{"report_id":"6d6718aa-78ec-4d67-839f-1f8f290fc063","version":6,"status":"done","tags":[],"date":"2026-04-15T06:04:00Z","url":{"schema":"https","addr":"aml-checks.icu/","fqdn":"aml-checks.icu","domain":"aml-checks.icu","tld":"icu"},"ip":{"addr":"89.124.78.7","port":0,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"final":{"url":{"schema":"https","addr":"aml-checks.icu/","fqdn":"aml-checks.icu","domain":"aml-checks.icu","tld":"icu"},"title":"Спин Сити казино и Spin City Casino — регистрация и бонусы","dom":{"size":32914,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2162)","md5":"d003c8cec3333ae6589f5d8d73195fa6","sha1":"1dfa0aba2ca059a64ae097e6d83339f97f49e693","sha256":"c32120d070d67244fa4f6910ed76e700521d0fd6621cf4e1433a3d2346c8f717","sha512":"bc65e63ef662a9ffa08c6cedcce6cad87118daa014ed02db1e4d7e57be7eb01585a1b6d7070ed42a325fdaa4a8a94ad20f3700e88ff35e49f43b4ad30360085d","ssdeep":"768:cZp4Q7PmJGAoDVy6w/QQIEr9K7BS2xbfENcfbYyJBP1cY:s4Q7PtHnENcfbJBP1cY","tlshash":"63e22e20568d64af5202f047e908ba0e3ce644fe7f6b676615b82cbf39e3474c639709","dom_hash":"domhash6080f64809b3916ac9ebb5a51e107599","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"aml-checks.icu/","fqdn":"aml-checks.icu","domain":"aml-checks.icu","tld":"icu"},"ip":{"addr":"89.124.78.7","port":0,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-20T06:04:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-15T06:03:39Z","timestamp":1776233019,"ip_dst":{"addr":"89.124.78.7","port":443,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"ip_src":{"addr":"Client IP","port":34756,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2026-04-15T06:03:39.124145+0000\",\"flow_id\":1184505444160926,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.5\",\"src_port\":34756,\"dest_ip\":\"89.124.78.7\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"aml-checks.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"f4febc55ea12b31ae17cfb7e614afda8\",\"string\":\"771,4865,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":3168,\"start\":\"2026-04-15T06:03:39.054686+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"aml-checks.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"aml-checks.icu","ip":{"addr":"89.124.78.7","port":443,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":2,"received_data":34478,"sent_data":926,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-12T22:20:19.752051Z","alert_count":0,"request_count":1,"received_data":19050,"sent_data":517,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-12T22:16:45.621325Z","alert_count":0,"request_count":9,"received_data":265955,"sent_data":4866,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"aml-checks.icu/","fqdn":"aml-checks.icu","domain":"aml-checks.icu","tld":"icu"},"ip":{"addr":"89.124.78.7","port":443,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"introduction_type":"scriptElement","is_inline":true,"md5":"ca5d8427f8e2d6b09962cb7c636860b9","sha1":"c50b8c9aaec3f835613bda584266349bdd9bd287","sha256":"259e1f55e0aea8c3096d683580ed29567bcacb64c7fb741d52c4c9b1b3823841","sha512":"f929e498e4a6eebff28646f32da4288da14a52954a59fc4ec91907ec62fa7523cdcd2b622c386cc5c327b285d7e199931d02d7c0f670fe16eb72b552669e58c3","ssdeep":"","tlshash":"c9d0720ce9603a3e08a7736282cf83faf1212082c4c968202735ccc90aac0001cb2fc8","size":290,"data":"","first_seen":"2026-03-23T23:55:25.8513Z","last_seen":"2026-04-15T06:16:00.196739Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"aml-checks.icu/","fqdn":"aml-checks.icu","domain":"aml-checks.icu","tld":"icu"},"ip":{"addr":"89.124.78.7","port":443,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-15T06:03:38.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aml-checks.