{"report_id":"5ee77ec2-62de-4de2-8438-403bd41355f3","version":6,"status":"done","tags":[],"date":"2026-01-24T13:51:50Z","url":{"schema":"https","addr":"openrefix.xyz","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"openrefix.xyz/","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"title":"OpenRefix - Support","dom":{"size":196605,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (30790)","md5":"de7b92e442261101813239c2b9492d4b","sha1":"3cb436ab086c5ec90ae77078f15d495eac72586a","sha256":"2c0e7116724ff2a834f16e0a97c953612e47a45e4bfee96d0b595a3897d0a136","sha512":"a95584ae6224a9bf151fbc3f63079c73c6e92b3af703f8b9edbabd2e5a4ce8105a9319b49976e9d123472922e398a5c4445705c503abd149c61872b533ef094e","ssdeep":"3072:5IY9IYHhVFCB3aUBYVyc7XKOnd4DeIrMjmSMu7CMbst+21UUbstbg1nBbst0Z/1D:5IWIwA","tlshash":"2214da556992952b351741be2bd1d60939aaf043dcf6ed8cf1ecc0808fc3ebd9daa244","dom_hash":"domhash4808791451a5951cf09c4b389ce83612","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"openrefix.xyz","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-28T13:51:50Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"static.vecteezy.com","ip":{"addr":"104.18.35.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2007-04-27","domain_rank":196654,"first_seen":"2012-10-01T18:25:29Z","last_seen":"2026-01-22T12:53:14.887831Z","alert_count":0,"request_count":1,"received_data":25123,"sent_data":522,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-18T22:17:29.309663Z","alert_count":0,"request_count":3,"received_data":53195,"sent_data":1475,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"openrefix.xyz","ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-10","domain_rank":0,"first_seen":"2025-12-11T01:33:26.989363Z","last_seen":"2026-01-07T07:56:18.113038Z","alert_count":26,"request_count":13,"received_data":1357304,"sent_data":6123,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"SweetAlert2:11","description":"SweetAlert2 is a JavaScript library that provides customisable, visually appealing, and responsive alert and modal dialog boxes for web applications.","website":"https://sweetalert2.github.io/","common_platform_enumeration":"","icon":"SweetAlert2.svg","categories":["JavaScript libraries"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-18T22:14:28.232245Z","alert_count":0,"request_count":2,"received_data":98310,"sent_data":1108,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-01-18T22:30:25.777558Z","alert_count":0,"request_count":1,"received_data":80978,"sent_data":421,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"openrefix.xyz/dayjs-1.11.9.min.js","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0ee40a892e2777a817d480b7b8308682","sha1":"f66520464316aca0bd7733837db2faece3007767","sha256":"a7985c7ec203142b541345cbaa461bea40998e29acb345f71548ccc67202d5e2","sha512":"d5d400dfdfce3a3290663800961592274abf62b2db570ce92d9b336bfa6934ffca4aa88335e50576322ced6b2af6fe0110249f9fd9b2c416ca0aaa309f51d3f6","ssdeep":"768:PJQRGc5d1nOpx1nOpuFPy56Udp+VDKkCep0FLwCXY0EcK4LBecRX+f52oL716HDf:I1nOpx1nOpuFaEUduO4p0r//LBI8X6m","tlshash":"197381d9990bd2d18e5221ded433e909e4680ea3ceacf1a3ba2cddc1745df22c55317a","size":75143,"data":"","first_seen":"2025-12-11T01:33:34.633916Z","last_seen":"2026-01-24T13:51:59.647734Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/sweetalert2@11","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"0b7566399eb2f22c3bd0c00d2fcd083c","sha1":"394e3ed4f94a8281f65ba9a26bfe19b7a2519087","sha256":"dece79c79aef9e61d79ea2e5320d2ff3f60eb1e68c35d89317a23f08ac5c4151","sha512":"b7227e2290e66377e61ce500706c8556024f66b2fe83bae33514f220d7a83f3a699c9c2c18d9aa02b4ffc4844d1633ea68223fb8a55638be63bb3b24cdb862ed","ssdeep":"1536:Iwk6ey/PIZHo+DqA55l6DNJZ8VUwzIYbRd:te2Iqol6DNn8BIY/","tlshash":"e273f8916a04f03776bb45ae65d1e2047af99405fcb34854f42cc8804fe7d4f2ab7aba","size":79875,"data":"","first_seen":"2025-12-22T23:48:28.890392Z","last_seen":"2026-05-17T19:53:02.509395Z","times_seen":1249,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"static.vecteezy.com/system/resources/previews/026/626/282/non_2x/setting-icon-symbol-design-illustration-vector.jpg","fqdn":"static.vecteezy.com","domain":"vecteezy.com","tld":"com"},"ip":{"addr":"104.18.35.32","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.642Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vecteezy.