{"report_id":"60d42fb1-857f-4d03-bdcf-29a9772c2f17","version":6,"status":"done","tags":["suspicious"],"date":"2026-05-04T09:06:05Z","url":{"schema":"http","addr":"cb-invoice.shop","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"cb-invoice.shop/","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"title":"Coinbase — Payment Receipt","dom":{"size":43286,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"7cdbd78d413082a0c5f9967280e536d5","sha1":"d71dfd50c4893db36906e029d0809726b505948b","sha256":"7bfdb12d2847c7d4af4bee90d870512b38cee7e2faee4beee99260a4c3d246d2","sha512":"4e6b9415487d3cb56dc0e88b39a8732cd03098e9bc344b0a259a27bf3b9762ac9e42eeb7ad3ac3d1f5d7ad00f495f700418e28c7d21207cedb52bc9b35e56bca","ssdeep":"768:i0bFwF+vir9Gux3OM42S75PBo+yROS0ep3LNk:i0bGAvir9G4RO6pbNk","tlshash":"c513923661bb11313893c2af679767593124b003f605c9683efdb3408fdc9a99863af8","dom_hash":"domhashc87da6b8c1f19f391ead0e8ddcebba6a","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"cb-invoice.shop","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":0,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-08T09:06:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-04","alert":"Detects file containing Telegram Bot API","trigger":"cb-invoice.shop/dist/index-BI0kv-hD.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"cb-invoice.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"pulse.walletconnect.org","ip":{"addr":"104.20.34.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-03-26","domain_rank":247907,"first_seen":"2023-10-09T08:23:11Z","last_seen":"2026-04-27T06:31:40.902865Z","alert_count":0,"request_count":1,"received_data":251,"sent_data":552,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.20.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-05-03T22:20:33.622142Z","alert_count":0,"request_count":1,"received_data":10794,"sent_data":474,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.20.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-05-03T22:17:40.953609Z","alert_count":0,"request_count":4,"received_data":197464,"sent_data":2220,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.coinbase.com","ip":{"addr":"104.18.35.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2011-07-02","domain_rank":27619,"first_seen":"2013-04-25T17:27:27Z","last_seen":"2026-04-27T14:21:52.053771Z","alert_count":0,"request_count":1,"received_data":1738,"sent_data":455,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"api.trongrid.io","ip":{"addr":"18.199.213.191","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-08-29","domain_rank":1479806,"first_seen":"2018-11-07T07:42:53Z","last_seen":"2026-05-01T05:54:32.430787Z","alert_count":0,"request_count":1,"received_data":28131,"sent_data":550,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cb-invoice.shop","ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-05-04T09:06:09.10109Z","last_seen":"2026-05-04T09:06:09.101091Z","alert_count":6,"request_count":5,"received_data":5961127,"sent_data":2213,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"cb-invoice.shop/","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"bb53805c048384d42f21a2e369b8cbe0","sha1":"ce9445df3706e28ccaf383a96d5f11acb4c68c90","sha256":"d96be7ea363b315a91b9d3012b2db413edf80e15410002778eb2fbba160e1457","sha512":"6bdd1935f7dc082f0223755db107c955c7622c912c48cfa4caa0e2d89d0413c60661044a94609aa8963feac7ea6d6bdff857791c871b0636758e65be9c44ff10","ssdeep":"","tlshash":"9f61ad68a1be23354ae392bf435b994572152007de44df487afc83589f54ea009b39f5","size":3186,"data":"","first_seen":"2026