{"report_id":"54083bb3-0f10-4a26-8562-61c709366cc4","version":6,"status":"done","tags":[],"date":"2026-02-27T06:28:29Z","url":{"schema":"http","addr":"trumpbtc.top","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"trumpbtc.top/","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"title":"USA X Crypto Giveaway","dom":{"size":188352,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (1036)","md5":"e2a0b9e08251dc5f2759d18fc829dbda","sha1":"e012eb08231aaea430b3df4b3f8c63686c5bcd96","sha256":"73a2c8e2270ded4b80400f8f1afc939fe14254bcef685a812358880b63a78aa3","sha512":"40382df139c9e11e22b10ce3adc739117ba829e9149e38b94f966d549ec53ad105ee8f8f82fb9ccd4e5a2697101bb86028d754a52fe33e57f2458fe54ff4841f","ssdeep":"3072:YHpQcPgDRPgkEQ6BPglYPg6TPglVPglJPg1PPgTwPg+:YHpQiQ6myyk40e","tlshash":"a104722b19f2021a6943a0b867eb56657b2ad013f90ecda07eec17a0cf97d51cd5378c","dom_hash":"domhash3c8f6f2c0515721d5e9682326a098a42","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"trumpbtc.top","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":0,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-03T06:28:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"trumpbtc.top","ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-12-01","domain_rank":0,"first_seen":"2026-02-27T03:48:17.122829Z","last_seen":"2026-02-27T03:48:17.122829Z","alert_count":44,"request_count":22,"received_data":3140730,"sent_data":9833,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"glyph.medium.com","ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"1998-05-27","domain_rank":187209,"first_seen":"2017-08-01T13:23:25Z","last_seen":"2026-02-23T09:22:34.516913Z","alert_count":0,"request_count":6,"received_data":86808,"sent_data":3395,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.matomo.cloud","ip":{"addr":"65.9.46.84","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2017-09-08","domain_rank":124973,"first_seen":"2019-09-27T14:00:38Z","last_seen":"2026-02-25T23:18:50.987267Z","alert_count":0,"request_count":1,"received_data":686,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"trumpbtc.top/js/toastr.min.js","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ed235256c2c5519e0ef31e70145400ae","sha1":"a3ecbf7c5b6aa5c2d71ebc310ff1ce5c7e4e19a8","sha256":"2f71cb931cc3dfb86fd1e4d43f85666ac70e1baa5fa3c6b873d81d8971907170","sha512":"f3c2fb69b42ba0960d4d47eb57f8a31f2246b4eb4e345e459051eef7b1758f799fda44853af71e2f879629f062c60c1064340654cd761df6c30ba6bea93157a4","ssdeep":"96:ctfrO6hXIJFt1NJ/cJKU6/TG96sCmHfLxKxqq76DGHH7475dRUVf:ArO6yr15cDTwxqq76DC4vRe","tlshash":"02b19644e261fbc667b360a8125f0806a3776792cc8e55407a3a558c7e70e04d2f7fc9","size":5281,"data":"","first_seen":"2023-03-09T22:23:27Z","last_seen":"2026-02-27T06:28:32.090553Z","times_seen":30,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/js/jquery.min.js","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-07T18:29:51.406679Z","times_seen":166284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"6a6ff62f0ca9acde3eb3adcf2fdb72b3","sha1":"54ee1db6b51a0719dfb474661567024736b67b67","sha256":"ba6a4529671d68997a33924a89327ab3976438d46a0083c22f476e3987b706f3","sha512":"3cfd4d5395b9837bf7db228d09fc15d98b4055eadeaf6f31b4ab29f87e38984570d5f44a06b4cdb7429ef00cc60602f3c332a10782feb2a686196d2e26309783","ssdeep":"48:eCd3dSjp+Jv+ptcC+Y3dSjp+Jv+ptcC+kOs+6+2XCOs+6+2XFpGSN3o5UwJQxkh7:EAC+ACWN4ubxNSeQcApphZFCrs","tlshash":"b4a1d13f39e218310abb71ef379fa3987420411b1944da1d3dac86644fd4d668476b9c","size":4757,"data":"","first_seen":"2025-07-27T03:00:44.177003Z","last_seen":"2026-02-27T06:28:32.108456Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"2a1e3343aa8766ddaf9d90071197c5a3","sha1":"e9b96acf0c8184cdb2dca682b939bea9b9b16822","sha256":"138814690e3ce8b4b4afa5b1af1ed3527b8249021d3edf8a2c1a9ebae2ef8a4f","sha512":"c0e7a350f58d6ba96f3ebe942ddcc81b2ee6f426e8c43d07d264369b54faae6e5a4ae59971c12a3e04898578c05f2516d9301b76baa72a631c8f433884d0d719","ssdeep":"","tlshash":"6bf0811509ef5ffe213f627e7dbe8929f3ab281da461c4017e41942c6e61d8547403dc","size":553,"data":"","first_seen":"2025-10-08T14:22:04.222577Z","last_seen":"2026-02-27T06:28:32.109337Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"trumpbtc.top/img/Q6ktEA4W_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.025Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/Q6ktEA4W_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 27407\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27407,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"6a0892f62bb20664a7dccc272411812c","sha1":"42dfb6c61f8cd01e3708c6f37ce71e164f5ebf8c","sha256":"7c0259ef2966d61c7b4894098807fe5e3b45d6422b9d00bf3bb77cedc46fa7e9","sha512":"d2310503985aee705b34a04adbee95c55884436566ffc0b1172b97cc78585eb4a72797861d0ba53245794ee1143e94cb70215231c82097601601ef047f73415a","ssdeep":"384:s8KLx+2s2DmMSQp/SXybQugDbytlL97k3IQUdOoXnL1VXqZGUixxLLiZaHwOl+a8:T4ASZNSXybQugGXJdO2aZwx1LRl+a8","tlshash":"c9c2f1a0f7fb1334e5ac663934dc4cf0e3418a33e6916336dd1094316f395a6a734a56","first_seen":"2025-07-27T03:00:44.144803Z","last_seen":"2026-02-27T06:28:32.063086Z","times_seen":5,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":61,"dns":1,"connect":21,"send":0,"wait":50,"receive":2,"ssl":53},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/index-2.html","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /index-2.html HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 212674\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":212674,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"c162709a8956416422a43312e07daf3e","sha1":"f23309819254dd5fab620b01a4bff63dd551644e","sha256":"1e27066f5dd61cba39d53bca6b92dac89d14dc0e147345ac71b9cbe7e9ff6fc0","sha512":"18abbd4d4ea2dc1a9a7eaaa0a0e61d294f1bf0907047b82c94e6a3b3a1d78df2f16559e58a32bf8109351eee4ace0adb6783e9ebb38588bd6ecf341e3141e2c9","ssdeep":"3072:FH1IbPg+MPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8PgS:FH1IasL/l3Hnm","tlshash":"0a24612b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.192521Z","last_seen":"2026-02-27T06:28:32.066566Z","times_seen":4,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":59,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"glyph.medium.com/font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff","fqdn":"glyph.medium.com","domain":"medium.com","tld":"com"},"ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"medium.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 19:40:05 GMT","end":"Sun, 12 Apr 2026 20:40:01 GMT"},"fingerprint":{"sha1":"C6:3A:AD:02:32:02:0B:35:F3:D3:8E:F7:AE:57:DC:F4:4A:81:7A:36","sha256":"19:26:F7:CE:FF:F0:BC:78:94:80:58:67:AE:57:08:BB:2D:4C:45:F1:59:7B:93:76:42:09:39:D9:A3:B7:47:DC"}}},"request":{"raw":"GET /font/b156742/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-700-normal.woff HTTP/1.1\r\nHost: glyph.medium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trumpbtc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 06:28:06 GMT\r\ncontent-type: application/font-woff\r\ncf-ray: 9d459ec3edad4c11-OSL\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\ncache-control: public, max-age=31536000\r\nage: 106685\r\netag: v2-b156742\r\nexpires: Sat, 27 Feb 2027 06:28:06 GMT\r\nx-envoy-upstream-service-time: 31\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nset-cookie: _cfuvid=GziXUkbdU3H3aMKVQzZ.wB4vcnUpUxW7rGnBErakFwo-1772173686407-0.0.1.1-604800000; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12476,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 12476, version 3.1","md5":"0f23877e4b93a8dd8648f601152ad192","sha1":"250c8108ab1e0a24d9fdafb65b8c376eddfc2f28","sha256":"b579cb06b725609666aeb9fec66152efd7e687c9ba13096c2ce7c1db44c82558","sha512":"8d3196779d5de767e5a5f2b5d3cbfb66ab43474c8fa9e0c923ab2d41a55241045851ad0ff0ba739ed9b2851c00ed4a033a132da823385465109fd742aeed45a9","ssdeep":"384:s9BT/bl+QkqbifHZ+in3XN3g5ATDbvIZc:G+ubS53g5GbQC","tlshash":"1d42c0d864712c00c7f2af3f5a47d258be9846d26c2ae93e364514d50a8771827fb5e2","first_seen":"2023-04-11T14:22:15Z","last_seen":"2026-06-05T01:47:37.839626Z","times_seen":2370,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":62,"dns":2,"connect":13,"send":0,"wait":24,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glyph.medium.com/font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff","fqdn":"glyph.medium.com","domain":"medium.com","tld":"com"},"ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"medium.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 19:40:05 GMT","end":"Sun, 12 Apr 2026 20:40:01 GMT"},"fingerprint":{"sha1":"C6:3A:AD:02:32:02:0B:35:F3:D3:8E:F7:AE:57:DC:F4:4A:81:7A:36","sha256":"19:26:F7:CE:FF:F0:BC:78:94:80:58:67:AE:57:08:BB:2D:4C:45:F1:59:7B:93:76:42:09:39:D9:A3:B7:47:DC"}}},"request":{"raw":"GET /font/b492c44/3k-4f_4h-52_54-6bt_6bv-6c3_6c5-6c7_6ca-6cb_6ce-6ch_6cj-6cl_6cn-nvnj/sohne-400-normal.woff HTTP/1.1\r\nHost: glyph.medium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trumpbtc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 06:28:06 GMT\r\ncontent-type: application/font-woff\r\ncf-ray: 9d459ec3fdf94c11-OSL\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\ncache-control: public, max-age=31536000\r\netag: v2-b492c44\r\nexpires: Sat, 27 Feb 2027 06:28:06 GMT\r\nx-envoy-upstream-service-time: 51\r\ncf-cache-status: HIT\r\nage: 9614\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nset-cookie: _cfuvid=XvKwGzisNZ5KWB9K9O6l5vDj2gKjhvGma.Csh0lcO84-1772173686414-0.0.1.1-604800000; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":18049,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 18049, version 1.1","md5":"5e3467a83ecea165121694bbb615c4ce","sha1":"96c8ea612ce4511ef9a8936f4dc5f691e3a2707e","sha256":"f3272b23b3153d341155b472f35f887eb89608ded27fa536d709622ef421fa95","sha512":"5eb2d621d58a5909805a1251664655cdf2b52b07f4ef09df053205601413a32e4d754bb539b04b276cc012ee23466b7defb8ae9ab837f44e490c2e37478395ac","ssdeep":"384:rmK5T7IBy6HmoqM3KBFYUsTyArV9AAG17ZCT0cSgE7Te5ZZcWi:r35T0LG1bBFgTbT7c7K0c/EmDti","tlshash":"8682e0709dfe1628e94cfa3b504a3887caf512cd0e49e4ef28463270bdab5975a07d94","first_seen":"2023-04-11T14:22:15Z","last_seen":"2026-06-03T04:48:24.275481Z","times_seen":2109,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":55,"dns":3,"connect":2,"send":0,"wait":22,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-27T06:28:05.