e48757a8d3ecddb69d","first_seen":"2026-03-07T00:53:06.694556Z","last_seen":"2026-03-07T00:54:55.546602Z","times_seen":2,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":77,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTekaMono-Regular.woff","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTekaMono-Regular.woff HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: application/font-woff\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4198\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nvary: Origin, Accept-Encoding\r\nlast-modified: Wed, 13 Aug 2025 13:41:59 GMT\r\netag: W/\"944c37658ddfd015ec2d26ace1d57e62\"\r\ncontent-encoding: br\r\ncf-ray: 9d859e2f3c321ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":51936,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 51936, version 0.0","md5":"944c37658ddfd015ec2d26ace1d57e62","sha1":"b809229ab132914e716ab1b9863cfaf6696f14e5","sha256":"5a17138e7eb4cdebda94066b8081d3a6f5065bedede63136510877c5a8fd23db","sha512":"8a8cb3e83d9a0353c9ab77c4d40e879b24948abb5f170d1c66507cc2e07f3060d75e6d12829d1cd98d6164875c1080610fb71ca1b75bb559d294eae55741d6c9","ssdeep":"1536:yV/p2LNmMiTXr23hA/g0IRuEWNh5tUp/Coue:y6crGhKxEktaQe","tlshash":"c83302482c1b555343f3a6f21ea869e90f40914b776cef0e9d9ea9a6d0852f4c31c3b7","first_seen":"2025-09-26T22:05:13.143105Z","last_seen":"2026-06-07T23:41:51.478207Z","times_seen":324,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":91,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/test3.png","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.690Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/test3.png HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"1cabc-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 117436\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PFkPmoda5oGkA5BXteNy2qFauL81sBVgy39yPBhvxIWiyEOQcMfeQEX8I5%2Bk71%2FYIG8CVVw%2BWjRGJQzRKn%2F8PVMUOWU2LoupSyw3vHAg%2FA%3D%3D\"}]}\r\ncf-ray: 9d859e2bbd6f1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":117436,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 418 x 235, 8-bit/color RGBA, non-interlaced","md5":"54056261002caa913cf0d3734aba1ca8","sha1":"b3c16bbe38282e428fe39c68849fff64f2516354","sha256":"e2ed16081ffc8bf7ce3e532c3c6411d0ae0e743f97f8b50f177435d5106a399e","sha512":"4b7a6b504ee676e47441aafc72bb14f40e859621faa56ef1c03f9e162e7334aa6dcd02c38aa955258b9743a5327dd2b3102262b00d3e4ddd9c12baf473f7909e","ssdeep":"3072:/Hks+B/jZmi9GwJqbGh8mqBeOTAVxFIx7RIyqi1xW1qX/v:B+B/jQwJqbGh8RBeOcVxFIxJI1qX/v","tlshash":"68b3128f922c0851dfc72b45e361f86abc33392257ea6b62917d487700ccc7546ad62c","first_seen":"2026-03-03T14:41:54.917407Z","last_seen":"2026-06-04T13:30:34.537116Z","times_seen":159,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-07T00:52:30.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\ncache-control: no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nexpires: Thu, 01 Jan 1970 00:00:00 GMT\r\ncdn-cache-control: no-store\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rgigTyYYSiLUbj8q6w0AOb2sSAp5n7HBeLvs%2B5K2tWDfwV%2FUCM3Cq0i%2FNuSa6GzkXaKfjnSddT6s3TMR4EXDK6XthEfWPyRBm5pcQh3bQA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9d859e2a2ddec272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":107952,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (862)","md5":"becdb747adfb803790efa740d83182b1","sha1":"fbf69e41bcd983f2d3d6baf98a2c08f6c7ff5c67","sha256":"c22bfd2b26a373b859470bfa8605548b12eb398cc14a9778ff2ec4ee22006f3b","sha512":"30689905330f635d231177e573c83387f08943ecc019ab54ca6565c8e1f6296ed82531ef2f696b7643d91ec5e9455c3b9c6c0d68655c5178dd31690abe30675e","ssdeep":"768:nOCMO4vdmYKDGAsgkYuYlLGEvu1p1wzqcd+FKfFz1q4BKHm/Y8HtSSQ/pAHw5x+1:nAgnLGEvuD1wzqcd+bmnHSFLf2mzxBm","tlshash":"a7b3866062f1167e205783e4bab2b72f6a58e397d61bd50cb2bc42d11f8bcc5cd53298","first_seen":"2026-03-03T14:41:54.892538Z","last_seen":"2026-04-18T14:19:22.247817Z","times_seen":20,"resource_available":true,"data":null}},"time_used":177,"timings":{"blocked":49,"dns":35,"connect":1,"send":0,"wait":80,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/pump1.svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:31.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/pump1.svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bCtx7LECHTdGSUkwGkrrgGcaUuIdwdOHVMcuW1fnXnlVT4Nd%2B8vpiDfwYbeRpXMbB%2BrkmRBYcmR0e%2FmVJy4LYSGhV0OByJp3nyHFJ6P8Pw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\netag: W/\"a5d-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1820\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e304e4e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7ac045d44726d3ecd7d70cc10fd98c72","sha1":"d3e2dbb1530f6a00a41c9467e977fb61048ed08d","sha256":"2c72b8e06bbd7be8823c2cce4bbe652ba7a36e35074b8a1b27fd668304816379","sha512":"488d3da62f6ba30a36f8bb106262c3342583a719402680e34ce6d99ba26db1aea5d14496d7427aa39544527a3d5f63a0030d6e32d48e4366e07aacd5db5d12a8","ssdeep":"","tlshash":"395171ff7b5448e5de86c2f8eb2a2adb782a24d97120464193d42f29780176c4d8ac93","first_seen":"2025-11-15T00:25:53.758655Z","last_seen":"2026-06-04T13:30:34.616376Z","times_seen":356,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:15 