-05-04T09:06:15.81402Z","last_seen":"2026-05-04T09:11:29.392303Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/dapp.js","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"7d9955eefe932ff47653846fd6f9116e","sha1":"ca145ecfa713b2b90b5a99e43b1f19c8478b6a67","sha256":"a5b96173021d56e96a3fb84f1b766b5fb009cfe8cb260d1772a7443bca961bd1","sha512":"48ba5f0440a7b19d4b8d635707726f2ba8d2f43d0bf7cc834b601c9ca072a572a7d28510310a63f0757b09967fa279dd44ef67378141d2496cf798539cd061af","ssdeep":"","tlshash":"b5b0926a26921b3c182692552b789e016a7209a0498aadd045f83b26e77d14a9835c1e","size":125,"data":"","first_seen":"2026-05-04T09:06:15.809975Z","last_seen":"2026-05-04T09:11:29.380677Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/index-BI0kv-hD.js","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"4f6a0a8b4a2f81b40e341c9906733e55","sha1":"2a33c068b836bfb2545cd343420f2d13e022d42b","sha256":"0856231aaefde8c8653f8a2d84b058f934a8bd79c0019b8fbe1c456212a45697","sha512":"afa3242337370a607dd435ea98b7e9cb52021af4eefa079d9bbf58a8dc7ab58752e810bcfc8e7b6ef569de935656274210f968c2e86e10e02baa70d1f0180fbf","ssdeep":"49152:sx98Lrh5YoixdO9Gxg2gt5+3kP0wgXlnYXGksccgijfzciH6pCm9SMkffeXrPrhe:q08pv1o4hblbj","tlshash":"8156b4497bf720258323f0785a1fd805b239a80b154ddd587a8c92f46f495388bfafe9","size":5895557,"data":"","first_seen":"2026-05-04T09:06:15.816153Z","last_seen":"2026-05-04T09:11:29.393778Z","times_seen":2,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-05-04","alert":"Detects file containing Telegram Bot API","trigger":"cb-invoice.shop/dist/index-BI0kv-hD.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/index-Cr999Gfi.js","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"55ee68768bbc2cd6ea979c4c3de1a285","sha1":"0b43ca5a3351b68d709ce26e4ba4fa19a24a8c12","sha256":"a6426dbb370c4ca562006a694363278fce6174a98dc421653944b500c4e64986","sha512":"be4bfd7f72c8c408f22c2881d51b9569a2ff66db2130cff9a6dbf3f1320448de658379c6db775cb3c7334a5c339a4f32fd262f43acad9290432be41929496235","ssdeep":"192:KL9YH6SD4oRORTyLZArL5AyoHzFCD1O1X/n1EiC9w2i+OJmfXhK6v5w0n:GYH93Q6ZCD1Ox1HYG0n","tlshash":"af02316966fb44644347b06c1f2fe919a220809b650cc85c3ecc92b09f9d57acef6fd6","size":8280,"data":"","first_seen":"2026-05-04T09:06:15.803168Z","last_seen":"2026-05-04T09:11:29.385688Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"api.trongrid.io/wallet/getnodeinfo","fqdn":"api.trongrid.io","domain":"trongrid.io","tld":"io"},"ip":{"addr":"18.199.213.191","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:45.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.trongrid.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Sat, 24 Jan 2026 00:00:00 GMT","end":"Sun, 21 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"1C:A8:6F:3E:C5:B4:D2:B6:D4:CF:B7:3D:33:C8:01:91:CF:2B:0B:46","sha256":"E7:8C:E0:5E:57:9B:91:63:C3:47:CE:CC:C6:41:11:7B:C7:56:4D:E2:73:35:8C:D4:B1:B1:A6:6C:07:8C:36:50"}}},"request":{"raw":"POST /wallet/getnodeinfo HTTP/1.1\r\nHost: api.trongrid.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://cb-invoice.