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:05 GMT\r\nContent-Type: text/html\r\nContent-Length: 212709\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":212709,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"75b510e84f842c90ae0691b6f00a426e","sha1":"3f583c131ba4192b051a908fbe7c350de2cfd4bd","sha256":"8e8a37a459b4992b5d1b4c622da253edda73ea3119cee939bf4c1f6716e3656d","sha512":"09ded6d214f01ab2954caf4e9a38f873ec7125c04b8b5723ba39217bd64a5d7506a6e1a85e915bfb38f84746d2626dee867b30f629e69e8ad18b67f8875d07bc","ssdeep":"3072:0H1IbPg+RPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8Pgr:0H1IvsL/l3Hn3","tlshash":"4c24622b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.201362Z","last_seen":"2026-02-27T06:28:32.072495Z","times_seen":4,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":58,"dns":1,"connect":23,"send":0,"wait":45,"receive":49,"ssl":29},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/css/toastr.min.css","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:05.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /css/toastr.min.css HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/css\r\nContent-Length: 7990\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7990,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (820), with CRLF line terminators","md5":"286f488b8aeab9778f68d13592ea9362","sha1":"0f0503aeb154fd7e3aa3cea4e8ba3302db88c6bf","sha256":"13e1c08919426283404693bf1c3aa53cd5f1d81fccefe00648f23fb1c9cb03ad","sha512":"b909917867a7302991905acd6ebe980c00bb3ef55e92a46b4e5bb65d33f1b5fc80b2b02583bf0e23d79fcc90ac079229ca1eda3f2c6416dd46fdba3e77604d1d","ssdeep":"96:Wl13uasgZHvwNACYeIFHSpZIJWQ78GhJZCjtQJWP+zLmlD6JWKG8CzyQJWVMz2wZ:Wz2AoNACYeQeVY8syVttlGPVMnoIfM0","tlshash":"e2f1a624cb433609aab2466dab694106ef165163cbcd189d3acf925cdff7b908c70f48","first_seen":"2025-05-05T03:54:27.327178Z","last_seen":"2026-05-27T01:13:23.587432Z","times_seen":28,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":48,"dns":6,"connect":22,"send":0,"wait":38,"receive":1,"ssl":28},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/logo.svg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:05.998Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/logo.svg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 8763\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8763,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"909edce442a66a89a7cc7995dc4f2bf9","sha1":"858ea0ee836b8cec8729406c55b35e7d0adad2d2","sha256":"7de942a07a949b626920ed00a558000f43242398bcb7f3102bfc4b43419bc414","sha512":"e3e64b7af9eb4a4b72f166c6b4afa9a8842b693edf31e9336f92ed455b1807c344b6341c27de2a88f503413f61c0d77a5d0ed9fe5ff06db073c5f078f8790c45","ssdeep":"192:5BLWnLeseEY+IQdvg32fBcW1U723vR5rjcBx:5BinlLvoHWO7YjcD","tlshash":"430284bc0a9c5bece804894edb22759c3ede306f5bf649b4c4865d23269640cbe93129","first_seen":"2025-06-25T19:23:49.037134Z","last_seen":"2026-05-14T23:38:41.66817Z","times_seen":26,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":116,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/oBSlDe-Q_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/oBSlDe-Q_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 29636\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29636,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"ccd355360a6b9e66e1bbf5e7390252d3","sha1":"e605dfdf265e4bb9adb3be70094b7da6f817b1ec","sha256":"c3584bfb7303530d33ed90b97a002c8a172346dd253444a7216a5b0cb00ba746","sha512":"fbc28a94678c7c185a2080e85373a4a1b495c4cb473459ae08f52d8b072ef42a9523e1346a36f05c3de10194f1e460f522f0adc9945007b6a387a14b67f95f89","ssdeep":"768:f7HW+creVWzI+5kRkcbEpjTO8QA/KSB06+dn5okwJNMq:D2Nr9zTkRkcoEcMdWk8v","tlshash":"94d2d0818319e5e6f6ce573e009089b13c22cb1ba3dc971961cbac2f6b796565f843d8","first_seen":"2025-06-25T19:23:49.01741Z","last_seen":"2026-04-07T11:32:41.676611Z","times_seen":23,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":66,"dns":0,"connect":0,"send":0,"wait":48,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"glyph.medium.com/font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff","fqdn":"glyph.medium.com","domain":"medium.com","tld":"com"},"ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.319Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"medium.