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 18 Jan 2026 01:25:47 GMT","end":"Sat, 18 Apr 2026 02:25:32 GMT"},"fingerprint":{"sha1":"67:EE:E7:D7:61:A8:C7:E6:21:2A:E0:EA:5F:31:40:A5:BE:82:2C:B7","sha256":"ED:80:9D:E7:4C:14:30:56:AE:50:43:E9:30:C7:6E:35:40:22:13:8D:AC:19:65:8C:44:B4:5F:DA:65:4E:93:A5"}}},"request":{"raw":"GET /system/resources/previews/026/626/282/non_2x/setting-icon-symbol-design-illustration-vector.jpg HTTP/1.1\r\nHost: static.vecteezy.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 13:51:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23764\r\ncf-ray: 9c300182ab0a3181-OSL\r\ncache-control: public, max-age=31536000\r\ncf-bgj: imgq:100,h2pri\r\ncf-polished: origSize=27520\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"43d921004fc1481ce18a097ca20f5c96\"\r\nlast-modified: Wed, 02 Aug 2023 20:20:00 GMT\r\nvia: 1.1 809aab597f9b26cadc42a1c11dd373d8.cloudfront.net (CloudFront)\r\nx-amz-cf-id: rT7qQWqs4jgRGO7aoMtG6_Fx9gVbtN9WwShxCFYC6HP1u94ttx8nWQ==\r\nx-amz-cf-pop: AMS58-P2\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: leDr6pkK.uw0J..NUKuoL_amxJr19cPO\r\nx-cache: Hit from cloudfront\r\ncf-cache-status: HIT\r\nage: 715449\r\nexpires: Sun, 24 Jan 2027 13:51:29 GMT\r\naccept-ranges: bytes\r\nset-cookie: __cf_bm=trgSmiJlf9Yr9TpOIdYWScu4v8TaCdbBKh0KdJ3T1_s-1769262689-1.0.1.1-TXUNglHxoQip87WT.N6u8OQVvqbMy31S01vDrFOgq2sOBNQ4TtLVx3kKbaK8Ar9Mv5WFuhwFuCxc8Bfh23csOGZWnoy7fFsaEqT19f5aRik; path=/; expires=Sat, 24-Jan-26 14:21:29 GMT; domain=.vecteezy.com; HttpOnly; Secure; SameSite=None\n_cfuvid=nAP18yAwT0Cu.uDP.a2OZEB2rzyuRTxHQ5OgALDXb7s-1769262689724-0.0.1.1-604800000; path=/; domain=.vecteezy.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; preload\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":23764,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 600x600, segment length 16, progressive, precision 8, 980x980, components 1","md5":"ada3c8acfc930abecaf4426ea6c89cb2","sha1":"a4960ea81a582ab078897361b002e92145401ae1","sha256":"f6fb9f34a11ca62f0726eedfd44739c90d872e5ac8db0faac499890131d9d72c","sha512":"218d2b10339d36f5f6a7e3576ffb5dbe06704424dceab6282e8f56c3d844716ffb336e14774b0401a223b5a31b2cb60f0379988280f167a6fe45bb3fba6244ee","ssdeep":"384:sFNginJhlvoB+HqJBCJlo50JWVREzJNtKYNq3t/M5zwG9/GxmwAJiN4wWLI3r:M9njlv++KJiC0WPEzJjKYo4wG9uxmwsk","tlshash":"bbb2d16f8aa4889ac92c43392b3101b4d7f66590fe37065d43c22c563c31e55fdee2ea","first_seen":"2025-12-11T01:33:34.636384Z","last_seen":"2026-01-24T13:51:59.646821Z","times_seen":6,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":0,"dns":26,"connect":7,"send":0,"wait":21,"receive":2,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 24 Jan 2026 13:51:28 GMT\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4887,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3fd96ba77783845730c343cf00ac7a93","sha1":"bc4f7f4f71aeae387232155c55c4f031c5f3f769","sha256":"27b95b2fcbc857ba25f7e5a707c5c4c06c5cf93415519b7669c19f4045edca37","sha512":"20b137cf9c61842c7bad62dd6c36125833022552379ad97324dbee2c2e9cb0303b17a9aee813ea2bcdbb68541c8c6edbfecfcfb2858cf27c2cff480d756d80cd","ssdeep":"96:aYg4aMzqYg4aybFZHYg4agkYg4aUJ3vYg4aERYg4aYGJc+uTYg4aR6NDO4a3qO4L:vywfydyGy63gy/yFVyR73xpmj3U8fHN","tlshash":"37a1ed91006f9104ea431dd627cf7e32ad8e51956082e27d6ffd2dca6cdbd23122874c","first_seen":"2025-09-10T21:50:06.177565Z","last_seen":"2026-05-26T08:22:19.416566Z","times_seen":15461,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":92,"dns":4,"connect":23,"send":0,"wait":20,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 