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 04 May 2026 09:05:46 GMT\r\ncontent-type: application/json; charset=utf-8\r\nserver: openresty\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27829,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"9f2f81688e85e291b497b830455e5f7a","sha1":"03b834db452223cc0888c1e7ceba0eaeb6c4bbc8","sha256":"a9311c7d445dedd5ee2ba215d802833449d3d42f0787a0c0c99b892c791f6aa3","sha512":"398c7f718f76ee3dc5cceb36271650e64e89e501b43b0adcab7030272807724e68070c742e6f77dbcf561074e516c4044671a449bdd9bc547726746f61b97fba","ssdeep":"384:xWeRw25utgA4xlxcx6xUxBxhxlxqxQx5xgxjx9QpxLx0xHxkxvxxOxNxRxcxdxlk:xWeRv5utgAOQM","tlshash":"3dc252840b364abbeb8173894c0335d34344392a5eda6f76c95cc9a8d999ff8734849f","first_seen":"2026-05-04T09:06:15.801959Z","last_seen":"2026-05-04T09:06:15.801959Z","times_seen":1,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":216,"dns":32,"connect":21,"send":0,"wait":75,"receive":0,"ssl":161},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/index-Cr999Gfi.js","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:45.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cb-invoice.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 00:44:58 GMT","end":"Sun, 02 Aug 2026 00:44:57 GMT"},"fingerprint":{"sha1":"AB:23:AE:B0:8C:82:94:3E:60:8E:BF:C4:55:06:39:C1:CD:17:3F:82","sha256":"E2:63:41:AE:ED:AD:E0:17:95:4A:43:29:2A:70:62:CF:A6:EA:CD:F2:DB:DB:3A:13:F1:78:FA:C4:5A:5B:54:61"}}},"request":{"raw":"GET /dist/index-Cr999Gfi.js HTTP/1.1\r\nHost: cb-invoice.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/dist/index-BI0kv-hD.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Mon, 04 May 2026 09:05:45 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 8280\r\nlast-modified: Mon, 04 May 2026 04:41:59 GMT\r\netag: \"69f82397-2058\"\r\nexpires: Tue, 04 May 2027 09:05:45 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8280,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"55ee68768bbc2cd6ea979c4c3de1a285","sha1":"0b43ca5a3351b68d709ce26e4ba4fa19a24a8c12","sha256":"a6426dbb370c4ca562006a694363278fce6174a98dc421653944b500c4e64986","sha512":"be4bfd7f72c8c408f22c2881d51b9569a2ff66db2130cff9a6dbf3f1320448de658379c6db775cb3c7334a5c339a4f32fd262f43acad9290432be41929496235","ssdeep":"192:KL9YH6SD4oRORTyLZArL5AyoHzFCD1O1X/n1EiC9w2i+OJmfXhK6v5w0n:GYH93Q6ZCD1Ox1HYG0n","tlshash":"af02316966fb44644347b06c1f2fe919a220809b650cc85c3ecc92b09f9d57acef6fd6","first_seen":"2026-05-04T09:06:15.803168Z","last_seen":"2026-05-04T09:11:29.385688Z","times_seen":2,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"cb-invoice.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pulse.walletconnect.org/batch?projectId=04697b467bf8c1909c0b1e1a4ced6a4a\u0026st=appkit\u0026sv=react-wagmi%2Csolana-1.8.14","fqdn":"pulse.walletconnect.org","domain":"walletconnect.org","tld":"org"},"ip":{"addr":"104.20.34.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:56.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"walletconnect.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Apr 2026 21:24:31 GMT","end":"Thu, 09 Jul 2026 22:24:14 GMT"},"fingerprint":{"sha1":"14:D5:ED:85:23:60:DF:07:0F:87:F6:27:31:48:57:E7:3D:EC:B3:51","sha256":"98:75:A7:34:74:35:55:95:78:E2:84:28:02:E1:7F:C5:BF:C2:D6:6B:1B:9E:63:9E:E8:16:BE:13:A2:E4:17:22"}}},"request":{"raw":"POST /batch?projectId=04697b467bf8c1909c0b1e1a4ced6a4a\u0026st=appkit\u0026sv=react-wagmi%2Csolana-1.8.14 HTTP/1.1\r\nHost: pulse.walletconnect.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 503\r\nOrigin: https://cb-invoice.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":503,"data":"[{\"eventId\":\"9d788651-5e2e-422d-8eab-d39d77c4d5e5\",\"url\":\"https://cb-invoice.shop/\",\"domain\":\"cb-invoice.shop\",\"timestamp\":1777885546231,\"props\":{\"type\":\"track\",\"event\":\"DISCONNECT_SUCCESS\",\"properties\":{\"namespace\":\"all\",\"caipNetworkId\":\"eip155:1\"}}},{\"eventId\":\"fe5215df-cf00-4c5a-bc3d-2c7386eeec49\",\"url\":\"https://cb-invoice.shop/\",\"domain\":\"cb-invoice.shop\",\"timestamp\":1777885546233,\"props\":{\"type\":\"track\",\"event\":\"DISCONNECT_SUCCESS\",\"properties\":{\"namespace\":\"all\",\"caipNetworkId\":\"eip155:1\"}}}]"}},"response":{"raw":"HTTP/2 