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e500f12723c-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"13ec753f0f7ac3f2e09cd8fb3d159fd6","sha1":"fb7c640e5ea1b3eb5af719aec31fe04a971c27db","sha256":"69c12f796a581c42a4dfedd57a615fdc0407867c0ab2577507c6afe5320d5b26","sha512":"79c55e8cc4ba19d93751be035f34ffea46704d06b08da0ee65a013c3bb40a7f3295156bc659db38df831457a65d53ed01bb79812b5903f66de13108d99c85e9a","ssdeep":"12288:WKLOlpdbVhOBbi61VlVP30w5qYO8DgLhC9bxl0zY6+wqzta5YpqXl5M0k+3uJH:WKS1/OBbi61/Vvx5qYONFC9VGM60S15M","tlshash":"b4f433f9941e38c2eb42b5617c2f12219dffb09b487f5fe24b40ba6a23dad4443d9458","first_seen":"2026-02-25T03:05:09.960469Z","last_seen":"2026-03-07T02:01:37.469286Z","times_seen":59,"resource_available":false,"data":null}},"time_used":399,"timings":{"blocked":50,"dns":6,"connect":5,"send":0,"wait":123,"receive":176,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/pump.png","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/pump.png HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"86e0-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 34528\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 1819\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9SkchzpkvxGkGOohsjR1jo%2FMjmndJL8I9eeiUvcBErvCjJsMn7pgEzr3PUu5fxdpTs%2BAOdNr1Xfn6pgbgAiIHVx0hf4ZOoqv3cl7ihIH1w%3D%3D\"}]}\r\ncf-ray: 9d859e2bad491525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34528,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 279 x 224, 8-bit/color RGBA, non-interlaced","md5":"9b86e948902cd59b1d7939679aef063f","sha1":"ae92e13dfbd9f970834222366b085d9ff0e2f370","sha256":"b7b44ca054c4d04171cddee9b9298807b137d5e50865c22194a965dfc59a5d3a","sha512":"c59789b9eeca0be001caa160d6f21351d0a2c6c566f381b1363fd2ebbeabe61fd1e5533c496ffa29a6a995a5eab40b51f7d809f024daeeeb392fdbab9faf4700","ssdeep":"768:vzYlGEgbY6HjWErvGK8t3SAZSjiPnUxy42ZemMsG38d3RgzEn:veSYiCErvGZdzZhtDg1sMI3eQn","tlshash":"44f2e1fbce13c6a5e5ab71add88dd4a2ca4c50d213ded85b4d0494b74c0bec0969cba1","first_seen":"2026-02-04T18:55:33.891763Z","last_seen":"2026-06-04T13:30:34.543318Z","times_seen":191,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/pump1.svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/pump1.svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1Ga2SoWeQjGFht6OSvzpp7u6ZbjlyXCjEes10sdSz1HcyVWL%2BvvyJc7KwByX%2BjxEr8diCfvAQ5YhpAfy9wqQqHOBTpzlZ2aUqOFOIzNOXA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"a5d-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1819\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bad481525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2653,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7ac045d44726d3ecd7d70cc10fd98c72","sha1":"d3e2dbb1530f6a00a41c9467e977fb61048ed08d","sha256":"2c72b8e06bbd7be8823c2cce4bbe652ba7a36e35074b8a1b27fd668304816379","sha512":"488d3da62f6ba30a36f8bb106262c3342583a719402680e34ce6d99ba26db1aea5d14496d7427aa39544527a3d5f63a0030d6e32d48e4366e07aacd5db5d12a8","ssdeep":"","tlshash":"395171ff7b5448e5de86c2f8eb2a2adb782a24d97120464193d42f29780176c4d8ac93","first_seen":"2025-11-15T00:25:53.758655Z","last_seen":"2026-06-04T13:30:34.616376Z","times_seen":356,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(7).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(7).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BAuo9YDPeceJhio6OfcV2XfWrAM5SZ49tAyIwntmFgdxof1lW23DvgfqbTAth67xSvWVAGZvyJ4vzrW7wzscBz61NSBpipvHJV3naLagbw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"2465-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1816\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd7d1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9317,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"36128d1dfcd0f2808035850a7e9c1ead","sha1":"eaa4a9dfc046e06d995933102422c12d3ab6ee7c","sha256":"b30755e2d4623214158899a31ed878aebfe10d8a14f1b262910ae228cb2132ce","sha512":"5ea566d15ae709b359fa9e1e61795a8b413d79c62a5ce76a1415e19f168a0553002fdb351fd1706899cdbc616645e969c47e45002937f712eeb7aa64802bd261","ssdeep":"96:PBkngBtDVaJvC4loRKQYo746FwpNuXrnX2IniEUsRboD7w7D0Gs2In04UsRbodCL:JknMxwagoB4U4ORiGR50GG0qRehM","tlshash":"ed12c7b09a34517c184383edcfb2c5a63b5fb0fe77990364b4b9c77170566d9d88a424","first_seen":"2026-03-03T14:41:54.837411Z","last_seen":"2026-06-01T09:54:50.035433Z","times_seen":60,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:06:40 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e51485e8deb-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1572864,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"c7f02284ef4c6c534add4f4cf923bd2e","sha1":"a8a1b5efc7188d57767b8c10dd21a5bdaba1aa4d","sha256":"ec27d89fbe8d16080062e2d897533f7eb588857b3955dfd53a7d5d240121bc2a","sha512":"7821407b7deebbbd4ded8b8d19129e39ca67ca223f89605a6491de9e2b3344d9b3598bf0561f71ee60690509852fe5534812d49fd9e4caa5953bc2035f08b73b","ssdeep":"24576:bDYQNB1s7x5nT9wysI0jlfn8CUBJRzdUkkIrCfh2SA8RMT0Y:bDYCBsTqTjl0TBLWLZ2SA840Y","tlshash":"0925336db03d9653ebaf30223e5a13c0aedb901c8dbd3e213384ad21875b5ed1d6865d","first_seen":"2026-03-07T00:53:06.700379Z","last_seen":"2026-06-01T09:54:50.069305Z","times_seen":64,"resource_available":false,"data":null}},"time_used":434,"timings":{"blocked":202,"dns":0,"connect":11,"send":0,"wait":136,"receive":49,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(5).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(5).