24 Jan 2026 13:51:28 GMT\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-05-26T08:21:15.128594Z","times_seen":27834,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":91,"dns":0,"connect":7,"send":0,"wait":19,"receive":0,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/fonts/fontawesome/css/all.min.css","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/fonts/fontawesome/css/all.min.css HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/assets/css/style.min.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: W/\"693a1788-1e6c2\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fkmMoI1u5fsH9tHSGolVqTZlf9OKe8VIeCgw63g74wTHFdNepExFToo43jLov1UNXzAnGUrTGCs1jeSnkfutNMH4gZqCrRjyv9adn%2Fw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c30017b2bc876ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":124610,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, ASCII text","md5":"4d2b8c5ff1d5e96f5bc5467d27d63f86","sha1":"b3b9292912af8933877b8af8e65c2d3b67818247","sha256":"140409861cadd6ef4b9245f2dc817c5995236292d44a565601e0107883d1c08a","sha512":"8ffa3c1d69224f4311957c3e6143b1dbfc2fe4fc0b1078d392e95e4576d6836a9ea01555c33d99140d079728a7a5a90784b1def4236b121b200ce0d8b9897179","ssdeep":"1536:4LmSmfmSmLmSmQvmSm8mSmnMVgocWJcliO1LpMiJCD3rDHrEGNGJ7h84oIKF:WoocWJcliO1LpxCD3rDHrEGNGph84oIe","tlshash":"76c36aacd4be18904319e485274fa340b335bbae9c494c5cf286be8ddbc167891c6bdd","first_seen":"2025-09-26T11:17:58.351796Z","last_seen":"2026-01-24T13:51:59.648656Z","times_seen":10,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:29 GMT","end":"Mon, 23 Mar 2026 19:52:28 GMT"},"fingerprint":{"sha1":"D2:3B:6C:71:A7:BD:CB:B5:56:D1:90:EE:91:17:19:0F:24:02:E5:93","sha256":"DE:C3:87:EA:0D:EF:DF:B6:5C:9C:CE:F8:48:EB:2C:CE:06:FC:22:FD:3A:57:71:FF:23:81:1F:16:8F:67:66:B6"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://openrefix.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 21 Jan 2026 00:01:19 GMT\r\nexpires: Thu, 21 Jan 2027 00:01:19 GMT\r\ncache-control: public, max-age=31536000\r\nage: 309010\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-05-26T09:21:03.077106Z","times_seen":269424,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":122,"dns":1,"connect":27,"send":0,"wait":57,"receive":22,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz//secureproxy.php?e=jscdn/getFile","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"POST //secureproxy.php?e=jscdn/getFile HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://openrefix.xyz/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://openrefix.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"9bzv1yke76rbofmle9yb\"}"}},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:29 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff, nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O3RH6xpoeLSylofykc3GmWjNnh9cOUWbRCrZRE9I6SNT%2FRZepZmJPc4SVkowsIra0Qmo8TBNRqEzLYUXoLyoJbJaoxPGhIM5Fahr7LM%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9c300181bd3376ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":155,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"1473e0fbeabc0536900184482e5d7208","sha1":"2ce769b93b1bde1292be3652c0be40932c333799","sha256":"43e8a4807c2054a6e8518c19131cdbde7f69242707b4564df707dee30065eb5c","sha512":"b6fd2c422f5a8a4cd7c9f3c5c136ca70a36cf3a8152aea5fd08a9d1f282fc0bc667b850bcc4b56c8cd6b91e907578f5eb6d1c9e93394c2d21b0398174267f658","ssdeep":"","tlshash":"c9c08cea20000201893096047ac222a824977b8a20e28a44ab82e027ecd461ac886188","first_seen":"2025-11-26T01:11:55.349732Z","last_seen":"2026-05-11T12:57:15.261304Z","times_seen":33,"resource_available":false,"data":null}},"time_used":75,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":74,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-24T13:51:27.664Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 