{"report_id":"4b7955dc-34c4-498c-a4b5-4353bd97282c","version":6,"status":"done","tags":[],"date":"2026-02-07T14:08:21Z","url":{"schema":"https","addr":"pay.in-cryptomus.com/","fqdn":"pay.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"pay.in-cryptomus.com/","fqdn":"pay.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"title":"Cryptomus Pay","dom":{"size":59706,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (15948)","md5":"bc6e4f109717492b689e5365f8198086","sha1":"174d574811d77941aacd0cd0d7baad5d6e5a41a0","sha256":"ee033e0ed0d7a405ad95f54ca279d34b4a3d549ad7f8a9b12b85afbd6851ea32","sha512":"829e36d1b9c05891eb040a179f1cb8ddbbc8dd23c739f0a91161376a27c4f77b3b1f72cba9f9a0dbf9d8cf36204fc5343698570e6b8931a6b43fe0ec0a3ab9c7","ssdeep":"768:AQsRsiNFIoTzQH2L0r82It4uSRhKut5NFgl+FU+xHyvfSDIJPJWf3b8fzwZPROH8:AyiNFIoTzqyrYzPy1ILNhXyHAL3","tlshash":"4743e855f9a214377a07a3fd47d69e4c322170175906da6c36bc42c8efc3ab28db2e58","dom_hash":"domhash61a59105d92371a3d1498c65ef3f1c53","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"pay.in-cryptomus.com/","fqdn":"pay.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-14T14:08:21Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"pay.in-cryptomus.com","ip":{"addr":"216.198.79.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2025-12-26","domain_rank":0,"first_seen":"2026-02-07T13:58:24.352906Z","last_seen":"2026-02-07T13:58:24.848203Z","alert_count":0,"request_count":1,"received_data":44795,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]},{"fqdn":"exciting-washbasin.g-app-d.cc","ip":{"addr":"172.67.196.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-28","domain_rank":0,"first_seen":"2026-02-07T13:53:40.399459Z","last_seen":"2026-02-07T13:53:40.399459Z","alert_count":8,"request_count":4,"received_data":686356,"sent_data":1964,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-01T22:17:46.954894Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pay.in-cryptomus.com/","fqdn":"pay.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4279d1b8d8459cea65e65b2dc9289e3c","sha1":"79899116d846a2a3f41b44b7f0a94e2f91238c96","sha256":"014cb41934deea3b2a444422db33f0e3b28d1a2a55986af47a2a1065707a85c2","sha512":"f258adfe9d94f4979a4175a3a58dd2cd6d3ef487869bb160de87a98c015ff8237e9fdda02610d56bd5dcc89e69fb314b6eac08774bf0ec35d9cb7a40567d473d","ssdeep":"192:Avw/+33idFamSCFvNR48iLeya43Gnh4I02+D41g2Apyk9TM6ZGg187eaUUI31e/o:IiTdFvz48eck6uAKBQcggb","tlshash":"7582541479bb20314a6ba17f474b16083576412f3505ceb439ad8bdc6fe3a04d9a2eef","size":18817,"data":"","first_seen":"2026-02-07T13:53:44.193022Z","last_seen":"2026-02-07T14:08:22.771162Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exciting-washbasin.g-app-d.cc/_nuxt/assets/index.js","fqdn":"exciting-washbasin.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"172.67.196.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e7d23cb8b50a4d781779fb39ebbd32b0","sha1":"ed4ac3ef189660dbacd127a1028a9760c69c2d89","sha256":"b703cf9319c788b7500e85d670efc4c7dd2961c47c40e0d928e85dbd4127ba2b","sha512":"590d221f300c2e8ded50fba2bbd201a6c80253428208191e48db395beb58a2344527dbf029a80640bcb3378bdbdbf278b6cb5e3bfb9537703f8cf47ab33b5553","ssdeep":"12288:ZmqR+0X/x8M7osHJk7KoTdt6dpC+4WrCv16Ah6QtU:g6+0Px8M7DJAKoTdt6pOv1l6QW","tlshash":"58e4e8d711809bac22e27ed43de53cb5b9c5d8a7a40c0a3aa396cc441f7c5275f9c9a3","size":681897,"data":"","first_seen":"2026-02-06T21:33:58.260106Z","last_seen":"2026-02-08T19:37:00.08129Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pay.in-cryptomus.com/","fqdn":"pay.