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pcibplpnFMsIZwokeUqQN5IAekfHG0bLUU2c630MeZwZRXk%2FivtQzrwVkutec4oAPjU1J%2FXNbFfX6Cuyxt4xI1DuctcaGXHYcC5Mms%2B3gA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"1533-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1816\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd761525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5427,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"8df10ace31e9fdbbb04c1edca130f2a9","sha1":"502dfe5ea588c428f0c945a2b716a24cb1cfa9d7","sha256":"ecd386b7226ef5af3d5481cc02660665cb55b4fd976b012daec2ef8954f26291","sha512":"c0c94bf6406b5ba7f9031071eb927d60ca8719b5a359a40520865c7faa3bc930ff276cab07295f25a7820750d7749c18f2bc7f71037aec929b4058eea913c357","ssdeep":"96:PBkngBn04KOvge4uJ/++cyfnDlnRzv45IL80+EHcz:Jkna049XTfne+S","tlshash":"ccb1c872962812ac2c0343fccfe195e6272f61eeba990694f579c772f0039ede946458","first_seen":"2026-03-03T14:41:54.919996Z","last_seen":"2026-06-01T09:54:50.106614Z","times_seen":60,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(8).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(8).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uYeUZU6ohRJ1yoisOgDXNFZ6KdVSZGRjpQ7X5IdYK1bbJTaoQ%2Bv9m9lXJHUp0zvMzYtHRrps5%2FDr5J2HbG%2FdWozQNNkVi44EOEOhEyXSUQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"192d-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd7e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6445,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0ea9a4bfe98bab82267132825543a883","sha1":"53b466669a49ae73ba8fd625eb34da5e8f96480c","sha256":"ce957be782aee1cad31241a0234e065c0cb1ca410174a1003629d9bfa817612b","sha512":"a1f72dc230629929d1ab21ae1bb9f42b799fe4e1a6500c40b2e3272e431cff1728e09a6f53e33a8653d106d9b17e7bfc1e91aa0a551e13f97180a4c563827cab","ssdeep":"96:PBkngBDDDUqQgIsbNigNWGuge4uJO82nDlnRzv45IL80+EHcn:JknqPWgI828ne+6","tlshash":"a2d1a5619b1846dc2a03c7eccff1e0b2272fa0eeb69a07d4f169c731b4039d9d44a458","first_seen":"2026-03-03T14:41:54.908502Z","last_seen":"2026-06-01T09:54:50.023682Z","times_seen":56,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(12).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(12).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lZVl1I0LPyTE%2BbzXQtXhRChfN0DCeTBvaBRM6WkJwZpjVPohyEhOWN3SPeqJP7fMhdj2mb9OcwvbHg9qLf2T7yJ7%2FJ5eIVBCzlo%2BInUkSw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"2e26-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1816\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd811525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11814,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e01eab0a05ccff2b784348d95cd78eb6","sha1":"99bf4164a44f276be81e2b6bc772e220eeda1a93","sha256":"d8608c68cb067935374b966f903687ac6b0d83eeb8dddf473273ce609d47de07","sha512":"668b1acfc4d450ace89d12763efdca0a837f68b7c197e112af91367d2136aea505a7fd50752f61eea3cc466f0eb6bf732a4566448f914aa74180613005e910c2","ssdeep":"192:Jkn7XCZxSp+rOxJGmNDDbW+eDT8yA2yVl6hVDI/J:yn7SMDNXpg9DhVDIB","tlshash":"ef32a3f45a1812ac288347b8cf6990f1331f64feb78942d479fec7b0b4439a6d943928","first_seen":"2026-03-03T14:41:54.927589Z","last_seen":"2026-06-01T09:54:50.048631Z","times_seen":51,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTeka-Light.woff2","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTeka-Light.woff2 HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 42308\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4198\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\netag: \"5e30cfcb50ec25f79fffffaac2364f7d\"\r\nlast-modified: Wed, 13 Aug 2025 15:26:01 GMT\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2f3c341ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42308,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 42308, version 1.0","md5":"5e30cfcb50ec25f79fffffaac2364f7d","sha1":"76653a388d2ae80ba98b047a9fa20e02ec460eb0","sha256":"1a42c3e5b778748710613a6f6bd648758d2d8ee02f467d3432ebc36f82b54f84","sha512":"c8c6145cfbaec98627143b7a01df0ee5b215e35b0a3afd1594eff09432eef419b3367006d53ffeafdd19f6a25b4892d15461d055a64c213e3330c1f99e189fbb","ssdeep":"768:TDMkmH7mSCRTgwe651Yt9/+KBR6RGrowfrR0szvT83n0/JhHmR:HdmH7w/e65e9XmRGrRfrR0sbT8inmR","tlshash":"b713f2f61a673ecc22be9e1c16834dd9ad85737d4ad23f1074b8b0c2c27c68968da611","first_seen":"2025-09-26T22:05:13.131598Z","last_seen":"2026-06-07T23:41:51.487124Z","times_seen":324,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":95,"dns":10,"connect":2,"send":0,"wait":18,"receive":1,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/api/v2/handshake","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 07 Mar 2026 00:52:36 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HOhLkbo55l%2FyvnDAlFfZ%2FB2jtSPCvB7I8OK8J1vjEk1uTTP2LvxPVC3zNjCq2Cl9WjRk0Y%2BJTh%2FNih6QAGfEz7Us36u6FjSQJknmUzfG1Q%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d859e4f2b6a1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":277,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"5838dd40f035bde298bd69e3fad817d7","sha1":"46a92b45aad035a02fbb32e4c967feac3dfac065","sha256":"cf482f280cf1270d95055cec2f05e1d8e0c904a27f86a2483e0b86e2bc96bae0","sha512":"0d9ad5b1a271dc1ba415b4416faf981b15d0ac881d22214d2baeec4f37fdd2b876a6465ec21fad880f7a9780ca917f0c7114b33b5c13a4d84005852607853242","ssdeep":"","tlshash":"93d02bde5083a2874912146039c225c2264d12f6a43b42a83d86e48757a8d3ecddb69d","first_seen":"2026-03-07T00:53:06.694556Z","last_seen":"2026-03-07T00:54:55.546602Z","times_seen":2,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/index-DHNhIdoO.css","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.680Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/index-DHNhIdoO.css HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"a2db-64c1ce4ff5d40-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncontent-length: 7726\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: text/css\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HJHqi9oOXVlstGdQfGnH3uYnAZkCm2wmUPeEkYAxE2hUl7XpDwra3zp4NH5SwQzS0RTcYTV2TLritXBSxk3OGM%2FtQrqrlRz5YULg7J9T9w%3D%3D\"}]}\r\ncf-ray: 9d859e2bad471525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41691,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41690)","md5":"0e01ec2018adaf2b297a25d41d33ca4e","sha1":"a039c5b4744de23755df3ff3f160b396e48e2d9e","sha256":"64ab960eb76bad09340289487ba6f8ab727cabca48a0f6c66f34874d9d9ee498","sha512":"65758d170c9dbc6f424c55c0d6ebbfcdb2f5af8e584cc9720c5c623b17f6f44341a6830995f713c471b8836bddde8b30b68c5222e689320effa908094e60a33d","ssdeep":"384:koq1opvhcIt49Q9dMbE9c56HjH7kTF/y/5r5f5GexOQU0jqv:nq1opvhcIt49Q9+CPr5f5GKPqv","tlshash":"7f134f2d6a14403f7c6790f5d2d8ba9df21bb0c1df3a9aeabd8211115bd23f61ca7604","first_seen":"2026-03-03T14:41:54.879222Z","last_seen":"2026-06-04T13:30:34.589058Z","times_seen":157,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.437Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:07:07 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e51f877c272-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":376427,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"fd8bfa4e9d9d3688d240bb420cf030a1","sha1":"e533232633fce23e627a63cab1d4b7678643f7f0","sha256":"4ab81105d58fecbd81c78e359dfd78a673176251c2712f2e4158fcb5de72c6b6","sha512":"82ddb8f361076ad91f07814056f48d3647c6cab2a0457ed06c08f540225b78dbc82f580880a2f0ea1c63809ea6aeeaf4fb8f61af7fcb7144735a220db188a5de","ssdeep":"6144:bfw++FELEn9n81uoNI/ssN2OlwXVAQ0Glh/tNEkF/G7PYiyeM89tvXXTRCWBO7oU:bw+YEyoNI/qVAQPiktG7xzVnTRZQ7h","tlshash":"d78423bde03d2b168daa1425214927e12ee3d1795cbe7c335344dc6d8b978be2dc488d","first_seen":"2026-03-07T00:53:06.704733Z","last_seen":"2026-03-07T00:53:06.704733Z","times_seen":1,"resource_available":false,"data":null}},"time_used":498,"timings":{"blocked":338,"dns":0,"connect":3,"send":0,"wait":130,"receive":12,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/test2.png","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/test2.png HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"1e2d6-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 123606\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FzLhOcIdIgkkx7Elx63IoGGuy%2FnrI2k9SNWonKU%2FRJCzFfRWG0ElcArVSikx35r1bT5fBs%2BRC4Mb4euJiXlR3VUfoBO4D3z5tf0FcfOALQ%3D%3D\"}]}\r\ncf-ray: 9d859e2bad601525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":123606,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 513 x 288, 8-bit/color RGBA, non-interlaced","md5":"5b268b59a7ec8a34180e24d3e7ef9387","sha1":"3019ae3aeaf4c4eebe8e261c57894f1a6309bb1c","sha256":"ee8c2dfea7112fa4eea9fec1500268b0f4ea3902c5da8a7d1d5505413f706f51","sha512":"172f886359ed2fcf5b449e43b5f0881c1ab3a7d404a5e3be5ee8c695986b2648d834b69d0b54f55583d0e60deb5a8971aceded086124cf7a6d981f71a66f6823","ssdeep":"3072:2D3VW7DXf8fVcnArfigfgmB17WRRiTo16HV526eHV:6gPXkmnKXiGdHL26oV","tlshash":"9dc312cac17801c7eac5357427dd344ee8acb5271545be730d12e3dd14b2c946abbe2a","first_seen":"2026-03-03T14:41:54.857487Z","last_seen":"2026-06-04T13:30:34.613507Z","times_seen":159,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(4).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(4).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lB83LxcZkXL2VQuq2kFLM%2BRvdG1JUURXkPYdc5FTbKss33uzDWM1twC6UvdS7KZ9FMdVEBwYk6NfKMspqYyPxlDpDF3rDTboyo7mri0WRw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"225a-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd751525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8794,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f1841905888f62c235661d78760febb1","sha1":"49e58275ca26269153c9f662bf2cb2d5cad258f5","sha256":"eef064451293aa9729c8625e4c509e4e055427dd8d9c1f284d028867c254b086","sha512":"29ad1c263ab819f383b4a6b9c3df545cec38822da698425c04c7e2ccce868e3841103481a42e45961f9b5a4246d767bdb20e134e1facf59f9dd316f648ac66f3","ssdeep":"192:Jkn248QSIP036BvW6LHEkCoZHhiGLA0qLH:ynaQSatHEkCoZHhiGE0qL","tlshash":"8202b6a19710627c294387fdcf7184a53b1fa0fe7b9a13a4f5b9c771b052ae9c885424","first_seen":"2026-03-03T14:41:54.955615Z","last_seen":"2026-06-01T09:54:50.009628Z","times_seen":60,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTeka-Medium.woff2","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTeka-Medium.woff2 HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 42388\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4198\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\netag: \"b4654ab0ae548e33ee07aa61dcffc61a\"\r\nlast-modified: Wed, 13 Aug 2025 13:41:58 GMT\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2f3c3a1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42388,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 42388, version 1.0","md5":"b4654ab0ae548e33ee07aa61dcffc61a","sha1":"a76a9e6e214dbb1442d49384ddc04ab15f646f8c","sha256":"72b1a6bb274ab9bec5b0c7ffa3294d57aeb40e5e1ddcd636608f7b303a5a188a","sha512":"b4c066a098813b2c9ece27477bea99378b5e228b466c19175a01f75a324f3a28d8003b50ac4202263774492d90c7c32f3911987b79816eec3e86f146a4c703ce","ssdeep":"768:lvEK+O85aFN+GawIrhD6BC07w+/m29yWiaZMPhpEqAJhxyCd9/xk7VremoV:qK+O2aD8hD6BC07w+xqPEtJhxyCdxxks","tlshash":"2313e002c08249d79ed6913b3232aa1b3ab1b6d8d634e5fc42349df824e6c1f989d324","first_seen":"2025-09-26T22:05:13.166396Z","last_seen":"2026-06-07T23:41:51.449745Z","times_seen":363,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":104,"dns":14,"connect":2,"send":0,"wait":15,"receive":3,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTeka-Light.woff","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTeka-Light.woff HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: application/font-woff\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4198\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nvary: Origin, Accept-Encoding\r\nlast-modified: Wed, 13 Aug 2025 13:41:57 GMT\r\netag: W/\"c8b441e434443e5317dbd52ced7d2e6c\"\r\ncontent-encoding: br\r\ncf-ray: 9d859e2f4c431ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60472,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 60472, version 0.0","md5":"c8b441e434443e5317dbd52ced7d2e6c","sha1":"8b6f5b0e3d541db54c76c47c931195ceb9026d6e","sha256":"88a2ae5e48febe008bb609679f0aed5928f67812ea621baf377d457fd589ad96","sha512":"0561615f9ee8e935c10b44a10e0a0ea1924920e85da08517753bcf6e79727e5e6220ffcf596ed0a2a98b54dce5aec96a4fd264cfb41919710e4becf24270da3a","ssdeep":"1536:0VyKJVaNbn9d4u3jnVnbFdKs0UggxNSlIyq:0VrQ5ImNH0YgIyq","tlshash":"494301603958ccc8bc96eaf95b2da37d393e322941661401cc8dfdc296a71d7dd4a24d","first_seen":"2025-09-26T22:05:13.226599Z","last_seen":"2026-06-07T23:41:51.450749Z","times_seen":324,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":104,"dns":13,"connect":3,"send":0,"wait":11,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:28:10 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e500b78b1b8-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"77c8cf44927733853063e12a9c919838","sha1":"e753f4fab619a4ad9c7e362f7dbca7d28c6af569","sha256":"0a412e42c896359759d6f578d9439fdfa66c8387c55de84440861ea71f463e59","sha512":"23e51c246c2f5f89fb1e53fad2bbba306a23f2a5d708b1b58dd8b8a60a382c9e38d475a7b57e90d617d2f87524659ca3c63da65c0248367925c1f5ab8bb570c6","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxiVUSmj3+SSB9WV:avufiMHLszpYKMLHl4XSjC3h+s","tlshash":"8ff423e9846d4c8222510261295a753c2053b03eddf7bc39b1acdf9dc69ee3e8ce91e5","first_seen":"2026-02-25T03:05:09.958112Z","last_seen":"2026-03-07T02:01:37.50279Z","times_seen":62,"resource_available":false,"data":null}},"time_used":431,"timings":{"blocked":50,"dns":7,"connect":1,"send":0,"wait":151,"receive":181,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/index-tIMRj9oK.js","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/index-tIMRj9oK.js HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=61qP8tFGFlfJQROPakeF4FUOxToCSw7ULJBEF7uBdWWQDk06XHHoIFRxiCVxv3bE5mlLfOpUUE5l4fL2YYe7CVdi%2BIPAClDJjjoFWjISBQ%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d859e2bad461525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T10:34:26.034599Z","times_seen":16237034,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:26 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e4ffa613181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"eeebcd74061a9dcd7dfad338ebe1d46a","sha1":"23148fe8cd0cfe6b4379103d03dabde517e9bfd9","sha256":"631978ce1c77fdc8360949130dc08a761d8a5cbf0b87875b7b1556706cabc068","sha512":"e151fd7805ccbf649173ed454739604bbb31cbd0daa1dbf057454363c74532c9a5c2310e516f087f21ef09e5cd7de46e91d67e01815274b82573caae494eff45","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tSKnXb:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVr","tlshash":"41f4233ac26c0681a9a500112e6526604c337cbc54feea3383eddf3adb5b92d6da5295","first_seen":"2026-02-25T03:05:09.955526Z","last_seen":"2026-03-07T02:01:37.494267Z","times_seen":63,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":48,"dns":3,"connect":1,"send":0,"wait":119,"receive":45,"ssl":46},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:30 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e500ffd1a30-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"13ec753f0f7ac3f2e09cd8fb3d159fd6","sha1":"fb7c640e5ea1b3eb5af719aec31fe04a971c27db","sha256":"69c12f796a581c42a4dfedd57a615fdc0407867c0ab2577507c6afe5320d5b26","sha512":"79c55e8cc4ba19d93751be035f34ffea46704d06b08da0ee65a013c3bb40a7f3295156bc659db38df831457a65d53ed01bb79812b5903f66de13108d99c85e9a","ssdeep":"12288:WKLOlpdbVhOBbi61VlVP30w5qYO8DgLhC9bxl0zY6+wqzta5YpqXl5M0k+3uJH:WKS1/OBbi61/Vvx5qYONFC9VGM60S15M","tlshash":"b4f433f9941e38c2eb42b5617c2f12219dffb09b487f5fe24b40ba6a23dad4443d9458","first_seen":"2026-02-25T03:05:09.960469Z","last_seen":"2026-03-07T02:01:37.469286Z","times_seen":59,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":50,"dns":6,"connect":4,"send":0,"wait":149,"receive":177,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/api/v2/handshake","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:32.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 07 Mar 2026 00:52:32 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BTbUOuM9A%2Ftu086CUlMRu3Qbg62tZmini4G9Dq2nvQJ7a02pb1DLaGY8XD2j6z5HwD9XfbvW24hq2OpUeGYgKkSGLfjcoluGuZ67J6j9Fg%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d859e352f251525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":277,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"5838dd40f035bde298bd69e3fad817d7","sha1":"46a92b45aad035a02fbb32e4c967feac3dfac065","sha256":"cf482f280cf1270d95055cec2f05e1d8e0c904a27f86a2483e0b86e2bc96bae0","sha512":"0d9ad5b1a271dc1ba415b4416faf981b15d0ac881d22214d2baeec4f37fdd2b876a6465ec21fad880f7a9780ca917f0c7114b33b5c13a4d84005852607853242","ssdeep":"","tlshash":"93d02bde5083a2874912146039c225c2264d12f6a43b42a83d86e48757a8d3ecddb69d","first_seen":"2026-03-07T00:53:06.694556Z","last_seen":"2026-03-07T00:54:55.546602Z","times_seen":2,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(1).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(1).