13:51:27 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=agefsa7kM6Zau5HnFwUuHmP%2Bx%2FGvSZl4j0Uolpvv2UW%2FK6nQTggy675LlGMgA9%2FakBK%2BqtDaP3yv31A4AU8M9Ihgr4kGMGyinJ8B\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9c3001765d9856c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"SweetAlert2:11","description":"SweetAlert2 is a JavaScript library that provides customisable, visually appealing, and responsive alert and modal dialog boxes for web applications.","website":"https://sweetalert2.github.io/","common_platform_enumeration":"","icon":"SweetAlert2.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168743,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (30608), with CRLF line terminators","md5":"e04caaa6f99a43cd9a77f39a9550bda4","sha1":"51fb4accd81b8b1d32c79dfa30314e47a5abee79","sha256":"96ced1afba2cc706a61b08a1952e6fd0635dd61ee54a2c899c2dd0e1de457c8f","sha512":"1fa1f5241923c96efa338ca2d8c37f8ba001af325ec3c0c19d695ca8a755afa45cdd4eebe341d2ce45a144bed8965572ba76fdfaea065e5a016386b29ff15943","ssdeep":"3072:xIYQWM7Fj6owXsbgVfqgJ4pI4R9bK/2bS4tqx/6s4+ownM6s4buwWJ6s40ZNw4DR:xI8c","tlshash":"dbf3b815a980451b353b43fa67e1c60dfda77047dda6aa88b1fcc1814ff39a9cca7a40","first_seen":"2025-12-11T01:33:34.613436Z","last_seen":"2026-01-24T13:51:59.65056Z","times_seen":6,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":65,"dns":49,"connect":1,"send":0,"wait":249,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,700;0,800;1,300;1,400\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"216.58.211.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:24 GMT","end":"Mon, 23 Mar 2026 19:52:23 GMT"},"fingerprint":{"sha1":"43:39:AF:0A:74:F9:2F:1B:C0:1E:4E:89:21:30:C2:28:EC:9F:6C:67","sha256":"EA:F1:0E:C7:36:18:F3:9D:D1:D5:34:23:44:7D:6F:9D:2F:61:C7:81:09:9E:E9:C8:02:C8:F2:2C:0A:83:B3:A5"}}},"request":{"raw":"GET /css2?family=Open+Sans:ital,wght@0,300;0,400;0,700;0,800;1,300;1,400\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 24 Jan 2026 13:51:28 GMT\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":36142,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"c1f14431bcc1d758d9a60f21537ff8b7","sha1":"7cf60031bd07a7a44b993a725260cbe22414d8a8","sha256":"3dc4b3d3d8cc21df151abdad7e597f6018716f1af7b12b260913c4f9a503f801","sha512":"3f5f5476e9e1e35950d0992498f77ab811c047ebab16d89aa075fa2df5ef047dbca142e3d6baac51512f28e2ff5f55b5ffc2d00ae597be3082c9743343df0875","ssdeep":"384:+oOcL9tMTv9qY49OnL6dOhqqt5Iv0qY49HnQtSqqY49t5qY47uOqY4VptqY46:wdBIM8B+6hbCuVh","tlshash":"0ef20a9104171450aa435dd233de7e34ee0fa2616044c0baabfd8b9beedad6963b435c","first_seen":"2025-09-19T14:17:47.377692Z","last_seen":"2026-05-14T11:54:08.675552Z","times_seen":137,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":98,"dns":0,"connect":10,"send":0,"wait":21,"receive":0,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/sweetalert2@11","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.174.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/sweetalert2@11 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 21347\r\ncf-ray: 9c300179483d568b-OSL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 11.26.17\r\nx-jsd-version-type: version\r\netag: W/\"13803-OU4+1PlKgoH2W6mia/4Zt6JRkIc\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220042-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 