202 Accepted\r\ndate: Mon, 04 May 2026 09:05:56 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9f6658b6ce5f0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"202","status_text":"Accepted","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T16:45:41.565486Z","times_seen":14744586,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":41,"dns":21,"connect":1,"send":0,"wait":128,"receive":1,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-04T09:05:43.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cb-invoice.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 00:44:58 GMT","end":"Sun, 02 Aug 2026 00:44:57 GMT"},"fingerprint":{"sha1":"AB:23:AE:B0:8C:82:94:3E:60:8E:BF:C4:55:06:39:C1:CD:17:3F:82","sha256":"E2:63:41:AE:ED:AD:E0:17:95:4A:43:29:2A:70:62:CF:A6:EA:CD:F2:DB:DB:3A:13:F1:78:FA:C4:5A:5B:54:61"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cb-invoice.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Mon, 04 May 2026 09:05:43 GMT\r\ncontent-type: text/html\r\ncontent-length: 43183\r\nlast-modified: Mon, 04 May 2026 04:41:48 GMT\r\netag: \"69f8238c-a8af\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43183,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"7ff1e4a3e7ed5120e135dfe1a4855390","sha1":"3246753dd37af7e23be63c0262ea27e34dbe695b","sha256":"4363ea9a0f386fe66e22c34d6472397ce1b4d331dc2fbfc4657e87babc31afca","sha512":"08b91d5fbc3efc6ab81c3a722bbe2c47c15489c338101cd9736952f844658d768a882314b43985081bc49f2d6b697e1db6bbdc51711708c593cf1fcd335e1d0a","ssdeep":"768:A0bFwFvS91ojuW3OM42S75PBo+yROS0ep3LNy:A0bGtS91ojNRO6pbNy","tlshash":"d613923661bb11313893c2af679767587524b003b605c9683efdb3448fdcda99863af8","first_seen":"2026-05-04T09:06:15.805363Z","last_seen":"2026-05-04T09:11:29.376487Z","times_seen":2,"resource_available":true,"data":null}},"time_used":252,"timings":{"blocked":92,"dns":26,"connect":25,"send":0,"wait":27,"receive":41,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"cb-invoice.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.20.170","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Apr 2026 05:19:27 GMT","end":"Wed, 01 Jul 2026 05:19:26 GMT"},"fingerprint":{"sha1":"E9:E5:B7:DA:0A:AE:59:02:EA:10:61:71:9B:52:3A:08:42:A0:67:A5","sha256":"F6:1D:CE:31:AA:9C:7B:58:1D:1D:14:96:99:B6:58:CC:FB:AE:D5:3C:F8:FB:40:E3:45:2D:4A:54:11:B4:E2:F3"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 04 May 2026 09:05:43 GMT\r\ndate: Mon, 04 May 2026 09:05:43 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"e85517dadd43448782d60d7f207fddce","sha1":"6cd31f870727ba8090fac9602b42524b4139a619","sha256":"88fbd0b95222be288587a149c324189ecbd8de0d6f0c94f528ec53857e52b66c","sha512":"5edc78df5bb062a9a2e1ea6724c14dd7eb80d77ea0fa9572de4bb0d52bbd0d163815b08a1ae77084f99fbefbb07715da1c61f0bb36fb498710c91387792955f8","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGx:vXuM0p2+4","tlshash":"04227792002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T18:13:11.065101Z","last_seen":"2026-05-06T16:47:37.47925Z","times_seen":24831,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":93,"dns":1,"connect":21,"send":0,"wait":32,"receive":0,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/style.css","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cb-invoice.