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 08:36:52 GMT","end":"Thu, 25 Jun 2026 08:36:51 GMT"},"fingerprint":{"sha1":"85:01:06:F6:55:F4:D0:0B:E8:19:32:C2:EC:55:46:9D:C3:F0:34:E0","sha256":"5A:BE:41:64:86:4F:80:17:F1:86:F5:66:48:8D:34:06:E9:FE:B6:5C:47:0E:B4:99:54:DC:D3:9F:70:51:7B:F3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: aml-checks.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 06:03:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 9886\r\ncache-control: no-store, no-cache, must-revalidate, max-age=0\r\npragma: no-cache\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33224,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2243)","md5":"572df67495430dece9e451da93d4e1b7","sha1":"523e4519b16edb0526d334de3978afd5fa930ad5","sha256":"f10e835cbd2b18624052c8db11bc0f14de54a547faafd17c30f3e17da5fffd5c","sha512":"8bf7074026d4f7dfac8753b58db2aca0dc9d009b78723fd1895143f44caba5ed3390d81153afa7dfe47c75f37210d51f51ea48ff2387cdda2cdc631dfb714b05","ssdeep":"768:KZu4Q7PmJGAoDVy6w/QQIEr9K7BS2xbfENcfbYyJBP1c2:14Q7PtHnENcfbJBP1c2","tlshash":"27e22e60568d64af5202f047e908ba0e3ce644fe7f6b676615b82cbf39e3474c639709","first_seen":"2026-04-15T06:04:05.025973Z","last_seen":"2026-04-15T06:16:00.190306Z","times_seen":2,"resource_available":true,"data":null}},"time_used":366,"timings":{"blocked":152,"dns":84,"connect":29,"send":0,"wait":44,"receive":12,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"aml-checks.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Unbounded:wght@400;600;800;900\u0026family=Manrope:wght@400;500;600;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.415Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:38 GMT","end":"Mon, 15 Jun 2026 08:38:37 GMT"},"fingerprint":{"sha1":"C3:E4:BE:7B:38:DD:F1:59:DC:DF:FA:8A:48:52:C7:1D:D2:BF:F7:5E","sha256":"31:F4:52:B9:AA:C3:06:E9:A3:71:DA:02:A5:63:C9:78:CC:3A:04:07:E1:B4:42:F5:DC:BF:40:0F:BE:3E:6F:9E"}}},"request":{"raw":"GET /css2?family=Unbounded:wght@400;600;800;900\u0026family=Manrope:wght@400;500;600;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aml-checks.icu/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 15 Apr 2026 06:03:39 GMT\r\ndate: Wed, 15 Apr 2026 06:03:39 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18364,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"703f7f345968a6fc7be716fd228d6e03","sha1":"3977d79832ed24adb4e3b7763f39df63b853cbd3","sha256":"430d4a8565c4d87a866db230f8b894f30b76fb4fdf73d5d01460d9aa288d2be6","sha512":"90f0ad02c576a2ca229c73985cff6be392524a33da18cacd9c1873f24791f14599429ebdaab2b381a8efc9f654b95778621bc50b4fb861ed43f2734e08ec9739","ssdeep":"192:zJDEV3WW89RJ8rV3118+4JlOV3MM8b/JGNV3TT80uJHYV3668hSV3d2I8N4VJdsb:9wU+ME02EQ/tFLRJiuY","tlshash":"c4829a900027e504eb474cd237ce7e39ad4e61557442c5ba6bfe1c98adafd362329b0e","first_seen":"2026-04-15T06:04:05.029246Z","last_seen":"2026-04-15T06:16:00.194023Z","times_seen":2,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":103,"dns":1,"connect":21,"send":0,"wait":32,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/unbounded/v12/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/unbounded/v12/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 50928\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 13:15:00 GMT\r\nexpires: Fri, 09 Apr 2027 13:15:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 492519\r\nlast-modified: Wed, 10 Sep 2025 16:47:59 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50928,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50928, version 