32599\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=8cCyQZmg1tSLM2yzV9BjhMSMBh%2BujEIpOA8yjN3urgF9Ba0Vsbw1qUtPgHkjVFi3F0i4JkER3QBYMP6pTpGcvrPBL5k4b8kNbEHsmD2qi6XmKdOd9pIfWjYxIjniz8M4J6M%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79875,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48887)","md5":"0b7566399eb2f22c3bd0c00d2fcd083c","sha1":"394e3ed4f94a8281f65ba9a26bfe19b7a2519087","sha256":"dece79c79aef9e61d79ea2e5320d2ff3f60eb1e68c35d89317a23f08ac5c4151","sha512":"b7227e2290e66377e61ce500706c8556024f66b2fe83bae33514f220d7a83f3a699c9c2c18d9aa02b4ffc4844d1633ea68223fb8a55638be63bb3b24cdb862ed","ssdeep":"1536:Iwk6ey/PIZHo+DqA55l6DNJZ8VUwzIYbRd:te2Iqol6DNn8BIY/","tlshash":"e273f8916a04f03776bb45ae65d1e2047af99405fcb34854f42cc8804fe7d4f2ab7aba","first_seen":"2025-12-22T23:48:28.890392Z","last_seen":"2026-05-17T19:53:02.509395Z","times_seen":1249,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":2,"dns":1,"connect":1,"send":0,"wait":14,"receive":3,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/dayjs-1.11.9.min.js","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /dayjs-1.11.9.min.js HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: W/\"693a1788-12587\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=3,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XxHpMx%2BmAWcvXq5riTQ2EMBJQ46enWLMB%2Bb%2FmH1I45DgnZD%2BcpAD%2FUkgsvi6jz9CxBwK8zpSZrPNcfmZOnDnDnv%2BLu7QamtZ3%2Bd4uig%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c3001792b7776ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":75143,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"0ee40a892e2777a817d480b7b8308682","sha1":"f66520464316aca0bd7733837db2faece3007767","sha256":"a7985c7ec203142b541345cbaa461bea40998e29acb345f71548ccc67202d5e2","sha512":"d5d400dfdfce3a3290663800961592274abf62b2db570ce92d9b336bfa6934ffca4aa88335e50576322ced6b2af6fe0110249f9fd9b2c416ca0aaa309f51d3f6","ssdeep":"768:PJQRGc5d1nOpx1nOpuFPy56Udp+VDKkCep0FLwCXY0EcK4LBecRX+f52oL716HDf:I1nOpx1nOpuFaEUduO4p0r//LBI8X6m","tlshash":"197381d9990bd2d18e5221ded433e909e4680ea3ceacf1a3ba2cddc1745df22c55317a","first_seen":"2025-12-11T01:33:34.633916Z","last_seen":"2026-01-24T13:51:59.647734Z","times_seen":6,"resource_available":true,"data":null}},"time_used":372,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":329,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/img/blockchain.png","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/img/blockchain.png HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: image/png\r\ncontent-length: 136496\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: \"693a1788-21530\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wpi0v6MeheJPKRXHC9iRkGlkikgS%2Bze%2FA%2BtXMPV00NAVuw0Iaop9YGznKZPtJ01WlNO5vH4zZzqSNwzzw4l1gAZM8%2Fjyx1K7wSHdUwg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c3001792b7876ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":136496,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1474 x 1080, 8-bit colormap, non-interlaced","md5":"f2054c77225ffac0d9c9a40b98145fec","sha1":"50c83482eb95bfac682e9c3d4097f52d2fddb8c9","sha256":"81af134db0115302de413e812727ec7d3444bff6496cfe8197bf941ccc937193","sha512":"17f9ea2041f09d02cc8ef35503215475be4447645fe33a4a73794e8f295282961096fd79e9172b44285729ecfed51f7086c2b8e2c0e59bc1bd0236a53442db32","ssdeep":"3072:utUy7C4RpOkggKg+tAYQAfEzXQV+9x4ewjZPA+F3dfcwT:WUyG4RpObgKDqYQSEzh8ewjZd3ZcwT","tlshash":"2bd31231818c04e1ee7380fd3700576929cbc814d53e2e8ad45673f1a2f9d9d5ed9aae","first_seen":"2025-04-04T11:43:32.470017Z","last_seen":"2026-05-07T03:09:29.484012Z","times_seen":28,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":239,"receive":115,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/secureproxy?e=jscdn/getFile","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://openrefix.xyz/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://openrefix.