{"report_id":"730124af-2b43-453e-bac0-dacd92871f45","version":6,"status":"done","tags":[],"date":"2025-12-07T22:30:05Z","url":{"schema":"http","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"172.67.207.19","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"title":"T-Mobile Tuesdays - Get Free Stuff \u0026 Great Deals | T-Mobile","dom":{"size":112047,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"b0ea3100990815c3484a2aca6d06446b","sha1":"68e5a23a8073ec90e2151156de9cea9cfe9d981d","sha256":"df87f8b2a5618f0b1a1533950d0cf78e93f23670064c74912e95faa658886a2a","sha512":"9da4fe0b8a29543bca008f374ad35d5b4eee0b4213b61f664a0294c97f4eeb1a922c322491dfb6a8f5727ce2b47fec9782a037789dd63a4b388b9b4a5c5cbcd7","ssdeep":"1536:0j91yw7fIWQ2xfGXB+Sw7Nmq2pp8r8jWwsH97pijUOMOgO8OEOoOMOIOMOdrjw:y/yw7fBQh+Sw7NgWwsVp0fw","tlshash":"3fb3e771b194303380174fe9fa78ee89a2b3f65acf493556a6e4537423c7c71780aa6c","dom_hash":"domhashf2fb4526189124f93a1ecaa967af03dc","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"172.67.207.19","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-11T22:30:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":2}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-07T22:29:42Z","timestamp":1765146582,"ip_dst":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.10","port":34488,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO Suspicious Domain (*.icu) in TLS SNI","source":"{\"timestamp\":\"2025-12-07T22:29:42.311453+0000\",\"flow_id\":1852677090090994,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.10\",\"src_port\":34488,\"dest_ip\":\"104.21.37.101\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2026889,\"rev\":4,\"signature\":\"ET INFO Suspicious Domain (*.icu) in TLS SNI\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_02_06\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"tls\":{\"sni\":\"t-mobile.xchty.icu\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":789,\"bytes_toclient\":1654,\"start\":\"2025-12-07T22:29:42.303090+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"t-mobile.xchty.icu","ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-04","domain_rank":0,"first_seen":"2025-12-07T22:30:05.629201Z","last_seen":"2025-12-07T22:30:05.629201Z","alert_count":50,"request_count":25,"received_data":1937089,"sent_data":11112,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"ipapi.co","ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2025-12-01T20:02:24.01227Z","alert_count":0,"request_count":1,"received_data":2483,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7d61a91bc78674ba0a29f25feff50ab1","sha1":"e4181c82811756b0c116df2b1614cc7bc865e629","sha256":"a79b3caa6ae4239ff4cbbdda62156395e3c84b52042f55646b752b184b654c32","sha512":"02bc73e448bf1ca3ed4f228ff77ccb97852a390ad6ff9597c7cb7474fef8d61467a6a9e510f3b223fdebcc2e22d07f605b33c9d2b50bf52039e2ec331899211f","ssdeep":"","tlshash":"e48004d530c350004757115400571ccd5134447014444d514040f4511c55030711545c","size":34,"data":"","first_seen":"2023-04-12T05:34:22Z","last_seen":"2026-04-05T13:51:44.375886Z","times_seen":12189,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"fce2d9e837b91d0f6748926e1b995369","sha1":"e66021b0695fa83a7664119ca128941244fd6867","sha256":"a7e952a25efb7642469d1335a47dd44f7cf123d0dd160e6e2c346cccba6ddcd5","sha512":"a24c5af58d1fd34d1b7049445b709ec6c8524644dad38fb596ef343b24d0ac04f42bacb4e67dfd0cf1c4a9ccd62fe451d17b69863be2b13d74f44e153e8afddd","ssdeep":"","tlshash":"9e814673e9add83dfd4b5aa35764bea1ec5c10b4d36449ce9e988c2851cd3200b1aa1f","size":3924,"data":"","first_seen":"2025-11-01T19:42:23.014854Z","last_seen