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"Function","is_inline":false,"md5":"d3554835efd3c969ca8d67e8017af186","sha1":"987719cb9688222d62f7a2f974ba6fa47e997d3b","sha256":"9ad474e87aa313579ea92ad6b88f02e68b3e8ef7037c6ad730b8374a680ae938","sha512":"61051417d96163220be8a46d1606432caacf322845cb3a68cbec67f923043998ab15560871775672dbb4316e7498b73625f2eaf4eec422eefe3479de24ce9d79","ssdeep":"12288:Nk5Ewu9LnSao+yA3Ck01f92IruHNAe/+yev19+b:MEwu1nSaLT3Ck01f92Pev19+b","tlshash":"34d4f7e911805bac52e37ee93dc924caf911d8abe0cc0a39b3a495442f7c5175cde2e7","size":653304,"data":"","first_seen":"2026-02-06T21:33:58.264454Z","last_seen":"2026-02-08T19:37:00.07958Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pay.in-cryptomus.com/","fqdn":"pay.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.65","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-07T14:07:59.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pay.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Dec 2025 07:08:36 GMT","end":"Thu, 26 Mar 2026 07:08:35 GMT"},"fingerprint":{"sha1":"C5:CD:7F:32:B8:02:CE:4B:30:CE:51:24:CC:03:80:41:BE:42:2F:32","sha256":"2D:DC:2D:0E:EC:69:AF:2C:4E:FC:E8:24:ED:34:E1:D6:F7:0F:58:DC:AE:FA:E3:57:02:AC:76:C4:A0:9D:90:0E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pay.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 882\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 07 Feb 2026 14:07:59 GMT\r\netag: \"9064a2f0f4e270a9268e126c2b19376b\"\r\nlast-modified: Sat, 07 Feb 2026 13:53:17 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::r6rvb-1770473279524-04ed940401b3\r\ncontent-length: 12641\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nuxt.js","description":"Nuxt is a Vue framework for developing modern web applications.","website":"https://nuxt.com","common_platform_enumeration":"","icon":"Nuxt.js.svg","categories":["JavaScript frameworks","Web frameworks","Web servers","Static site generator"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Vue.js","description":"Vue.js is an open-source model–view–viewmodel JavaScript framework for building user interfaces and single-page applications.","website":"https://vuejs.org","common_platform_enumeration":"","icon":"vue.svg","categories":["JavaScript frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":44269,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4271), with CRLF line terminators","md5":"4d619b156beccf8852872c1a1171ff89","sha1":"1ea39d9406e2043c4ac16a79bd0ef6b79b5e38aa","sha256":"34e80f1c355fa8c6384139d1b47253c6dfb7006c6ada0eb2ca228916a0e4bcf8","sha512":"69c94b386620bf0d2eac0da1503e5481b27b2ac505ad314567538fefdb9fb3aa8e7ce5bb836ee4371a882b36a8a1b5b25cc4d018c7164c9ed220554211712706","ssdeep":"384:bEJI6pmgepdYiEP17buk5w6wQTBTLDHnHQec36j23TaCTJUoubhvivLaWvVv57C8:bEJI6pmJpi99ak5w6wEeK63T9XT","tlshash":"2a13d929765410619137d3b9db725608fabb413b670282a83bec57dd1ff2808c963eed","first_seen":"2026-02-07T13:53:44.188827Z","last_seen":"2026-02-07T14:08:22.761542Z","times_seen":3,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":23,"dns":3,"connect":1,"send":0,"wait":10,"receive":20,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exciting-washbasin.g-app-d.cc/_nuxt/assets/index.js","fqdn":"exciting-washbasin.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"172.67.196.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pay.in-cryptomus.com/","date":"2026-02-07T14:07:59.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 14:44:36 GMT","end":"Fri, 24 Apr 2026 15:41:52 GMT"},"fingerprint":{"sha1":"F5:A5:7E:A0:DD:EF:11:02:83:FD:46:5D:1C:F4:04:73:F2:99:C4:B8","sha256":"2B:46:A4:5B:DA:A1:FA:66:A1:F5:C1:D2:6F:A8:30:EB:8A:E1:2C:53:99:E9:A0:34:88:0C:32:C8:56:76:76:31"}}},"request":{"raw":"GET /_nuxt/assets/index.js HTTP/1.1\r\nHost: exciting-washbasin.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pay.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pay.in-cryptomus.