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 19:40:05 GMT","end":"Sun, 12 Apr 2026 20:40:01 GMT"},"fingerprint":{"sha1":"C6:3A:AD:02:32:02:0B:35:F3:D3:8E:F7:AE:57:DC:F4:4A:81:7A:36","sha256":"19:26:F7:CE:FF:F0:BC:78:94:80:58:67:AE:57:08:BB:2D:4C:45:F1:59:7B:93:76:42:09:39:D9:A3:B7:47:DC"}}},"request":{"raw":"GET /font/b492c44/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-400-normal.woff HTTP/1.1\r\nHost: glyph.medium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trumpbtc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 06:28:06 GMT\r\ncontent-type: application/font-woff\r\ncf-ray: 9d459ec3edb34c11-OSL\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\ncache-control: public, max-age=31536000\r\netag: v2-b492c44\r\nexpires: Sat, 27 Feb 2027 06:28:06 GMT\r\nx-envoy-upstream-service-time: 30\r\ncf-cache-status: HIT\r\nage: 9613\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nset-cookie: _cfuvid=cUx99XTkUNBFNwwZIuPtr9yrHexKDT6M6jOfWTRAuT4-1772173686406-0.0.1.1-604800000; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12773,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 12773, version 1.1","md5":"a10bcd51793a7ec7a51e3a79e3b3c568","sha1":"2921ce36c9376a6666773963df4ac22695ce0ac4","sha256":"8f6e7bfd316a160cd611c23c79c3d0cf8fcbfe22e16592f4afffd03eedf45756","sha512":"1bfef32414a9290b1cbd6874a3ef6b5811a724eba6c65c32ab0a0dbac137359d3d0b43b540ec66fb70b02d0ca8ceb5094ab13bb98e119c909cd9f1313f75f583","ssdeep":"192:z2dUEgZHiEmGwl5O288i7vLQaaMZW1Jv0ivSAvzafG+7TWWKT/XBx3sscHF1m7G:zaUdZHwGwR85fQqQv0cSgE7Te5ZZcWi","tlshash":"2a42d150acfe0d01c428fa31c485bf9f2655d1c115b9f79e765828b81d3f7c28776a26","first_seen":"2023-04-07T18:04:24Z","last_seen":"2026-06-03T21:09:35.259504Z","times_seen":2360,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":67,"dns":11,"connect":14,"send":0,"wait":23,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glyph.medium.com/font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff","fqdn":"glyph.medium.com","domain":"medium.com","tld":"com"},"ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"medium.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 19:40:05 GMT","end":"Sun, 12 Apr 2026 20:40:01 GMT"},"fingerprint":{"sha1":"C6:3A:AD:02:32:02:0B:35:F3:D3:8E:F7:AE:57:DC:F4:4A:81:7A:36","sha256":"19:26:F7:CE:FF:F0:BC:78:94:80:58:67:AE:57:08:BB:2D:4C:45:F1:59:7B:93:76:42:09:39:D9:A3:B7:47:DC"}}},"request":{"raw":"GET /font/8e059b2/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/source-serif-pro-400-normal.woff HTTP/1.1\r\nHost: glyph.medium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trumpbtc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 06:28:06 GMT\r\ncontent-type: application/font-woff\r\ncf-ray: 9d459ec3dd534c11-OSL\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\ncache-control: public, max-age=31536000\r\netag: v2-8e059b2\r\nexpires: Sat, 27 Feb 2027 06:28:06 GMT\r\nx-envoy-upstream-service-time: 22\r\ncf-cache-status: HIT\r\nage: 9613\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nset-cookie: _cfuvid=IkxW8N2aMSY7jZZWjamP3z.I8eOPl_UOWJ.8BoSFHqI-1772173686389-0.0.1.1-604800000; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":11936,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 11936, version 3.1","md5":"39456e1cbedc889b380aafed194e242a","sha1":"728597a731ee7b3f35b6626be2317e154e4baf0a","sha256":"7cb0607a963a4d571ab612d010e4c124c2bb4cc0fd27048efa5f92eedab98ebe","sha512":"daf6488a7dbe75341144bd29d9ea1f321083378d34d12593f77ec6259ba090209be99caf644f7295933c7addf70fa1c6dc0275c41ae78eee7d5d2c279a4023ce","ssdeep":"192:e/w4A7+YGmAs95F6Y4v1ZQ9MMSgh/eMT8H+n3HySigrEiOjO6L2lspMNT5JnOTog:GdAe45kdvTLng5eMTM+n3HdBEC6CldJ0","tlshash":"6332d06cab1fab89cc166472960629fcb2c5414d7f95462b2ce060cfec0368f03491f4","first_seen":"2023-04-07T18:04:24Z","last_seen":"2026-06-05T01:47:37.852515Z","times_seen":2354,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":53,"dns":3,"connect":1,"send":0,"wait":17,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glyph.medium.com/font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff","fqdn":"glyph.medium.com","domain":"medium.com","tld":"com"},"ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"medium.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 19:40:05 GMT","end":"Sun, 12 Apr 2026 20:40:01 GMT"},"fingerprint":{"sha1":"C6:3A:AD:02:32:02:0B:35:F3:D3:8E:F7:AE:57:DC:F4:4A:81:7A:36","sha256":"19:26:F7:CE:FF:F0:BC:78:94:80:58:67:AE:57:08:BB:2D:4C:45:F1:59:7B:93:76:42:09:39:D9:A3:B7:47:DC"}}},"request":{"raw":"GET /font/df9ba7f/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-500-normal.woff HTTP/1.1\r\nHost: glyph.medium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trumpbtc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 06:28:06 GMT\r\ncontent-type: application/font-woff\r\ncf-ray: 9d459ec3fdf24c11-OSL\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\ncache-control: public, max-age=31536000\r\nage: 106685\r\netag: v2-df9ba7f\r\nexpires: Sat, 27 Feb 2027 06:28:06 GMT\r\nx-envoy-upstream-service-time: 29\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nset-cookie: _cfuvid=BXgbDL30GaZ3OcAapLA.dga.P1z1qxxyS5wNDqWGP4M-1772173686409-0.0.1.1-604800000; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12637,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 12637, version 