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 00:44:58 GMT","end":"Sun, 02 Aug 2026 00:44:57 GMT"},"fingerprint":{"sha1":"AB:23:AE:B0:8C:82:94:3E:60:8E:BF:C4:55:06:39:C1:CD:17:3F:82","sha256":"E2:63:41:AE:ED:AD:E0:17:95:4A:43:29:2A:70:62:CF:A6:EA:CD:F2:DB:DB:3A:13:F1:78:FA:C4:5A:5B:54:61"}}},"request":{"raw":"GET /dist/style.css HTTP/1.1\r\nHost: cb-invoice.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Mon, 04 May 2026 09:05:43 GMT\r\ncontent-type: text/css\r\ncontent-length: 12319\r\nlast-modified: Mon, 04 May 2026 04:42:26 GMT\r\netag: \"69f823b2-301f\"\r\nexpires: Tue, 04 May 2027 09:05:43 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12319,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (12318)","md5":"840b48b5423f185a587be30e2a38a5c1","sha1":"d3381b7f05b604e2528320eeabee14b7c2ed2c89","sha256":"f5266b6ab619693e54ed9b758473e7de1dc0f4c0caf23ee2dfb654e2a004d826","sha512":"8113c88b7e79fb32e9a13958a2db210c39b384168d2d4908545dec1d66849d3882357a3f40fad3d60f150d14be0cd29188d5dffa4b95c19726bc4e4984f5453c","ssdeep":"192:nC9JycH9Jyw1wcjbZTsfzxLEKAXZ/bZNOrr:uwKZ/bZNOrr","tlshash":"3742109d95a0206a3c434cdfddd46d08b1192cd3eb29fbfab946030326f71a51be6207","first_seen":"2026-05-04T09:06:15.807485Z","last_seen":"2026-05-04T09:11:29.379988Z","times_seen":2,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"cb-invoice.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.20.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Apr 2026 05:19:27 GMT","end":"Wed, 01 Jul 2026 05:19:26 GMT"},"fingerprint":{"sha1":"BF:D8:14:32:18:86:B9:95:54:75:8D:F9:5F:29:DE:4E:F8:F8:F7:13","sha256":"0E:FA:80:0B:F4:13:81:81:4D:CF:50:35:5A:DD:DB:FA:00:0B:34:B2:2D:5D:28:08:E4:45:1F:2C:EF:D2:21:C2"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cb-invoice.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 May 2026 13:42:27 GMT\r\nexpires: Mon, 03 May 2027 13:42:27 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 69796\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-06T16:46:10.449933Z","times_seen":168402,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":59,"dns":1,"connect":8,"send":0,"wait":10,"receive":15,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.20.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Apr 2026 05:19:27 GMT","end":"Wed, 01 Jul 2026 05:19:26 GMT"},"fingerprint":{"sha1":"BF:D8:14:32:18:86:B9:95:54:75:8D:F9:5F:29:DE:4E:F8:F8:F7:13","sha256":"0E:FA:80:0B:F4:13:81:81:4D:CF:50:35:5A:DD:DB:FA:00:0B:34:B2:2D:5D:28:08:E4:45:1F:2C:EF:D2:21:C2"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cb-invoice.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 May 2026 13:42:27 GMT\r\nexpires: Mon, 03 May 2027 13:42:27 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 69796\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-06T16:46:10.449933Z","times_seen":168402,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":96,"dns":4,"connect":8,"send":0,"wait":9,"receive":4,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.20.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Apr 2026 05:19:27 GMT","end":"Wed, 01 Jul 2026 05:19:26 GMT"},"fingerprint":{"sha1":"BF:D8:14:32:18:86:B9:95:54:75:8D:F9:5F:29:DE:4E:F8:F8:F7:13","sha256":"0E:FA:80:0B:F4:13:81:81:4D:CF:50:35:5A:DD:DB:FA:00:0B:34:B2:2D:5D:28:08:E4:45:1F:2C:EF:D2:21:C2"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cb-invoice.