1.0","md5":"05d155aeb9312622bb55344a904c67a7","sha1":"7179f28585e79eb649070109ff59446ae8cadacf","sha256":"4b69ae920ef9fb5868c8255f5176e799e96d820db11a9e23da7de2ffd2af190b","sha512":"ce6260761e9fbaf82c95fe980b4bacc4dbbc96aecee4e5b70f7f57db488b29f7351c9a047be5a52de94a1e1bf05ffda15b4bd1ea59597d070ceda52ce51641d4","ssdeep":"1536:YavAFuYIsPewmVKgN/gy2DOZfOlgJeQ9nc:YavAcwmVK8x2yZf4gJeQ9c","tlshash":"2733028520f7291fc67232b74f68aaa4347163dea531d18e320970c8e9c665e6e3193a","first_seen":"2025-09-11T17:16:41.899057Z","last_seen":"2026-04-21T09:19:19.898054Z","times_seen":157099,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":289,"dns":2,"connect":19,"send":0,"wait":16,"receive":4,"ssl":248},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.611Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24836\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 12 Apr 2026 10:09:18 GMT\r\nexpires: Mon, 12 Apr 2027 10:09:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 244461\r\nlast-modified: Thu, 04 Sep 2025 17:08:28 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-04-21T09:32:31.852763Z","times_seen":17860,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":117,"dns":4,"connect":21,"send":0,"wait":17,"receive":12,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/unbounded/v12/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/unbounded/v12/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 50928\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 13:15:00 GMT\r\nexpires: Fri, 09 Apr 2027 13:15:00 GMT\r\ncache-control: public, max-age=31536000\r\nage: 492519\r\nlast-modified: Wed, 10 Sep 2025 16:47:59 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50928,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50928, version 1.0","md5":"05d155aeb9312622bb55344a904c67a7","sha1":"7179f28585e79eb649070109ff59446ae8cadacf","sha256":"4b69ae920ef9fb5868c8255f5176e799e96d820db11a9e23da7de2ffd2af190b","sha512":"ce6260761e9fbaf82c95fe980b4bacc4dbbc96aecee4e5b70f7f57db488b29f7351c9a047be5a52de94a1e1bf05ffda15b4bd1ea59597d070ceda52ce51641d4","ssdeep":"1536:YavAFuYIsPewmVKgN/gy2DOZfOlgJeQ9nc:YavAcwmVK8x2yZf4gJeQ9c","tlshash":"2733028520f7291fc67232b74f68aaa4347163dea531d18e320970c8e9c665e6e3193a","first_seen":"2025-09-11T17:16:41.899057Z","last_seen":"2026-04-21T09:19:19.898054Z","times_seen":157099,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":90,"dns":0,"connect":0,"send":0,"wait":29,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/unbounded/v12/Yq6W-LOTXCb04q32xlpwv8ZfvRQkSJZH09E.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/unbounded/v12/Yq6W-LOTXCb04q32xlpwv8ZfvRQkSJZH09E.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31396\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 14:41:51 GMT\r\nexpires: Fri, 09 Apr 2027 14:41:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 487308\r\nlast-modified: Wed, 10 Sep 2025 16:45:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31396,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31396, version 1.0","md5":"c0b6d60da574412c566fad21bdef4ea8","sha1":"829624d41f893c408eb216465b264239bae811eb","sha256":"648169b2446cfc17f3450aa3061ed58b68fbbf062a0a1811b8fce167b9f8f165","sha512":"71fd9292951a619af5ecb56ee8f4c2b9ef6a8cb15c800aca40e2770c62a8c803700922ef180529013b99b31ddf8b840b6bec0f9db206987e7dd50b2b1673fa96","ssdeep":"768:uxIdML0V8AJLWpvW9oOeckx3GKWx9stgrLWRLC:GPL0JJLWVWCh97k9ZvQW","tlshash":"16e2f1c10bebe99fc4c5577ab3490c98f7e91458289807b037cadcae1ca287955f874d","first_seen":"2025-02-11T21:57:21.432782Z","last_seen":"2026-04-18T15:42:25.381133Z","times_seen":255,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":51,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 12 Apr 2026 10:24:16 GMT\r\nexpires: Mon, 12 Apr 2027 10:24:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 243563\r\nlast-modified: Thu, 04 Sep 2025 17:09:13 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-04-21T08:47:43.430207Z","times_seen":2278,"resource_available":false,"data":null}},"time_used":559,"timings":{"blocked":283,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":257},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/unbounded/v12/Yq6W-LOTXCb04q32xlpwv8ZfvRQkSJZH09E.