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"9bzv1yke76rbofmle9yb\"}"}},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:29 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: origin, access-control-request-method, access-control-request-headers, accept-encoding\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z88QgbLH%2FY8veJZfayVV3pJPwY2NL4Q6LMtbLX25VmIqnd6GWhqP8Cc9R129qE8TTpXRyQX1Pz6zlMpYzoFykdQLF0xjMccdJFDiUNq%2FVdpnwg%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\npriority: u=4,i=?0\r\ncf-ray: 9c30017fbc8b76ef-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":28,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5f2dcc314f77c834f8a1dc091e77a698","sha1":"02ddc9e3c5026f1aeafa9098cb1ee9420a53e0f6","sha256":"ce58bf87319ddd62d94026ba708b11b1acdae99d417ad71e78385c5c48baeffd","sha512":"e5ffa46481a71e28bd2f56255d4e66e025bdc281820203e1f2e2cf92c43df8d5bab7824acf0942b788c184e7fcba92bed561ce9c6b96a30c508c89a6a6665437","ssdeep":"","tlshash":"3980000e0282020f0022a8b08ae82c300a8a038008228e280008a0080e2b0828c000cc","first_seen":"2025-12-12T04:00:11.329317Z","last_seen":"2026-05-11T12:57:15.308987Z","times_seen":37,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":221,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/css/style.min.css","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/css/style.min.css HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: W/\"693a1788-3980b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PpDmxmXrVQvKB4RfovLBiTRHUYZvagY9mh0cgFL2ysvS85f7xHteypJ8bLAP2uBProZR2dIxjlJBn4C2HKTl3BSU6usO8HOQ7N%2BLYdw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c3001792b7576ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":235531,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"2a840cc37077e021e665befce7472bc1","sha1":"c2f0860c055299e503d9d379485c222f8c3950bf","sha256":"ad92099852ae121cce3e66dcc146ea8379173b4435aca4298dd0e343b0d27f68","sha512":"43bc31a012ac0d2aaa59d100f2bd2cf229c731fe73b475a42f3ff54baa68706977957914df143b29796c49d7a65d4de881d51ee998a98e9038607c2e0d0ee6ee","ssdeep":"1536:T7EaccI7b3a/OI2/uo5RDeLJLa+uzxnA2V0YSqEJ9tnlxDyQbsnBMm1o0dykyIeF:LlQSLwIBtZbGBMm1o0cV1KHG","tlshash":"aa345311eae70946b41f852c6bfea764733c6043920acebc7fadb254cf451d856a1e8c","first_seen":"2025-09-26T11:17:58.330457Z","last_seen":"2026-01-24T13:51:59.642449Z","times_seen":10,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/fonts/cloudicon/cloudicon.css","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/fonts/cloudicon/cloudicon.css HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/assets/css/style.min.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: W/\"693a1788-3b14\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ohoM%2BD0gEv6rFcfboiS%2BHZ9ksRexZ6VvGBQOjb4a2yQIPcLAzj8eJ1UjUZdnPwnOZjD1N9tWS6%2B%2FIT7qK7EU02C4Apqc7z6h%2Fie1sFg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c30017b2bc576ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15124,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"4a3a715f27dc9398cde9de34ea947985","sha1":"fd172d93863d6edcebb40d514f7a3e2894faeebd","sha256":"33e0959d74a348f39b4a767a5a73135b965c6d0bea48766761ac84c5b6302372","sha512":"bda9c79ede6693520703d624d0d640937fefbaf1ccb0c448b5e737d6aff6005cb637d63881aa3b8d3a72581620a7eee2fe0d599da79ad69f9bad3d41f3bc0b34","ssdeep":"96:NByBmR+Jpm0h4WnQxCvBSAJlxff67HvCDMAAQTVCICiJlpfdjshwptCROdx6fUiY:rYmR+JD43oBSAXIT7QcIFp5sACRkxAUx","tlshash":"4f62a3a4d9bd1ca05309e0d5534ba640ff0cb29a9c861d1ff693fa4cbbe22145496afc","first_seen":"2024-08-19T14:39:50.23781Z","last_seen":"2026-04-15T08:48:23.267264Z","times_seen":12,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/css/bootstrap.min.css","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/css/bootstrap.min.css HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/assets/css/style.min.