":"2026-03-25T15:31:57.110078Z","times_seen":5564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"b8232b3f1db81af2da3aeb49a6603660","sha1":"0849514de26a09e9df05c68b914e8d1be0a10510","sha256":"ab040c8be574d3d7481bdc9fb32295ef4d0110a1ae84cb31bd4d7ec258252a04","sha512":"8a2a21ada6256b7772076155476a72d7e8021600855605dfaae7b83cf7556d2c89b0928aa500e059959f907c89621af10c32498e8998d2c21f323abe63a92eb5","ssdeep":"","tlshash":"53f0dd22a6edbc95ea872c521441bfb1a40d407443b8ceee8606cc6400b72706b2e17f","size":647,"data":"","first_seen":"2025-11-01T19:42:23.022424Z","last_seen":"2026-03-25T15:31:57.110589Z","times_seen":5564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/vue.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a9b6fe71cb7cfcd689e1ef345aefba51","sha1":"5c39dfc37fc42400e4b4557db956f3f218a90ca7","sha256":"159f0ac0c8f517aaa736003b6e13ebc959b5f7129db87e4e56bf2eec8d6d02d7","sha512":"6172c62ec4018b01cf1cb08003d9e96568400d4b071028e467bd43d6ecd3d87a68a7cdbf78b9e615be9bd23a3ca4ae13d00bb48361444eb44935b945ff8e99cd","ssdeep":"3072:ViOkNK65nfn78CNzdlvdMvCCaNPdg7p2POCCnTlpsefhlDJsYB3lY5TxbMeBUw3k:VU9gCNHvdxPdg7cInToEw7BpyXq45","tlshash":"df74a45db9f322a25a5370b94bafa449b278c0130508ce907d8dd3a46f9053857fbfe9","size":342147,"data":"","first_seen":"2023-03-07T12:01:43Z","last_seen":"2026-03-30T05:24:48.21987Z","times_seen":2792,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/check.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aa123fdcf02f3eb1ca1635a1a0cb32fd","sha1":"4957e4b6d878556173d37821b4135cfd4f5a0fd4","sha256":"20e89be048f166acf3c38ba7373b6ca7087ad003982c49b084f22e7101a71ccf","sha512":"fbf664d1f2512cc384ae88003c0e78a6bd68edab977370362897901dd4c3b5ee69673a370b7f42ea473d192858031673216f54e1285044bdc2e5cd91e9e1336f","ssdeep":"768:H9n57T7yFi6yjFKTSdJnwO1gQMmVZkj+yOe6gWukXXmoPLOZ50SbBrSWJ3P+3WAz:XJBFdoICJDu","tlshash":"8de243013ed47644234aab7b7f1ef0e5e52e086b2888088ee159fd55fa61717f2f1a34","size":33812,"data":"","first_seen":"2025-11-18T14:57:05.768722Z","last_seen":"2025-12-09T03:28:21.001601Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/common.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd66b75ebf83065eaaae58a0ab2032b0","sha1":"53dddaa5dc1a975b776b61ac255e7847f8932dab","sha256":"adf4a58e4c570b3d1b41ebf36dbe20a3831221f7730fdf59508ad861ff208b5b","sha512":"8416928b01e3976aeb804a99f9fe72ba2f1c1f61324f4ed1cf9bc74f7a8687e56cc35716dfa457f9c9aeb3d3ab4f1e3def9d7fb4393559e0d239ac197eb6564e","ssdeep":"","tlshash":"8a113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","size":997,"data":"","first_seen":"2025-11-10T18:13:28.354747Z","last_seen":"2026-03-25T15:31:57.083285Z","times_seen":5293,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"bc61aa425a2f0c8cd1d431ebe31c5372","sha1":"802ff4471f0c998a869c848475b4b6e93841dc50","sha256":"a6d4dac18574a675af7c04e88bb0d2fc3f38ba2415b9e64d37ecf0c187a25d29","sha512":"aae7b903b4209773670848c463606c8d2cdc83fee43017308bdedc23515400d088c48f6b72d518ff406897944927f60770e9eba3261d8e2b2cd9e99ea6804bd2","ssdeep":"","tlshash":"afe0c22220a590794c6be34741396e21a1c900ae8d101c8d72ae698cc2d7134172a09e","size":299,"data":"","first_seen":"2025-11-01T19:42:23.021339Z","last_seen":"2026-03-25T15:31:57.112678Z","times_seen":5564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"101afb782314a129cb78bf169052558a","sha1":"13107abdc740c40ff8eb96d4403ad9513e1e1bc9","sha256":"aba7ccb32f8a6da1c897ac179fd3b06f3facb8f68abbea5c29076e469e001199","sha512":"e726537ceca1f72fc444a6ff73ad38569f1c1ad9a037a6546484bf89cb0978266e6303ecc420f9c1e63e41184cd49d42131ea971098a1a84ac5a843cf86ce9a8","ssdeep":"","tlshash":"13b01255e2bb036f32c4a673d4d146080e4d43627123f45c168cf9f0240c090248db21","size":108,"data":"","first_seen":"2025-11-01T19:42:23.019097Z","last_seen":"2026-03-25T15:31:57.111097Z","times_seen":5559,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/axios.