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZzICJGcVIlwIsb10rw1iU2HsQ%2BdgOWsy54FPGsqrLL2DAEdSBmrNaJgmapAeJa2dn%2BJVe%2BgQtR7beenAs5X82BhSgqq5nqnsD%2FiszHn%2BUQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"16a7-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd6e1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5799,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b34f5db2d6d7bbf90a1b9c4fd60191ba","sha1":"6627eebe6eac5bc0ced992f0e2a78b96fdd38604","sha256":"91a1498536566bee7729167e86b57d11a3b093913f7c6e339d87cde4aa73a1f2","sha512":"5247ff8d395a146dfd7385eca9acc235289b0b23b0e3dd630a73b19a36a4d40d03dc3e8ea7e19079435594af0e32fe4b5d60f4b1a4bebbc892e61594f0395514","ssdeep":"96:PBkngBDJKFeuGQGMtj8UUeKIEtRMugWxEuwx92SnHUhbTCPe:JknqJKmQHtGRf9waSHmbTf","tlshash":"59c194b25b18103c250347e8ceb7a5a2372fa0feb6ca46d4b57ec771b4436d9d983848","first_seen":"2026-03-03T14:41:54.844414Z","last_seen":"2026-06-01T09:54:50.056915Z","times_seen":59,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/test1.png","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/test1.png HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"1ea70-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 125552\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\nage: 1819\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FgsPuDPW6yl2QO6RtUBDq6pelODsgbGuikiKEVd1sUzeICJ9bUgU5qDB7snxPcYOME33jWM3SZFJRQtykOA%2BR3LQnscnnYqtYluuwdD%2Fug%3D%3D\"}]}\r\ncf-ray: 9d859e2bad5d1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":125552,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 519 x 290, 8-bit/color RGBA, non-interlaced","md5":"40f44c8a0cccb59c327488c2a6e3e947","sha1":"a4b0d1135013f98cc9d8ef2e74bc45d719431151","sha256":"2ef826540ac79ddf96473ef9983d125c4408cd86679e69f87fbaad7f0dd86f53","sha512":"67502fec78997dd074c6e95ab89efea9b2bcb8c7fa85515637e273217c876cdee1dbc5f24102bd70de82250304dbf9c2b61a4bf4e53c98cef31242cfca46c2c1","ssdeep":"3072:14DWdhorBfFsWOKvGRRcqAJjpfsdK3DnLPp5:mWd92icRjp0daDnLB5","tlshash":"c9c312a5e13d19f46e78b03548643cd3f868e8684a7a7864287783f75f26c805be6d3c","first_seen":"2026-03-03T14:41:54.841381Z","last_seen":"2026-06-04T13:30:34.505852Z","times_seen":159,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(11).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.702Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(11).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nnQe6N5M%2Bg6TyUWJNZU4Y%2B9Q8I8Sff1DnNX%2FnhiOxSHfHTbPjQLuLD1E0QFx6MdBTWZw8I5udh%2F0n3A%2FsOPB27Ic2BwU8gLGJ%2FAkAegn5A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"13c0-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd821525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5056,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1e82693281c6a6f7dc5d6abbb61b22e8","sha1":"7602df82ec430491d58f16270cc5722c49eabd5e","sha256":"22e13af1b7d973794032a0cc5c9bcabe543c661480226c3138a4a361834268b2","sha512":"0af525763826cc4d5efadde4d7042dda22ca72cc2e462fd8212641eaeaf850138ad4366fb1fa0a0d0d06526f4255b0cfd13ff1b45b0c8076522af43e3b6165da","ssdeep":"48:Cq1n8UknGc8oi8I26/gu4Ae3V0gdHp++vOvsB18qNdnbNdaV7bCCVv88vy2OdV4o:PBkngBDel1QgL8ybIHBnwh9zJ","tlshash":"09a1a6b2971851ac2e0247fdcff4b062a72fa0feb5944788b86cc7b174525bad44f918","first_seen":"2026-03-03T14:41:54.938519Z","last_seen":"2026-06-01T09:54:50.020059Z","times_seen":51,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTeka-Regular.woff2","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTeka-Regular.woff2 HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 42188\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4198\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\netag: \"a918aa94460a2a95ccfffcf7224df6e4\"\r\nlast-modified: Wed, 13 Aug 2025 15:27:31 GMT\r\nvary: Origin, Accept-Encoding\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2f3c2f1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42188,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 42188, version 1.0","md5":"a918aa94460a2a95ccfffcf7224df6e4","sha1":"9c690a4d67ca4f8fa4295524af06b4d061f8c8f0","sha256":"1491e6d9a713e703891bb7cff67f2f785c9616df0b81504a37be6c15a4706bc3","sha512":"7859869f84323541884bd97b25c2a8bb60af834457f17ef41ac12669fce15e442a5212acbc00a4f28fd6eb7bd2ea148f45de3b7195edc4b4f066f0a4e541fb39","ssdeep":"768:oIKoK4lzWnuGeZ660HRzqx1V13F3Eej9qtLzoq9Yps4me3Jw/GW6Pf:xKD+yu63ZqLV1V3ut/ENkGW6n","tlshash":"1c13f1a0590670217d2f91784a67d8cfbcb0b47e1e4a774f6c7cab5c0930916fcae585","first_seen":"2025-09-26T22:05:13.153365Z","last_seen":"2026-06-07T23:41:51.474802Z","times_seen":361,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":95,"dns":10,"connect":2,"send":0,"wait":13,"receive":3,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/api/v2/handshake","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:34.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 07 Mar 2026 00:52:34 GMT\r\nserver: cloudflare\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dvOTrLZjI7HNjyNq4ho08ciXn5A2rgTEp8%2FxsQXbNyLY2V5wARKUsaUMLOUjfebwXSTztYARRXrnJfnRCbqIh2RInBrTEYZ0kbtp95ggBw%3D%3D\"}]}\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=iso-8859-1\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9d859e4268fb1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":277,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"5838dd40f035bde298bd69e3fad817d7","sha1":"46a92b45aad035a02fbb32e4c967feac3dfac065","sha256":"cf482f280cf1270d95055cec2f05e1d8e0c904a27f86a2483e0b86e2bc96bae0","sha512":"0d9ad5b1a271dc1ba415b4416faf981b15d0ac881d22214d2baeec4f37fdd2b876a6465ec21fad880f7a9780ca917f0c7114b33b5c13a4d84005852607853242","ssdeep":"","tlshash":"93d02bde5083a2874912146039c225c2264d12f6a43b42a83d86e48757a8d3ecddb69d","first_seen":"2026-03-07T00:53:06.694556Z","last_seen":"2026-03-07T00:54:55.546602Z","times_seen":2,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(2).