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: W/\"693a1788-3dd2e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S90YwqJcsP5EB5X0pU05UgUmyN6MrlngboWSnPFshgpo2Fviod4CX5kgu3jHnnS8GWLQMmlZTANCfsXBIRAGpDd1VJLxPvLy8vnyetM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c30017b2bcb76ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":253230,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (562)","md5":"18f68226861a265ada258e054d67dc4f","sha1":"5d3077a122a65078ec87b2f4e32b455b164ad836","sha256":"bffa5ce6da7127b9b5c6f68d8dc4e72dfb1855950896a9afb0fdf321427d0060","sha512":"f02057f7d36e7ef378cdb16f785eaa675a7aa7874dd3eddaf8229d8e0034d250ad42cf1582110b533ae7e43153a6d09b65e0e284a350ec9d73858eb9ee17b649","ssdeep":"1536:xPvrVwPnpZp1RNxvIUWZYPbB+f/BIYl7wRdOcwM0j:x0pZpPNxv+7wRdOcwM0j","tlshash":"1834425ae8f329ac0c57915966edaea9b3385083c719dd74b8cf3304cf492d15da2ec8","first_seen":"2025-07-02T09:46:18.842596Z","last_seen":"2026-04-09T11:56:01.175488Z","times_seen":59,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":323,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/secureproxy.php?e=jscdn/getFile","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"POST /secureproxy.php?e=jscdn/getFile HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://openrefix.xyz/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://openrefix.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"9bzv1yke76rbofmle9yb\"}"}},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:29 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff, nosniff\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\npriority: u=4,i=?0\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p9U%2BQfVFmBNxbtjkz1f%2FP%2FEM0XJMAeXbtdq6rrjD5uD%2FH89nZqsTMb9TFT2R4tBHqpDxVcdVr7yNqc0gnqiqhROsVZDXc2DeRP9PZQw%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9c3001813d1276ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":155,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"1473e0fbeabc0536900184482e5d7208","sha1":"2ce769b93b1bde1292be3652c0be40932c333799","sha256":"43e8a4807c2054a6e8518c19131cdbde7f69242707b4564df707dee30065eb5c","sha512":"b6fd2c422f5a8a4cd7c9f3c5c136ca70a36cf3a8152aea5fd08a9d1f282fc0bc667b850bcc4b56c8cd6b91e907578f5eb6d1c9e93394c2d21b0398174267f658","ssdeep":"","tlshash":"c9c08cea20000201893096047ac222a824977b8a20e28a44ab82e027ecd461ac886188","first_seen":"2025-11-26T01:11:55.349732Z","last_seen":"2026-05-11T12:57:15.261304Z","times_seen":33,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":69,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/styles/modal-12-seed.css","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /styles/modal-12-seed.css HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OWTX7Dnpk%2BUjhYsZk8CS4TqfjZ8Jvjy%2FTAaS1LbXn3N5d2v1mvvbcps3tYJdpHUZW6cXsLhfXbPW9MBVW80Rtv6yYT%2BDivKbXwa4U38%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9c3001792b7676ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-26T09:18:24.207164Z","times_seen":15719522,"resource_available":true,"data":null}},"time_used":345,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":305,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/fonts/evafeat/evafeat.css","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:28.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/fonts/evafeat/evafeat.css HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/assets/css/style.min.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:28 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: W/\"693a1788-3ed8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0IAJ3M%2B9Iv90xuFOjW1zZIA0LhXNKo6kV2cH4VWuLVzxgrXQN%2FQioJ%2Bx7ZMVLkvjbN08IwoDmP%2BfMHeyDJONEqW2S5SKxQ7WKBuNF2I%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9c30017b2bc976ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16088,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"b54a8fc7fdbcfc6663d60802fa5afbb6","sha1":"80d3c0be5a4452baa6eeb3ccadd4be5ede8f853d","sha256":"963888af6e3164f546d55792a2eb3db5ac47bf9b234ca5709e713cec32ef987e","sha512":"18c6f75814f5facf211e90c54a597afed59d37b121a96cbced16b5212afdffa907f8374ed3be95a61ded7e3c792fc7a930f18c29c482a1ec232b6a7d39489966","ssdeep":"96:7aemxtiRQxKLs04LBWZGmD47aNQpvCQAgzPeonu4e3rauC7ZC1AJCl/0LRRjFYhg:rGiywLs04SmQgD9jEaCGJCZ4kT6Z","tlshash":"5772c1a4ddbd0ca01319d4d1134ba600fb0db3a689260d5ef6dbfe8cbfc66144586aec","first_seen":"2024-08-19T14:39:50.238482Z","last_seen":"2026-04-15T08:48:23.24399Z","times_seen":12,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"openrefix.xyz/assets/img/topbanner1.jpg","fqdn":"openrefix.xyz","domain":"openrefix.xyz","tld":"xyz"},"ip":{"addr":"104.21.90.144","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"openrefix.xyz","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 