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:08:00 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Fri, 06 Feb 2026 09:09:34 GMT\r\netag: \"6985afce-a6cf7\"\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=300, must-revalidate\r\ncontent-encoding: gzip\r\ncf-cache-status: REVALIDATED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=owa%2FfY%2Flx9szqnVsTqi5uS9UXoZV2ILfl984aHhETusm3K2pu5i%2FS%2BqU96SbMbIVUag12kjXFivAdPQiqp5Pk9fJ8bna6PoruyEIUu6HQVFmlzb2kHGDOeW%2F1A%3D%3D\"}]}\r\ncf-ray: 9ca374ee8a8456af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":683255,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (56150), with no line terminators","md5":"e7d23cb8b50a4d781779fb39ebbd32b0","sha1":"ed4ac3ef189660dbacd127a1028a9760c69c2d89","sha256":"b703cf9319c788b7500e85d670efc4c7dd2961c47c40e0d928e85dbd4127ba2b","sha512":"590d221f300c2e8ded50fba2bbd201a6c80253428208191e48db395beb58a2344527dbf029a80640bcb3378bdbdbf278b6cb5e3bfb9537703f8cf47ab33b5553","ssdeep":"12288:ZmqR+0X/x8M7osHJk7KoTdt6dpC+4WrCv16Ah6QtU:g6+0Px8M7DJAKoTdt6pOv1l6QW","tlshash":"58e4e8d711809bac22e27ed43de53cb5b9c5d8a7a40c0a3aa396cc441f7c5275f9c9a3","first_seen":"2026-02-06T21:33:58.260106Z","last_seen":"2026-02-08T19:37:00.08129Z","times_seen":23,"resource_available":true,"data":null}},"time_used":371,"timings":{"blocked":43,"dns":21,"connect":2,"send":0,"wait":283,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pay.in-cryptomus.com/","date":"2026-02-07T14:08:00.223Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 19 Jan 2026 08:38:26 GMT","end":"Mon, 13 Apr 2026 08:38:25 GMT"},"fingerprint":{"sha1":"DF:42:37:13:35:8D:A4:42:F4:81:DF:D2:AF:04:C4:6D:23:27:5D:0B","sha256":"01:14:5B:59:48:97:DF:81:4B:BE:59:0B:AC:32:B6:15:AD:CE:47:D9:53:36:4E:AD:6E:7B:D0:45:0B:F3:10:96"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pay.in-cryptomus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 07 Feb 2026 14:08:00 GMT\r\ndate: Sat, 07 Feb 2026 14:08:00 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-06-08T23:14:00.06627Z","times_seen":29654,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":135,"dns":1,"connect":29,"send":0,"wait":47,"receive":0,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exciting-washbasin.g-app-d.cc/api/is-banned","fqdn":"exciting-washbasin.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"172.67.196.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pay.in-cryptomus.com/","date":"2026-02-07T14:08:00.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 14:44:36 GMT","end":"Fri, 24 Apr 2026 15:41:52 GMT"},"fingerprint":{"sha1":"F5:A5:7E:A0:DD:EF:11:02:83:FD:46:5D:1C:F4:04:73:F2:99:C4:B8","sha256":"2B:46:A4:5B:DA:A1:FA:66:A1:F5:C1:D2:6F:A8:30:EB:8A:E1:2C:53:99:E9:A0:34:88:0C:32:C8:56:76:76:31"}}},"request":{"raw":"GET /api/is-banned HTTP/1.1\r\nHost: exciting-washbasin.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pay.in-cryptomus.com/\r\nOrigin: https://pay.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:08:00 GMT\r\ncontent-type: text/plain;charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncache-control: private, max-age=300\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pvi7TPULgblhKWPvFmTKzp6hOVzbC6nu8PczA5OqasR%2Fd4vwG9y%2BhaXilCcFlRExb8%2Fw%2FYLdcQIdAy5jS5Zd9WSjJJ0%2BJYa3NhcL4vVG9RqfSjVWkujdFTeYGA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9ca374f19da556af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"very short file (no magic)","md5":"cfcd208495d565ef66e7dff9f98764da","sha1":"b6589fc6ab0dc82cf12099d1c2d40ab994e8410c","sha256":"5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9","sha512":"31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99","ssdeep":"","tlshash":"c700000000000000c00000300000000000000000000000000000000000000000000000","first_seen":"2023-03-07T01:37:31Z","last_seen":"2026-06-08T22:37:31.954387Z","times_seen":114445,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exciting-washbasin.g-app-d.cc/api/config","fqdn":"exciting-washbasin.