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/unbounded/v12/Yq6W-LOTXCb04q32xlpwv8ZfvRQkSJZH09E.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31396\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 14:41:51 GMT\r\nexpires: Fri, 09 Apr 2027 14:41:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 487308\r\nlast-modified: Wed, 10 Sep 2025 16:45:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":31396,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 31396, version 1.0","md5":"c0b6d60da574412c566fad21bdef4ea8","sha1":"829624d41f893c408eb216465b264239bae811eb","sha256":"648169b2446cfc17f3450aa3061ed58b68fbbf062a0a1811b8fce167b9f8f165","sha512":"71fd9292951a619af5ecb56ee8f4c2b9ef6a8cb15c800aca40e2770c62a8c803700922ef180529013b99b31ddf8b840b6bec0f9db206987e7dd50b2b1673fa96","ssdeep":"768:uxIdML0V8AJLWpvW9oOeckx3GKWx9stgrLWRLC:GPL0JJLWVWCh97k9ZvQW","tlshash":"16e2f1c10bebe99fc4c5577ab3490c98f7e91458289807b037cadcae1ca287955f874d","first_seen":"2025-02-11T21:57:21.432782Z","last_seen":"2026-04-18T15:42:25.381133Z","times_seen":255,"resource_available":false,"data":null}},"time_used":459,"timings":{"blocked":233,"dns":0,"connect":0,"send":0,"wait":16,"receive":3,"ssl":207},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggexSg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 24836\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 12 Apr 2026 10:09:18 GMT\r\nexpires: Mon, 12 Apr 2027 10:09:18 GMT\r\ncache-control: public, max-age=31536000\r\nage: 244461\r\nlast-modified: Thu, 04 Sep 2025 17:08:28 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24836,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 24836, version 1.0","md5":"938c6e8019b69313372c47dbb7a7c930","sha1":"b42951014c5eca12749d87a4706caf22dc4fe081","sha256":"a30ddcd349703aff7464c34bef3fffdff405ee50c113440d7c8693c02d210972","sha512":"5537c005cd8f321f26fe67f6292b3ec14e88ff4b2365311628dbbe4753e01e568f6881b9f2e7d71e8e6b2c261ed25f372829dd28f89f865ce574b4e1fec29614","ssdeep":"768:3KQaj5c95F1QmIwa55Go1COpZLpkkM46CU+YIC:ahj5cXow65xCM5pkkM468YB","tlshash":"a2b2f105ee49b3d4b276f1fcfa802884179282f27dabda8f3f2015981dd8e5b8d45320","first_seen":"2025-06-02T20:09:41.98255Z","last_seen":"2026-04-21T09:32:31.852763Z","times_seen":17860,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":111,"dns":0,"connect":0,"send":0,"wait":48,"receive":5,"ssl":84},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggOxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 14500\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 12 Apr 2026 10:24:16 GMT\r\nexpires: Mon, 12 Apr 2027 10:24:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 243563\r\nlast-modified: Thu, 04 Sep 2025 17:09:13 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14500,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 14500, version 1.0","md5":"e58febde317b69ceb51690ea201850c9","sha1":"d8fc94bf7a39043a7759bd564a7e16b3ea080736","sha256":"c268b459a9329e59fecf39a17618efd44c71735532048d60b12aab76a8c14914","sha512":"af17f0a6913d974bd7d38a060549dacd158c667abb08f830d44d302c1a1cb4f8106eeeb772d2b4066be2c5a1e763d26042c707343770f5e84b0f5165cab9d96b","ssdeep":"384:4VvSHMmDtGjtHrBRvGjLWPSNRXZpyJ+kC18bZ:4VvSsmDt6LBROj1RXZ4J+318bZ","tlshash":"8a52b05ef04e86f0b51f2a7ece5c6a1153725e56134f2e50e967b0c8c75e82a1e27142","first_seen":"2025-06-05T11:45:07.756161Z","last_seen":"2026-04-21T08:47:43.430207Z","times_seen":2278,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":114,"dns":1,"connect":30,"send":0,"wait":50,"receive":1,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/manrope/v20/xn7gYHE41ni1AdIRggmxSuXd.