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(2).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tDXyJYhac4v7j0bJKLqAv1%2BNigx0QAXp1ndHoXFduLZble50NBZ3GnmdvzDJXWHJ4OfpU2XcPqie8SG%2BK0%2FpVusTbf1RuFQM82g73I%2BY6g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"1381-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd731525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4993,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"93033a35a53a18e395cc861575b9295f","sha1":"0775ae13f1815ca235ca586b0c2b9c53e2449559","sha256":"2fdd1b66e3c5ee6a7016ff00a4d2d2c61907f2bc8830b16ddfacb30c093136e1","sha512":"813f1a08b8f6d8a0b2c02f6908cb051f0c29a77cb2cde91bbb00d862229f6859fe3e9d2b38c214debdf99751d314fbf54a0de3d3899db04202e259e78ca123cb","ssdeep":"96:PBkngBtXbZQWEge4uJv8UUk6Fwp8OBrfrZU:JknMXbZuXU0tZU","tlshash":"65a1a752596c116c240387fdcbeae0a1233fa0fe75550eb1b9acc773b4075aee847898","first_seen":"2026-03-03T14:41:54.798497Z","last_seen":"2026-06-01T09:54:50.004784Z","times_seen":60,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(10).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(10).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DwMy0aZ2Y1AqFjoaEBb%2Fy7M3Xx4GphTzBjwZEE54%2BIrUkDp0ib%2B2FD02tuiMh5TbJTw33p9R41l0O8i4dt%2F5%2FBRKlJU6nSJj%2FgL2yQYWKw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"e51-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd801525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3665,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"71cf6bfb417699ecd38e939bd9b27d6e","sha1":"2ca023f1cfef9030fcd133ad31510c330b6baf00","sha256":"430835008581dc43f761ed5d9ec3d0a4506f489f575dac51e5fd06bcb6acb3af","sha512":"4e49a74324f22c35059dc60c2e7996aedd19083b333564bc5b5bb9aba7182ac4648195bd54fc85b38f51935a3f1c5b9aa0aa9a8d348a43bca9e5fcc2a920e26a","ssdeep":"","tlshash":"657175a2b908117c181307f9cbf6d9f6232f61ef34c206a5f9ac8772b016657e94b448","first_seen":"2026-03-03T14:41:54.957301Z","last_seen":"2026-06-01T09:54:50.108273Z","times_seen":54,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/128x128","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/128x128 HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"5c7-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 1479\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HQpZiyel7oqGgLQR03NgOov8mNasNReC3Ecj01oRAt4Rtm9enLyfArWD0HlIIFbqZ0oOX1ivzEbT2ICgSfM6oIxUVhnnxx2UB731E2FBaw%3D%3D\"}]}\r\ncf-ray: 9d859e2bad4a1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1479,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 128x128, components 3","md5":"ecc862f9550a8502e56961092f5f287b","sha1":"bcde81da377b3cc60bbd75a4e11bb212f831e388","sha256":"ba83e4cb90d103b876d0cc659a717bcd0c83d37013dd0c5443c14eed45c18219","sha512":"e5143ad74d9e3b2ca9ac5fa1d08c8c20dea63bcd6d86944709d9a777500bc0ed78441cf54934e3ac6f90bae4686f71e3e3999cbaf0cf04742fd73daf8ed0f6e7","ssdeep":"","tlshash":"b131a417d716c7b8e84997b14ade271c278dadea5190d9e9739cf4e6a4a00dc1b88308","first_seen":"2026-03-03T14:41:54.933564Z","last_seen":"2026-06-01T09:54:50.051284Z","times_seen":47,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(3).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(3).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HrQvhy0f44j5oSorcxMvb8rM6GZLwbdoqmm0KiBBSX6pho288L22C6WNrxikWuuFf%2BQXTa1pSF8YeMkeJVXtfSuyORwv8a0JbSYPCLbdBQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"1ce5-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd741525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7397,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b924fb80999557d555a20275262237fd","sha1":"2ce759dd62b7fd4cf2311920d934aea393f20097","sha256":"68c457f6d0259bbc998407fb2b250a3ed25a60fa8b808b6504df536acb046978","sha512":"05c2e4f93b6152c9eac023c43754bf6171b404c3b666ab1e83da882ee56114f57eca2c32273982febffd1f365151565c919599852519a2ad998b5e617b885b18","ssdeep":"96:PBkngBGD8na5WEWWLYtUPwTdZ3xdZMMyZqSRF2kIki748jkl4mSxdZdKyB:JknT4meFtxxUUKF21ki7LFmtyB","tlshash":"7ce195a2861042bc2d4383accfb291a1371f60eef75a43ecf5b2c371b05a5e5ea45d58","first_seen":"2026-03-03T14:41:54.784173Z","last_seen":"2026-06-01T09:54:50.038484Z","times_seen":60,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/logo.png","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:31.081Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/logo.png HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\netag: \"7d7e-64c1ce4ff5d40\"\r\naccept-ranges: bytes\r\npriority: u=4,i=?0\r\ncontent-length: 32126\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-type: image/png\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W52sFg%2BndpHIHN4UvyQGNDnhz8eOC4Bbprlx3De58hZ%2BkYnE%2F10ucFtOyB2xPD7KsaJP9C%2FWElxa1Q0cZweiAxfkQ%2FdJn%2BBQhf9C3ch2tg%3D%3D\"}]}\r\ncf-ray: 9d859e2e0ddd1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32126,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"0336be6feeb4e1d02cc0efca4dc35514","sha1":"2aa6de95ab67da70eaeba513053992c83cfe767c","sha256":"943c48e760ec717f55363835067d501ff4bd6825a29732a18955e141ba536602","sha512":"b3e1d8faa48cc19bb6a8f008a7254e6d988101585595a34848c4592c2126eb45b6ab1892c320af92c89a35e3e16a1b1e910cba7e7fb8c41d37ca436d24084556","ssdeep":"768:WlIJYLr4t4Ecde1XDx+6ofPEkLPF3PGqqy6fpXwj:WlIJYO4E9F+6xkL93+qQ2","tlshash":"65e2ae2ec86ed8646316caa07bfd0fd70c09d2385424b3e62414fdd646a5cd0b9b5efa","first_seen":"2023-11-14T06:42:50Z","last_seen":"2026-06-04T13:30:34.520982Z","times_seen":693,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.reown.com/KHTeka-Regular.woff","fqdn":"fonts.reown.com","domain":"reown.com","tld":"com"},"ip":{"addr":"104.20.46.121","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:31.