1.1","md5":"c1d6863ffe37b11f8c6153349997a59e","sha1":"d24a28c66ebfa5e95c5698379afb286c9ad7c57b","sha256":"45bd34ce2bf3511cc126b1b12bc1597486e925141c10b05627857cb79810140c","sha512":"5cd63e4f8779eecd18a502db94bac86534a77e3088e832a4f42b138dbea4fde460b789a1fadf07746c37523b801b23789f2374eb09e5e2c4eeac1ceba0cbabdc","ssdeep":"384:GmKXQBC2RQKRI+CbBw5H0cSgE7Te5ZZcWi:GmKgBCs0c/EmDti","tlshash":"7942d0314d9533d0dbaeb332f9b0a9035650b88f29f0a0323d9848389e16cb6ddf1c92","first_seen":"2023-04-07T18:04:24Z","last_seen":"2026-06-04T23:03:54.418792Z","times_seen":336,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":59,"dns":5,"connect":1,"send":0,"wait":17,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/jmz73TYd_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/jmz73TYd_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 14595\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14595,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"f7d647f906b0b2fed3067f8990ef4ce4","sha1":"570756f84d6f0f7828d174f6dc83480005e8ba6e","sha256":"7903fee86e4177b9ab83198c9f9cac2cc6a8f69068374f8a1728fc1788578fb6","sha512":"59f37b581a5ac60b6dfdb4c27a8b659ea20ec9a9bb8c6fdb3b3d42ace495b35aee0e520c293c0abcde6b40a087283893ffdad4f3f36e4c3b3964ffc2708ffb35","ssdeep":"384:sBj0JbhUsT6xxwFCaTzl8BrkXSh63z+S1a:7FuxACad8pkXXM","tlshash":"e762cf28eb18ed02ddea07339c4c6292cf569e40f995929bc74791800bafdfc5d640e4","first_seen":"2025-07-27T03:00:44.141994Z","last_seen":"2026-02-27T06:28:32.082227Z","times_seen":5,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":119,"dns":0,"connect":0,"send":0,"wait":36,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/krIQD8Wv_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/krIQD8Wv_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 18436\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18436,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"1569423f64c8d2f54159722b40e25a4d","sha1":"347bda7b4e0037f9e307721fedf913533f1d868d","sha256":"e5f1ce4350e1d58d84e1e30e1463ce8bfbe638518d1a0687d181515fa901c39b","sha512":"c4f4ede14284709c5330de39ed77b226cb6a09accaab22ff29ab66ede050684b30d3924d9b399bcf903aee6feffd56670c93f2e188a8c645bdb3f17e66df061d","ssdeep":"384:s9xiemArFJVYDQfKqvIto86+F/IcxyRP9IPjpvwbqJSo/:axie9LVGyP+/xIRPM9So/","tlshash":"6382d1d143b9ba9bef4e653171b11736462e37d32fe7bf0156244c3507a82ec4998ac2","first_seen":"2025-07-27T03:00:44.174421Z","last_seen":"2026-02-27T06:28:32.083121Z","times_seen":5,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":50,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/js/toastr.min.js","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /js/toastr.min.js HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 5281\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5281,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (4957)","md5":"ed235256c2c5519e0ef31e70145400ae","sha1":"a3ecbf7c5b6aa5c2d71ebc310ff1ce5c7e4e19a8","sha256":"2f71cb931cc3dfb86fd1e4d43f85666ac70e1baa5fa3c6b873d81d8971907170","sha512":"f3c2fb69b42ba0960d4d47eb57f8a31f2246b4eb4e345e459051eef7b1758f799fda44853af71e2f879629f062c60c1064340654cd761df6c30ba6bea93157a4","ssdeep":"96:ctfrO6hXIJFt1NJ/cJKU6/TG96sCmHfLxKxqq76DGHH7475dRUVf:ArO6yr15cDTwxqq76DC4vRe","tlshash":"02b19644e261fbc667b360a8125f0806a3776792cc8e55407a3a558c7e70e04d2f7fc9","first_seen":"2023-03-09T22:23:27Z","last_seen":"2026-02-27T06:28:32.090553Z","times_seen":30,"resource_available":true,"data":null}},"time_used":162,"timings":{"blocked":54,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/vid.mp4","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /vid.mp4 HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 206 Partial Content\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: video/mp4\r\nContent-Length: 15260337\r\nConnection: keep-alive\r\nLast-Modified: Thu, 04 Dec 2025 12:53:27 GMT\r\nContent-Range: bytes 0-15260336/15260337\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1294089,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"88d5ab266517bb7e902fbf632c20990b","sha1":"88f0741a0d4fc97ca7e6e006f1f77b1c7105b7e6","sha256":"5aaad7b7b20affd9ccd695786f5ce92a6bd9bd261fa3b01d54062b043095c73f","sha512":"185d072db0818e657e6b462289eaae86312b92437669dc861dde5953ae4772cbc7838ef46f00c309ec837e2eb33f8b4e5021547d0f9c3c24ea9d117ffce1bd0a","ssdeep":"24576:HZoL58quahcY3keqUVrymOdeWkq/SBwbzj/xKHOvWgVH:HKL58ucY3N7VrymWeWkO2Mj/xKHAWgd","tlshash":"082523ae9741dc70ca5c4bb06a4448bc3b841d5c48cdbbeb67dda0c16c4bd7623a5acb","first_seen":"2026-02-27T06:28:32.091758Z","last_seen":"2026-02-27T06:28:32.091758Z","times_seen":1,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":31,"receive":118,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/index-2.html","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /index-2.html HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 212674\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":212674,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"c162709a8956416422a43312e07daf3e","sha1":"f23309819254dd5fab620b01a4bff63dd551644e","sha256":"1e27066f5dd61cba39d53bca6b92dac89d14dc0e147345ac71b9cbe7e9ff6fc0","sha512":"18abbd4d4ea2dc1a9a7eaaa0a0e61d294f1bf0907047b82c94e6a3b3a1d78df2f16559e58a32bf8109351eee4ace0adb6783e9ebb38588bd6ecf341e3141e2c9","ssdeep":"3072:FH1IbPg+MPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8PgS:FH1IasL/l3Hnm","tlshash":"0a24612b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.192521Z","last_seen":"2026-02-27T06:28:32.066566Z","times_seen":4,"resource_available":false,"data":null}},"time_used":78,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/index-2.html","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /index-2.html HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 212674\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":212674,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"c162709a8956416422a43312e07daf3e","sha1":"f23309819254dd5fab620b01a4bff63dd551644e","sha256":"1e27066f5dd61cba39d53bca6b92dac89d14dc0e147345ac71b9cbe7e9ff6fc0","sha512":"18abbd4d4ea2dc1a9a7eaaa0a0e61d294f1bf0907047b82c94e6a3b3a1d78df2f16559e58a32bf8109351eee4ace0adb6783e9ebb38588bd6ecf341e3141e2c9","ssdeep":"3072:FH1IbPg+MPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8PgS:FH1IasL/l3Hnm","tlshash":"0a24612b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.192521Z","last_seen":"2026-02-27T06:28:32.066566Z","times_seen":4,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":9,"dns":0,"connect":0,"send":0,"wait":26,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/verif.png","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /verif.png HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/png\r\nContent-Length: 33620\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33620,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"324f4a9ce2a9ba58afd4e802b2ec8d79","sha1":"0a32df2a99988b3e7827abd19b69b766916f14c9","sha256":"ea3dab99c120a96ca2453db3251544bd6c7b8384e1bd45dce05a465e4bc9e39f","sha512":"66a5b420acaf1f5fce467e767fb01eb663d37fee2acbce5d936013e1fd87b9184803c7a145ec0491e17e7cfa94b30189e3545bd61f979fc3d9537749db8c6dcc","ssdeep":"768:KQFEACgpL6mii2EmgWe2GxJBEOq1OE39nY6H4jCrGBkrj:k8gripjDLEOqsa9Y67Nj","tlshash":"fae2e08dcfb30df5d7ea60bdf7c628249238abd6935a7b2b5b7041836c93792801605d","first_seen":"2025-05-02T08:57:52.662159Z","last_seen":"2026-02-27T06:28:32.094585Z","times_seen":23,"resource_available":false,"data":null}},"time_used":191,"timings":{"blocked":131,"dns":0,"connect":0,"send":0,"wait":36,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/js/jquery.min.js","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /js/jquery.min.js HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 87533\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":87533,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-06-07T18:29:51.406679Z","times_seen":166284,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/index-2.html","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /index-2.html HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 212674\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":212674,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"c162709a8956416422a43312e07daf3e","sha1":"f23309819254dd5fab620b01a4bff63dd551644e","sha256":"1e27066f5dd61cba39d53bca6b92dac89d14dc0e147345ac71b9cbe7e9ff6fc0","sha512":"18abbd4d4ea2dc1a9a7eaaa0a0e61d294f1bf0907047b82c94e6a3b3a1d78df2f16559e58a32bf8109351eee4ace0adb6783e9ebb38588bd6ecf341e3141e2c9","ssdeep":"3072:FH1IbPg+MPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8PgS:FH1IasL/l3Hnm","tlshash":"0a24612b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.192521Z","last_seen":"2026-02-27T06:28:32.066566Z","times_seen":4,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":39,"dns":0,"connect":0,"send":0,"wait":26,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/HBgPUrjG_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:05.999Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/HBgPUrjG_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 29021\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29021,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"b07e12ff81258aae9c9450f43fd1e913","sha1":"7b60a315d23dcb82cd21d39e45ac2bb2aa16cef5","sha256":"3eda7b369598ae555a777ace27549945b7b2c8b86cd7e45e27bace68a83242bb","sha512":"00f2c3d80eac18462a95eaf844d05cd3b829500564d1761c671eba71fb86774696377bce6b105660083f596cb85780df37ceaf08ca1dbc1ec77ebe18d893a7b3","ssdeep":"768:vwW75rgmpzYzxdDLRdjuJbvgUlnc2Qi/zqKP:vr5rtpzYV1zj8Bnc2Qi/zv","tlshash":"0bd2e01b2a2e310af20e7134249ee75169228e45af6053fdd2c8568e4b7d8d7e1c1f27","first_seen":"2025-07-27T03:00:44.127559Z","last_seen":"2026-05-24T05:09:21.776738Z","times_seen":13,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":132,"dns":0,"connect":0,"send":0,"wait":38,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/GR4VOP4Y_400x400.png","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.020Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/GR4VOP4Y_400x400.png HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/png\r\nContent-Length: 