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"172.67.196.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pay.in-cryptomus.com/","date":"2026-02-07T14:08:00.253Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 14:44:36 GMT","end":"Fri, 24 Apr 2026 15:41:52 GMT"},"fingerprint":{"sha1":"F5:A5:7E:A0:DD:EF:11:02:83:FD:46:5D:1C:F4:04:73:F2:99:C4:B8","sha256":"2B:46:A4:5B:DA:A1:FA:66:A1:F5:C1:D2:6F:A8:30:EB:8A:E1:2C:53:99:E9:A0:34:88:0C:32:C8:56:76:76:31"}}},"request":{"raw":"GET /api/config HTTP/1.1\r\nHost: exciting-washbasin.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pay.in-cryptomus.com/\r\ncontent-language: en-US,q=0.8;en\r\nOrigin: https://pay.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:08:00 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s9rOG8avS6%2FueweTlWGzksiE2qSlqeBbxxs4kNbxgaHtNRIUjP0TVb6NkxTMfc3oEzugKDhvcdMOxTJHlouatOMT1v6m13KLFDageBYNUCM%2FoGl2K1e%2BzeE7jA%3D%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9ca374f19da856af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":187,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"data","md5":"1ad046249613d1736f00db4adf457820","sha1":"846af39f096775270df5c38e89f8e19757c9f1f8","sha256":"e48f8afe70047343148ffefae945ff0b50b0b5f1b7d7e3617f39111d6dcfc508","sha512":"afa0045e04a58efe397220017da7be1996341d10321a3871db36c1ebda51262075b0b4299b473fb6aee8b4f43aab54d98be63ca68dbd4a1ea856c04e0377a829","ssdeep":"","tlshash":"57d0ebcb032e8a94ee8c84008200b080e20800c4a8294a868e224e12f5477687609290","first_seen":"2026-02-07T14:08:22.767462Z","last_seen":"2026-02-07T14:08:22.767462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":262,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exciting-washbasin.g-app-d.cc/api/visit?origin=pay.in-cryptomus.com","fqdn":"exciting-washbasin.g-app-d.cc","domain":"g-app-d.cc","tld":"cc"},"ip":{"addr":"172.67.196.168","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pay.in-cryptomus.com/","date":"2026-02-07T14:08:00.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"g-app-d.cc","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 14:44:36 GMT","end":"Fri, 24 Apr 2026 15:41:52 GMT"},"fingerprint":{"sha1":"F5:A5:7E:A0:DD:EF:11:02:83:FD:46:5D:1C:F4:04:73:F2:99:C4:B8","sha256":"2B:46:A4:5B:DA:A1:FA:66:A1:F5:C1:D2:6F:A8:30:EB:8A:E1:2C:53:99:E9:A0:34:88:0C:32:C8:56:76:76:31"}}},"request":{"raw":"POST /api/visit?origin=pay.in-cryptomus.com HTTP/1.1\r\nHost: exciting-washbasin.g-app-d.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://pay.in-cryptomus.com/\r\nOrigin: https://pay.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 07 Feb 2026 14:08:00 GMT\r\ncontent-type: text/plain;charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XcwHfjLAL2NeOpeEVmW%2F02DujaRULt8Q8CVaRxRqz3xheN5ZAKSfrJi5tKYOcCgXjGAN8PFQoifocFxd%2Fmi%2B5JGMlwxVlD0LhE62ePo258pMtmNw42gMh3VFBfML\"}]}\r\npriority: u=4,i=?0\r\naccess-control-max-age: 86400\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ca374f2dbf2a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"444bcb3a3fcf8389296c49467f27e1d6","sha1":"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb","sha256":"2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df","sha512":"9fbbbb5a0f329f9782e2356fa41d89cf9b3694327c1a934d6af2a9df2d7f936ce83717fb513196a4ce5548471708cd7134c2ae99b3c357bcabb2eafc7b9b7570","ssdeep":"","tlshash":"c710000000000000300000000000000000000000000000000000000000000c0000c000","first_seen":"2023-03-08T02:32:37Z","last_seen":"2026-06-08T23:17:47.135494Z","times_seen":423639,"resource_available":true,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"exciting-washbasin.g-app-d.cc","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}