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1eb8e8e2284670dc214a3e70c25992b8","sha1":"94ece417aa560aa8de906e8f54c0985da90364cc","sha256":"96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455","sha512":"ae6cce74fa46a0ee1b00245f7da885ace7bd608d96152f3b4d9b2c1e66d53cbf5c1f298d1eb60cdf4a17a14296edc2fec63c22a7cf968025911ebe9272f7d49e","ssdeep":"768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k","tlshash":"0a1385c6fbd57803b51630a98e8f754a76b4d05374046ca5bc4cb9e83fd883c86e6a89","size":42736,"data":"","first_seen":"2023-03-08T19:53:18Z","last_seen":"2026-04-05T09:53:04.309739Z","times_seen":16984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e83770bba1fb570e7db9c38a4d6f0683","sha1":"d87b082a227a0b17c7f0110a8c02e36156406e6c","sha256":"9aa51f85c6a99e2398b4265c45731905e809b1e6d4d5efaa18e2657e980eea57","sha512":"dda12b340b76b6eedebf796af498f635014dd26161552c4becb051d6a8412e916439e6313cad0b2f39d46166b39fc10112d0a40ea0f10bcdb38428785ba6a72e","ssdeep":"","tlshash":"0ab0125a7cea1151419752f896de3c841cb4117cb550ce504010fc823c485a569b629c","size":103,"data":"","first_seen":"2025-11-01T19:42:23.017954Z","last_seen":"2025-12-10T00:32:49.80437Z","times_seen":503,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"5cf76391fea1d57ab5a581e5e4aa3971","sha1":"bc2dce161506cd85282fd1bf227a95cc7b9b4b16","sha256":"2363f0b2d9be94768dc08ac030377b81038a126a561bb0639447a791606001b1","sha512":"afdc4c6240294f60ffd204e0c7e784aee7ebca9e76ba16f41e38ff1be094e053160abfa84404e8271b37a22307ddde504ad400365eec030918a833c4d71ca840","ssdeep":"","tlshash":"f0f059b22ace88308a4b05f21628fe239235009ae9d1dc49186d5c6447da7102b484ad","size":500,"data":"","first_seen":"2025-11-01T19:42:23.020181Z","last_seen":"2026-03-25T15:31:57.111582Z","times_seen":5564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/common.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cd66b75ebf83065eaaae58a0ab2032b0","sha1":"53dddaa5dc1a975b776b61ac255e7847f8932dab","sha256":"adf4a58e4c570b3d1b41ebf36dbe20a3831221f7730fdf59508ad861ff208b5b","sha512":"8416928b01e3976aeb804a99f9fe72ba2f1c1f61324f4ed1cf9bc74f7a8687e56cc35716dfa457f9c9aeb3d3ab4f1e3def9d7fb4393559e0d239ac197eb6564e","ssdeep":"","tlshash":"8a113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","size":997,"data":"","first_seen":"2025-11-10T18:13:28.354747Z","last_seen":"2026-03-25T15:31:57.083285Z","times_seen":5293,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/axios.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1eb8e8e2284670dc214a3e70c25992b8","sha1":"94ece417aa560aa8de906e8f54c0985da90364cc","sha256":"96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455","sha512":"ae6cce74fa46a0ee1b00245f7da885ace7bd608d96152f3b4d9b2c1e66d53cbf5c1f298d1eb60cdf4a17a14296edc2fec63c22a7cf968025911ebe9272f7d49e","ssdeep":"768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k","tlshash":"0a1385c6fbd57803b51630a98e8f754a76b4d05374046ca5bc4cb9e83fd883c86e6a89","size":42736,"data":"","first_seen":"2023-03-08T19:53:18Z","last_seen":"2026-04-05T09:53:04.309739Z","times_seen":16984,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"4c2473378df4cd49d4a1ca04238db86e","sha1":"31693b849f3f184436588683ac5b731067aa9ac7","sha256":"bcc25a03375ab230974cf7889c40776205854233bf405383d443a495762f310f","sha512":"9eb9aa6b4a65b3a3332086bb70a8df133378fe8fca7f46413dcee2a51e3671f023a4b995f8e