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 May 2026 13:42:27 GMT\r\nexpires: Mon, 03 May 2027 13:42:27 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 69796\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-06T16:46:10.449933Z","times_seen":168402,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":66,"dns":1,"connect":21,"send":0,"wait":9,"receive":5,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.20.163","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 08 Apr 2026 05:19:27 GMT","end":"Wed, 01 Jul 2026 05:19:26 GMT"},"fingerprint":{"sha1":"BF:D8:14:32:18:86:B9:95:54:75:8D:F9:5F:29:DE:4E:F8:F8:F7:13","sha256":"0E:FA:80:0B:F4:13:81:81:4D:CF:50:35:5A:DD:DB:FA:00:0B:34:B2:2D:5D:28:08:E4:45:1F:2C:EF:D2:21:C2"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://cb-invoice.shop\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 03 May 2026 13:42:27 GMT\r\nexpires: Mon, 03 May 2027 13:42:27 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 69796\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-05-06T16:46:10.449933Z","times_seen":168402,"resource_available":false,"data":null}},"time_used":282,"timings":{"blocked":133,"dns":1,"connect":9,"send":0,"wait":8,"receive":4,"ssl":124},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/dapp.js","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cb-invoice.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 00:44:58 GMT","end":"Sun, 02 Aug 2026 00:44:57 GMT"},"fingerprint":{"sha1":"AB:23:AE:B0:8C:82:94:3E:60:8E:BF:C4:55:06:39:C1:CD:17:3F:82","sha256":"E2:63:41:AE:ED:AD:E0:17:95:4A:43:29:2A:70:62:CF:A6:EA:CD:F2:DB:DB:3A:13:F1:78:FA:C4:5A:5B:54:61"}}},"request":{"raw":"GET /dist/dapp.js HTTP/1.1\r\nHost: cb-invoice.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Mon, 04 May 2026 09:05:43 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 125\r\nlast-modified: Mon, 04 May 2026 04:41:49 GMT\r\netag: \"69f8238d-7d\"\r\nexpires: Tue, 04 May 2027 09:05:43 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":125,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"7d9955eefe932ff47653846fd6f9116e","sha1":"ca145ecfa713b2b90b5a99e43b1f19c8478b6a67","sha256":"a5b96173021d56e96a3fb84f1b766b5fb009cfe8cb260d1772a7443bca961bd1","sha512":"48ba5f0440a7b19d4b8d635707726f2ba8d2f43d0bf7cc834b601c9ca072a572a7d28510310a63f0757b09967fa279dd44ef67378141d2496cf798539cd061af","ssdeep":"","tlshash":"b5b0926a26921b3c182692552b789e016a7209a0498aadd045f83b26e77d14a9835c1e","first_seen":"2026-05-04T09:06:15.809975Z","last_seen":"2026-05-04T09:11:29.380677Z","times_seen":2,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"cb-invoice.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinbase.com/img/favicon/favicon-32x32.png","fqdn":"www.coinbase.com","domain":"coinbase.com","tld":"com"},"ip":{"addr":"104.18.35.15","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"coinbase.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 19 Mar 2026 03:43:54 GMT","end":"Wed, 17 Jun 2026 04:43:51 GMT"},"fingerprint":{"sha1":"09:0C:1A:6D:8E:CD:D8:59:2C:56:C0:BB:30:80:8E:F8:40:F6:B3:CD","sha256":"2E:F7:6F:58:95:1E:70:41:A0:8A:27:66:79:BE:73:05:AF:57:18:BB:7F:4F:4C:27:4B:19:43:C1:0E:19:3E:D5"}}},"request":{"raw":"GET /img/favicon/favicon-32x32.png HTTP/1.1\r\nHost: www.coinbase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 04 May 2026 09:05:43 GMT\r\ncontent-type: image/png\r\ncontent-length: 243\r\nserver: cloudflare\r\nset-cookie: __cf_bm=D.7YN60c3k6Ubeap7ZX19B5ELgK1UHsp7fND8ZdJzrw-1777885543.6845374-1.0.1.1-e2mL5HX39aKbJcNOmYDvTUq2iyBlj2nmwlYOb4ufEZt4kPlgnZ8c3HEUarQGKnODxR63cOxrOjdlT85W6DT8B1Gl1PXuuDLLp023K_f0hrUskgE8J7HGBVyhiZZkOamD; HttpOnly; Secure; Path=/; Domain=coinbase.com; Expires=Mon, 04 May 2026 09:35:43 GMT\r\ncache-control: public, max-age=7200\r\ncf-bgj: imgq:100,h2pri\r\naccept-ranges: bytes\r\ncf-polished: status=not_needed\r\netag: \"b908e90a594eb64bfe62f8ce6fa87880\"\r\nexpires: Mon, 