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 08:38:49 GMT","end":"Mon, 15 Jun 2026 08:38:48 GMT"},"fingerprint":{"sha1":"37:8D:19:21:5B:E0:E1:BB:D8:7C:65:74:CB:23:05:60:8D:DA:34:48","sha256":"87:F6:F5:DB:75:39:30:F7:7B:2E:F2:78:F3:AF:75:98:AC:41:5C:58:80:43:5D:A4:53:50:BC:D4:D6:F1:CC:56"}}},"request":{"raw":"GET /s/manrope/v20/xn7gYHE41ni1AdIRggmxSuXd.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://aml-checks.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15120\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 09 Apr 2026 05:45:52 GMT\r\nexpires: Fri, 09 Apr 2027 05:45:52 GMT\r\ncache-control: public, max-age=31536000\r\nage: 519467\r\nlast-modified: Thu, 04 Sep 2025 17:08:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15120,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15120, version 1.0","md5":"6d36d5bdedfabb5bbee2ab6b6ded3416","sha1":"1f62546fa0a051004f4faa3f40a4a8074a2e06ea","sha256":"3911b66d9f2e005a4b989223405d0e5032619c668597ba467cc76a23c8fffcfb","sha512":"21c425a24911d63daee9242105549805d53dbe91d463be1512949245d3c72769bd81b6a5617388776a204a45995a4365fb5dc0abc9b081f6abbb4018f36c2138","ssdeep":"384:BCX/6yjzk4RmmVzZQVIiSeYWsfTZW3xYuiM:BQ/2bm3QVd1YWB3X/","tlshash":"6162c0c2e4149ad6cea76175d373c84196d98ce0bdefa84098e32b414317b24bbdb7b4","first_seen":"2025-06-04T20:22:57.505569Z","last_seen":"2026-04-21T08:11:06.630744Z","times_seen":1199,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":98,"dns":0,"connect":0,"send":0,"wait":42,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aml-checks.icu/images/favicon0.ico","fqdn":"aml-checks.icu","domain":"aml-checks.icu","tld":"icu"},"ip":{"addr":"89.124.78.7","port":443,"asn":25441,"as":"Imagine Communications Group Limited","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aml-checks.icu/","date":"2026-04-15T06:03:39.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aml-checks.icu","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 08:36:52 GMT","end":"Thu, 25 Jun 2026 08:36:51 GMT"},"fingerprint":{"sha1":"85:01:06:F6:55:F4:D0:0B:E8:19:32:C2:EC:55:46:9D:C3:F0:34:E0","sha256":"5A:BE:41:64:86:4F:80:17:F1:86:F5:66:48:8D:34:06:E9:FE:B6:5C:47:0E:B4:99:54:DC:D3:9F:70:51:7B:F3"}}},"request":{"raw":"GET /images/favicon0.ico HTTP/1.1\r\nHost: aml-checks.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aml-checks.icu/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Wed, 15 Apr 2026 06:03:39 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 723\r\nlast-modified: Fri, 27 Mar 2026 09:35:00 GMT\r\netag: \"2d3-64dfe370805e0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":723,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"2648f109a159f0349a757899156976ab","sha1":"7c7343e4563e54811c508cb8e1dd04d5d25b6ebc","sha256":"69c9efde6cfebc306bd0dae2bf7d6a70e52407dc0cd52d47bd97c3ee00d5369b","sha512":"bd1f142e703c9f8912c62bf0a70c1ba8a054816515556d74cbec374ec34e89b007be7a5b78dbd86d91647e3c44eab10c7fab5bf0f88501857af52e9730e1ca57","ssdeep":"","tlshash":"4901dc318052502c7537d8b23690b64950998ca6f66b6f00a68b72bed9cb382aa5274c","first_seen":"2026-04-15T06:04:05.047257Z","last_seen":"2026-04-15T06:16:00.194787Z","times_seen":2,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-15","alert":"Sinkholed","trigger":"aml-checks.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}