20144\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":20144,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced","md5":"0f19f56324be03ff5a2201984bbffb07","sha1":"3d0893b93c7581a70876637f0db215ce8a26726d","sha256":"18b83a9dc5998bcd4e6f651be238c83fb877dba1413608383ae190e79b261020","sha512":"e7e67783877b7595240ec6f2defd719a788725a795ce4ed4065138c95204c4ed17e12d63ff15e5e145c3687815c7f3f435c93cda80e27aeb2ca09b6c35ad8822","ssdeep":"384:oyyyl9guTfksQUCY7L3T3DmqkEnjfUIaKJnSOFNv4SmlyRDaHAbn99zjTQsKUSti:+QCe7L3TTmqrTaKJnDv4jlyRDKen99LD","tlshash":"5992e183877df97adee181970b3e191104a54f63019beb62a8bfcc54cdaafe18c50790","first_seen":"2024-12-14T17:23:34.683326Z","last_seen":"2026-05-14T23:38:41.631718Z","times_seen":27,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":64,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/index-2.html","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /index-2.html HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 212674\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":212674,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"c162709a8956416422a43312e07daf3e","sha1":"f23309819254dd5fab620b01a4bff63dd551644e","sha256":"1e27066f5dd61cba39d53bca6b92dac89d14dc0e147345ac71b9cbe7e9ff6fc0","sha512":"18abbd4d4ea2dc1a9a7eaaa0a0e61d294f1bf0907047b82c94e6a3b3a1d78df2f16559e58a32bf8109351eee4ace0adb6783e9ebb38588bd6ecf341e3141e2c9","ssdeep":"3072:FH1IbPg+MPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8PgS:FH1IasL/l3Hnm","tlshash":"0a24612b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.192521Z","last_seen":"2026-02-27T06:28:32.066566Z","times_seen":4,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/index-2.html","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /index-2.html HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/html\r\nContent-Length: 212674\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":212674,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (1023)","md5":"c162709a8956416422a43312e07daf3e","sha1":"f23309819254dd5fab620b01a4bff63dd551644e","sha256":"1e27066f5dd61cba39d53bca6b92dac89d14dc0e147345ac71b9cbe7e9ff6fc0","sha512":"18abbd4d4ea2dc1a9a7eaaa0a0e61d294f1bf0907047b82c94e6a3b3a1d78df2f16559e58a32bf8109351eee4ace0adb6783e9ebb38588bd6ecf341e3141e2c9","ssdeep":"3072:FH1IbPg+MPgIxskPgvvPgG+Pgf6PgZOPgxCPgl8PgS:FH1IasL/l3Hnm","tlshash":"0a24612b19f202566947a0b96bfb55597b2ad013f90edda07eec17a0cf87d40cd8278c","first_seen":"2025-10-08T14:22:04.192521Z","last_seen":"2026-02-27T06:28:32.066566Z","times_seen":4,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":34,"receive":67,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/css/unbound.css","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:05.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /css/unbound.css HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: text/css\r\nContent-Length: 19440\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:03 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19440,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bae59c8c360ca3174623d1fb058be5b8","sha1":"21ae681a1421f0f4ea1d3013ee5430399d7dae00","sha256":"45dbf060ec052a3b0ca5ae7211eaa27c950db65b019aa456e1e686a85f8a327e","sha512":"55e67eee7c669c45bf877f69ea7848b46ad660597da7ce607e90739b517a72822474a4cc81f85a413d8eaa9b7fb8b283c35e6425b69a82f20fd6a23c933f28dd","ssdeep":"192:edwdBjDdLNdLsI6dsdviuea/4dMdXxBd6d3aadpd0OEdWdjDyd1dQRddwdpD7djb:emnr2iwmBkHfqMUn2KbBeuHyu","tlshash":"b1920db1785461009d975e4b7bcb7c8e5c0ed4763314d42bafae48c09ea7aa353c4b8e","first_seen":"2024-02-15T19:50:00Z","last_seen":"2026-06-07T15:52:32.769949Z","times_seen":2463,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/AcFyj83-_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.017Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/AcFyj83-_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 22723\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22723,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"cd7fc0bfda17d96d66aa03c9dcc577b9","sha1":"a8ac822882e4abb0b283f97e69437b2f190c27ba","sha256":"bfa88db05b9e81bab8d248d315d0dcd76ecfa0a0085b623bc237e7c487653926","sha512":"9c0ad4b42b5ab784ded422ca9e900335f8855eccb6b4ed00dee81bd0c643ae0db882ef17dc4eb6acd3292b7fe640e65f9bb36663713f20426c15ea20a1a6ad5f","ssdeep":"384:sPw3bwKtY6FCBjKB9DWzyjfFc2Phk4DK8nILMCFLP+yGy2pWHK3+iheIhivF7DMD:swxtPFCBjKBBWzX2PhNK8nYFaJhpUs9r","tlshash":"b6a2e1da67d5591decac1136628e0b53e7089d10bf2ab7efd608c5b6bf3008272c3295","first_seen":"2025-07-27T03:00:44.150984Z","last_seen":"2026-02-27T06:28:32.10464Z","times_seen":5,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trumpbtc.top/img/hleMFwew_400x400.jpg","fqdn":"trumpbtc.top","domain":"trumpbtc.top","tld":"top"},"ip":{"addr":"5.189.161.88","port":443,"asn":51167,"as":"Contabo GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trumpbtc.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 31 Jan 2026 18:23:13 GMT","end":"Fri, 01 May 2026 18:23:12 GMT"},"fingerprint":{"sha1":"41:8D:C9:6B:BA:8D:BC:B8:D6:4F:2B:D3:F4:97:4A:BC:63:87:A4:89","sha256":"4C:38:61:E7:2F:C5:19:F7:BA:6D:FB:B3:77:F9:36:F9:33:DE:30:E7:F2:FA:BF:BC:89:88:4C:D5:14:00:5A:17"}}},"request":{"raw":"GET /img/hleMFwew_400x400.jpg HTTP/1.1\r\nHost: trumpbtc.