04 May 2026 11:05:43 GMT\r\nlast-modified: Tue, 21 Apr 2026 15:45:30 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U5zV4OWeKOgLLqDMqkeUYc4FI7gEnuoZtaey8ue51uWuh5qdbldJY%2Ff73TqIW0N1ErPjWgzviiXuS%2F6fF1dwy60qraBmgcaqogmygvHScupe%2FOP508ZQdLpTZudDJxrx6ti9UACX39yUs9ps\"}]}\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ntrace-id: 6589097950394854131\r\nvary: accept-encoding\r\nvia: 1.1 3eafe3d97ea450434f79b0d32e70a916.cloudfront.net (CloudFront)\r\nx-amz-cf-id: cPuqWDr8XsCuBEbZjabnEGdQLUtlYT6ciGXjwITkY3DFqGArFAR5kQ==\r\nx-amz-cf-pop: IAD61-P4\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: null\r\nx-cache: Miss from cloudfront\r\nx-content-type-options: nosniff\r\ncf-cache-status: HIT\r\ncf-ray: 9f6658680a730afa-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":243,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"b908e90a594eb64bfe62f8ce6fa87880","sha1":"b7a5077499f7ea3366cc0e92a9e58ca11681c6e2","sha256":"fd506f149c30cb8d7757f7f2704b69ace2907a1fff349589d2f9e23c036a9f2a","sha512":"9fdaca034983c22802cfaea280ccf2b36bf0af7f179a588b33af5ce1b54a6f3dd2baee291c16683b53568ea8ed76675baa10d113fa10251888f1410a90cbac65","ssdeep":"","tlshash":"f6d097a783448d2e82af923c9b318024feb73320f026d808000bad37925355b83cc6a2","first_seen":"2026-03-22T20:12:19.711591Z","last_seen":"2026-05-04T21:56:58.633703Z","times_seen":6,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":43,"dns":21,"connect":3,"send":0,"wait":52,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cb-invoice.shop/dist/index-BI0kv-hD.js","fqdn":"cb-invoice.shop","domain":"cb-invoice.shop","tld":"shop"},"ip":{"addr":"185.231.223.181","port":443,"asn":0,"as":"","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://cb-invoice.shop/","date":"2026-05-04T09:05:43.997Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cb-invoice.shop","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 04 May 2026 00:44:58 GMT","end":"Sun, 02 Aug 2026 00:44:57 GMT"},"fingerprint":{"sha1":"AB:23:AE:B0:8C:82:94:3E:60:8E:BF:C4:55:06:39:C1:CD:17:3F:82","sha256":"E2:63:41:AE:ED:AD:E0:17:95:4A:43:29:2A:70:62:CF:A6:EA:CD:F2:DB:DB:3A:13:F1:78:FA:C4:5A:5B:54:61"}}},"request":{"raw":"GET /dist/index-BI0kv-hD.js HTTP/1.1\r\nHost: cb-invoice.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cb-invoice.shop/dist/dapp.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Mon, 04 May 2026 09:05:44 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 5895557\r\nlast-modified: Mon, 04 May 2026 04:41:56 GMT\r\netag: \"69f82394-59f585\"\r\nexpires: Tue, 04 May 2027 09:05:44 GMT\r\ncache-control: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5895557,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (944)","md5":"b443424980cba0582f0a7e159527b6e0","sha1":"9a39486d8b23d80ae95f6591b05e09f7b8140199","sha256":"0c54fcf9258685abe303fa8ce019fa2b8e460d58f27afc4e7dbc59aec9a7b14b","sha512":"6da70d5a163e25d2215f5aeeb89321e793dea52fd34def897407edec99ac21df070159e5e53257f95777f9a3bbd2f786b5faaf7bd654d637f050b1244c05cae1","ssdeep":"24576:sM4LN94NGX6AAOqdYqY98Lrh5YoixdO9Gxg2gt5+3kP0wgXlnYXGksccgijfzci2:sx98Lrh5YoixdO9Gxg2gt5+3kP0wgXlk","tlshash":"f2255f896af761319663f0394b6fdc85b2399807064cee55398cd2a46f4843887fbbdc","first_seen":"2026-05-04T09:06:15.812745Z","last_seen":"2026-05-04T09:11:29.38446Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1089,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":32,"receive":1057,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-04","alert":"Sinkholed","trigger":"cb-invoice.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}}]}