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"84d97dd5.sni.cloudflaressl.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 07 Feb 2026 00:15:03 GMT","end":"Fri, 08 May 2026 01:14:56 GMT"},"fingerprint":{"sha1":"45:9E:64:A7:5F:5D:4A:08:84:41:1C:19:61:0C:8E:F9:07:F9:39:0A","sha256":"BE:61:71:F6:DB:D0:2F:10:BE:6D:F9:49:68:D6:02:00:7F:0F:E6:E2:EA:25:7E:B2:B4:99:56:B9:98:A3:C0:13"}}},"request":{"raw":"GET /KHTeka-Regular.woff HTTP/1.1\r\nHost: fonts.reown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:31 GMT\r\ncontent-type: application/font-woff\r\ncache-control: public, max-age=31536000, immutable\r\nage: 4199\r\nserver: cloudflare\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nvary: Origin, Accept-Encoding\r\nlast-modified: Wed, 13 Aug 2025 13:41:58 GMT\r\netag: W/\"f68d2c4950f0ddadd8e09e104ec4e425\"\r\ncontent-encoding: br\r\ncf-ray: 9d859e2f5c4f1ae6-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":60140,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 60140, version 0.0","md5":"f68d2c4950f0ddadd8e09e104ec4e425","sha1":"a776262129e9223ef9b786f44d8718f32bc7529c","sha256":"adc78a8fe0174e7e1f6d4b4a267f1e2f1742088923635f36acc4eae42f953c1e","sha512":"390be30d7fb7b01e15d8a7c4e4412ac8507fb07a88ae04ae418f4d288bef57cf9a7db4a66c44fc4df738b6a58b59b66a57cfbb00c8d2d0b32984bdd5659531a2","ssdeep":"1536:kXpFvtCoQwH0kJLLpdNUTaa0TdlDz1mzltKA:Qp3RSwDHA","tlshash":"594302bc5a0243cad09991c5cc4c6d0d6f8c379597bea20bc6723b9a1523ba937bf584","first_seen":"2025-09-26T22:05:13.170618Z","last_seen":"2026-06-07T23:41:51.458704Z","times_seen":324,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":116,"dns":14,"connect":3,"send":0,"wait":10,"receive":0,"ssl":87},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/assets/demo.html","date":"2026-03-07T00:52:36.421Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://xn--pnp-8na.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sat, 07 Mar 2026 00:52:36 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:18 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d859e4fff958be6-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"eeebcd74061a9dcd7dfad338ebe1d46a","sha1":"23148fe8cd0cfe6b4379103d03dabde517e9bfd9","sha256":"631978ce1c77fdc8360949130dc08a761d8a5cbf0b87875b7b1556706cabc068","sha512":"e151fd7805ccbf649173ed454739604bbb31cbd0daa1dbf057454363c74532c9a5c2310e516f087f21ef09e5cd7de46e91d67e01815274b82573caae494eff45","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tSKnXb:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVr","tlshash":"41f4233ac26c0681a9a500112e6526604c337cbc54feea3383eddf3adb5b92d6da5295","first_seen":"2026-02-25T03:05:09.955526Z","last_seen":"2026-03-07T02:01:37.494267Z","times_seen":63,"resource_available":false,"data":null}},"time_used":407,"timings":{"blocked":51,"dns":1,"connect":1,"send":0,"wait":135,"receive":168,"ssl":48},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-07","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"xn--pnp-8na.fun/assets/avatar(6).svg","fqdn":"xn--pnp-8na.fun","domain":"xn--pnp-8na.fun","tld":"fun"},"ip":{"addr":"172.67.191.196","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xn--pnp-8na.fun/","date":"2026-03-07T00:52:30.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xn--pnp-8na.fun","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 12:43:51 GMT","end":"Tue, 02 Jun 2026 12:43:50 GMT"},"fingerprint":{"sha1":"31:18:CD:80:43:E8:D7:84:56:47:DF:DB:B5:3A:E0:B4:E8:21:58:EE","sha256":"62:F7:7F:F8:0A:F3:90:35:DD:3F:6B:51:BB:60:7F:10:2B:8D:D7:49:34:40:C7:0E:95:FB:82:B5:C5:5B:41:45"}}},"request":{"raw":"GET /assets/avatar(6).svg HTTP/1.1\r\nHost: xn--pnp-8na.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xn--pnp-8na.fun/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 07 Mar 2026 00:52:30 GMT\r\nserver: cloudflare\r\nlast-modified: Tue, 03 Mar 2026 11:20:45 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7lnHwltaUCfzAbrJmC9D6h3cACGuqxixMWP0UuqWSNOY%2BhnFaYt01HWXx9u29mpvXPmn%2F60ZHjQB9ake3xAE4rPLnqtIM8GuAOGBz2Liag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\netag: W/\"12f7-64c1ce4ff5d40\"\r\ncontent-encoding: br\r\ncontent-type: image/svg+xml\r\nage: 1817\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncf-ray: 9d859e2bbd771525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4855,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a9f044a906d168b213e7e73ee37db973","sha1":"6948c448395dd2ef74b04ab91a1bdb74e1b04ee9","sha256":"975fb77e516bfeaad1aa3fe1150ef151672629aff5c1d2cf3f7a77da9aed3305","sha512":"ab7a54a39fc96f871e58df6abd9d5ad63b550b7f9b256de71f30bd268f60aafb8f77e14b9dc7e86d87327d77236e0b7512249da12d60d9e997958c8b7e58f1e5","ssdeep":"96:PBkngBnqbB3xoNpLHF4XbPkWZqSRF2kIki748jkl4mSxdZEKyB:JknavbHFMUKF21ki7LFmOyB","tlshash":"10a1a5b25a44157c288303bdcff5a1b1332f61ee7a5606e8b478c771f016ae6c94b998","first_seen":"2026-03-03T14:41:54.921996Z","last_seen":"2026-06-01T09:54:50.034732Z","times_seen":60,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}