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Fri, 27 Feb 2026 06:28:06 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 28596\r\nConnection: keep-alive\r\nLast-Modified: Tue, 21 Oct 2025 22:59:02 GMT\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28596,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3","md5":"039e6962ee1b59c189267549d56df3a7","sha1":"09c54ce00c834a866d34208d8557aee930afe293","sha256":"f8dd7c7c8fa688336342b4bb9682cb7e821fd56411144042e9c2ad5ceb22eba2","sha512":"88197fc47b7a5a62e464578a8c5c6397e8195d7296fded85d00d1b593d0387c61699ca1ae53c78e155a66ebf8558fb2a5f69db55bc44ad1fce8189602f9333a2","ssdeep":"384:s93R0CnKm/1Lb/NQwPbj7GxOhUIGE8DOmwMdMPw2487b43Go8wqi+Gf2Hf37vyp4:sR0CF1jbUBPdMoYb43GTni7U7a4xk0F","tlshash":"5cd2e0b67a625a66f01edb3e93a847249a6d4b372a77d4961174bf300cc88376590cc3","first_seen":"2024-12-14T17:23:34.688845Z","last_seen":"2026-05-14T23:38:41.681959Z","times_seen":14,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-27","alert":"Sinkholed","trigger":"trumpbtc.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.matomo.cloud/x2025.matomo.cloud/matomo.html","fqdn":"cdn.matomo.cloud","domain":"matomo.cloud","tld":"cloud"},"ip":{"addr":"65.9.46.84","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.matomo.cloud","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7B:9E:B2:8F:2C:21:F3:D8:CC:C3:78:9E:88:F2:FC:72:0C:FB:68:3A","sha256":"D7:E0:95:8B:B8:35:19:48:30:B8:87:D2:5F:82:0D:1D:DF:65:27:5C:9A:83:C6:2B:1B:9B:3F:9C:32:70:25:3C"}}},"request":{"raw":"GET /x2025.matomo.cloud/matomo.html HTTP/1.1\r\nHost: cdn.matomo.cloud\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: CloudFront\r\ncontent-type: text/html\r\ncontent-length: 0\r\ndate: Fri, 27 Feb 2026 06:01:17 GMT\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Thu, 02 Nov 2023 02:17:11 GMT\r\netag: \"d41d8cd98f00b204e9800998ecf8427e\"\r\nx-amz-version-id: x8CUW72Cdy4wRBv1lXTNc2XlWFvGGyiM\r\naccept-ranges: bytes\r\nx-cache: Error from cloudfront\r\nvia: 1.1 700671cc10acea065425b8871c537de8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN52-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: xJNWRmEBVIc844A3oU39NDjYiMbjoT10PoJlw1mjEdaGqBkp3Jz27w==\r\nage: 1610\r\nstrict-transport-security: max-age=31536000\r\ncross-origin-resource-policy: cross-origin\r\nvary: Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T18:34:13.800455Z","times_seen":16218517,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":36,"dns":15,"connect":12,"send":0,"wait":93,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glyph.medium.com/font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff","fqdn":"glyph.medium.com","domain":"medium.com","tld":"com"},"ip":{"addr":"162.159.152.4","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://trumpbtc.top/","date":"2026-02-27T06:28:06.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"medium.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 19:40:05 GMT","end":"Sun, 12 Apr 2026 20:40:01 GMT"},"fingerprint":{"sha1":"C6:3A:AD:02:32:02:0B:35:F3:D3:8E:F7:AE:57:DC:F4:4A:81:7A:36","sha256":"19:26:F7:CE:FF:F0:BC:78:94:80:58:67:AE:57:08:BB:2D:4C:45:F1:59:7B:93:76:42:09:39:D9:A3:B7:47:DC"}}},"request":{"raw":"GET /font/cf896f3/0-3j_4g_53_6bu_6c4_6c8_6c9_6cc_6cd_6ci_6cm/sohne-700-normal.woff HTTP/1.1\r\nHost: glyph.medium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://trumpbtc.top\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://trumpbtc.top/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Feb 2026 06:28:06 GMT\r\ncontent-type: application/font-woff\r\ncf-ray: 9d459ec3dd684c11-OSL\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Accept, Cache-Control, Content-Type, Cookie, DNT, Origin, User-Agent, X-Client-Date, X-Obvious-Cid, X-Opentracing, X-Xsrf-Token, ot-tracer-sampled, ot-tracer-spanid, ot-tracer-traceid\r\naccess-control-allow-methods: GET, POST, PUT, DELETE\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 86400\r\ncache-control: public, max-age=31536000\r\nage: 816447\r\netag: v2-cf896f3\r\nexpires: Sat, 27 Feb 2027 06:28:06 GMT\r\nx-envoy-upstream-service-time: 26\r\ncf-cache-status: HIT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nset-cookie: _cfuvid=2_R_.ujZbMGuHrg9dpVWjxIwTb_fbJoepCgtvgsQz8I-1772173686408-0.0.1.1-604800000; path=/; domain=.medium.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12829,"size_decoded":0,"mime_type":"application/font-woff","magic":"Web Open Font Format, TrueType, length 12829, version 1.1","md5":"3fd4604e778143bd3738f035c3cba4c0","sha1":"7206418142e71d52c27fd509971b310f606ed6fb","sha256":"0d63477fd28c0476d71f7d94269d37ebc13ee81002807b40bdcee28351da2019","sha512":"a36b58c6a3bcdd304fe073dc6953f98d050de36fe465555e0f01003cee30c1aff41c5d0d1781bdac1062caa9c7f94234a1a067ebf905398dc9bf38707834c0eb","ssdeep":"384:T/SNHfR/Cnw8vZ1HAorvZY0cSgE7Te5ZZcWi:TefdC/h1HFRY0c/EmDti","tlshash":"ac42c0d2933d5f10e50c6f3b81656f4586c2f68b499282eb1a6c311c176bb62c0e2cb6","first_seen":"2023-04-07T18:04:24Z","last_seen":"2026-06-05T01:47:37.873118Z","times_seen":2556,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":62,"dns":3,"connect":1,"send":0,"wait":32,"receive":0,"ssl":48},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}