11 Dec 2025 00:25:10 GMT","end":"Wed, 11 Mar 2026 01:21:43 GMT"},"fingerprint":{"sha1":"A7:E3:91:F6:E3:C7:5E:4F:57:7D:3D:46:BC:EB:D7:85:41:0A:C5:99","sha256":"17:26:F2:80:BE:DA:09:FF:B6:22:BC:61:60:F3:B0:BA:3E:06:F8:11:2F:0D:04:3C:58:E1:B8:9C:D2:0E:F9:0F"}}},"request":{"raw":"GET /assets/img/topbanner1.jpg HTTP/1.1\r\nHost: openrefix.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://openrefix.xyz/assets/css/style.min.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 24 Jan 2026 13:51:29 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 319830\r\ncast-mode: default\r\nlast-modified: Thu, 11 Dec 2025 00:59:52 GMT\r\netag: \"693a1788-4e156\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=algEA5jilSUyG3bcpNZMPNzKuOhbAassqGXVtMJknAdS56GVTNnvzEl864JGXcsbPbcrAZqMlWEVbRAWJA6gs7YbQutlabg23AzmaVQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9c30017f6c7d76ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":319830,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 3840x2160, components 3","md5":"ad1b517899dd4377d9b36e1f53b1f676","sha1":"4eba2ecb1e4d92049edffc17dd632f1a4f6aa86f","sha256":"9e49fd441a7ac4988a3dcf2f2170721ce6cd738499909e34b43f0bd2dba52dd4","sha512":"83986f2cc82ace55ea220b53956bcbb1e4630acf25e9d85105945c379a73861e4198eb0ef4d319738975f9863f83d4e04af5d9924ff32daee4a5cc1ad0aa65c0","ssdeep":"6144:EQpyNIJx1MnVemF4coyUdXW0NiU/rml81vJCjaJybYNtUFf:/y0xO1FxoJXW0Jrma1BCaTNCt","tlshash":"a864f153eb45d1e7c0ac537190cb2b257fbba8b683a2050367125639bca3758be19fc0","first_seen":"2025-04-01T12:09:20.901268Z","last_seen":"2026-05-07T03:09:29.482119Z","times_seen":57,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":175,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"openrefix.xyz","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://openrefix.xyz/","date":"2026-01-24T13:51:29.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 19:52:29 GMT","end":"Mon, 23 Mar 2026 19:52:28 GMT"},"fingerprint":{"sha1":"D2:3B:6C:71:A7:BD:CB:B5:56:D1:90:EE:91:17:19:0F:24:02:E5:93","sha256":"DE:C3:87:EA:0D:EF:DF:B6:5C:9C:CE:F8:48:EB:2C:CE:06:FC:22:FD:3A:57:71:FF:23:81:1F:16:8F:67:66:B6"}}},"request":{"raw":"GET /s/opensans/v44/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://openrefix.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48320\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 21 Jan 2026 00:01:19 GMT\r\nexpires: Thu, 21 Jan 2027 00:01:19 GMT\r\ncache-control: public, max-age=31536000\r\nage: 309010\r\nlast-modified: Mon, 15 Sep 2025 16:30:41 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48320,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48320, version 1.0","md5":"dcf31ebe107435bd68e0164d59e19b87","sha1":"b68160c9333af833fe483928b3ef7128c07a56a0","sha256":"d8e4fe0452aa2076429a9bb5d8757d00a994dd95986cf950e9a1a371b9a072a0","sha512":"130cd52c3cccc36a7029bf92b2ddb363b8b36d206454aacc246739919552fccec5cacbad615ba4ac3817da3e83239371fe51324bdadd08357e3495087f62cb08","ssdeep":"768:Jzqdwl5YV7FVmpudK5a8dF8D8Z7J78VGnNFZEKh02dmSTPe9UiallHcOEi2c0NC1:9q+SYuMaVwZ7oGRNh02dd6UialBcOEpE","tlshash":"1623f218f29471f7edecd4d500a18c72baa528d442f116ed07b8d53ca36ca817a729fb","first_seen":"2025-09-17T00:07:53.723302Z","last_seen":"2026-05-26T09:21:03.077106Z","times_seen":269424,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":117,"dns":1,"connect":28,"send":0,"wait":28,"receive":39,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}