5a00acd3d9e7bd32b25afe41816997ad60b917e1f8418e226c736","ssdeep":"","tlshash":"4be06173b5bd5479c2870951a101bf90f40d6470c36589ddde544a65ace11701b0d29e","size":396,"data":"","first_seen":"2025-11-01T19:42:23.016012Z","last_seen":"2026-04-04T18:19:25.507339Z","times_seen":5620,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"7bdc8bfde93395be9c4fcc7e0886d409","sha1":"3e86aa87190e962df4251dcf34e79756652b66c7","sha256":"c60f3d5f16262105177d285af9ce085c5ab1c6a280af6bdcf3ee69d5087b9504","sha512":"d5440f1f8cd292fb0c6ffa7fde7c5c0aa95c6bb9f35e8649d3d5f6c4c59fc41342737f109944a1b80533b839de062be566d0f877e9996ca650356a1448c4cc16","ssdeep":"","tlshash":"7ce0c21521b5947e886bf767913de832e2d805ad8c601c4d71ad698dc2df830277719e","size":327,"data":"","first_seen":"2025-11-01T19:42:23.023594Z","last_seen":"2026-03-25T15:31:57.114139Z","times_seen":5564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/main.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"53ccb9bf8d456068bc73f2d8784f49fc","sha1":"e7d11f9ef81c0bc8e8ef67d0c10df50a669b5e4a","sha256":"a49c23c6213c7cc75aa15d5c251f726ddaba8835cb67c62dba69d9168aa33bf5","sha512":"f6cd36c8a554dccac8432c1774a2b4ebc3508f6d2eb20653e2b1c549fc1288c557f148fa9043bcbb948383cb56a9d4824ec85fac517d3282e790513f5cee4dac","ssdeep":"3072:9e6zlokbbajR7KFX6t9OBjQjPsKH28TbP4q72a:9eYnajR7KFX6t9WQjPsKH2WP4q72a","tlshash":"c8d385452e846906634a1b7b362a70f5d51528cd38088a8bf66c7c74f5df6b3fae9330","size":139088,"data":"","first_seen":"2025-11-17T00:48:27.219535Z","last_seen":"2025-12-09T03:28:21.015456Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/index.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bf5f2c2d6e5eb5867e8423c865ffe146","sha1":"b5a5e5c727e7f38f0a8c8f883d35263278df0009","sha256":"f37e59e725fd6bac07c1aa5000a0b9ebb0fbc7c6cbceb624f93fd5fde48be58e","sha512":"eeecd39da32b6dfef16b32e34b1609437021b411a9759c31cc4a20f6b8ec6def033e214cd25f9efa37b4e8730a30cb54d4f0fe59573004aa729e7ae8f1b01cb7","ssdeep":"192:IyXD5pF9gCYYApv/xXnR7XKB8uppVkGR0ITgp19SgSyRI4VT/ZLZbcLhocWQZoEK:IyXFFgCYYA9/xXnR7UVHT0IUp19SVuVb","tlshash":"f21261902fc035c1370b8bf7211b60c0d89e886f7acc88cfe2687d92749a617dad5a74","size":9859,"data":"","first_seen":"2025-11-15T05:03:59.323461Z","last_seen":"2025-12-09T03:28:21.008112Z","times_seen":64,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"f972fe0078a066268845a39bebc41ccc","sha1":"6ded1571ddba532aef56867d8a8968d5c8be3765","sha256":"e603222200ca33708d610fecc7ac89a5565c1ea32158f06ea25c5edb8eae655e","sha512":"222514b0043c108939cff7b0842aa82f3347b156dac3b10ea8f725d0c5e60530a41c42df492c3f60c9b88a6950e352878b20bd2ce114f138c595fddf24a826e6","ssdeep":"1536:YX9cWQ7/lWQ2xfGXB+yQ7t3qGPMr8tWas197pijiOMOgO8OEOoOMOIOMOFrj0:SaWQ7/sQh+yQ7tFWasXp0h0","tlshash":"49b3e771f194303380174fe9fa78ae89a273f65acf493556a6e8537423c7c71780aa6c","size":111871,"data":"","first_seen":"2025-11-01T19:42:23.024593Z","last_seen":"2026-01-07T04:20:51.032208Z","times_seen":526,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"t-mobile.xchty.icu/api/open/addClick","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:51.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"POST /api/open/addClick HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 111\r\nOrigin: https://t-mobile.xchty.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":111,"data":"{\"ip\":\"91.90.42.154\",\"country\":\"NO\",\"click_list\":\"a_index\",\"click_url\":\"https://t-mobile.xchty.icu/?qr=tv5wn5\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:52 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b055JOXXSKK9VMnQ2HytTvoRjUF%2BIpOKOj%2Bn%2F5%2FlzYPXv49E7fj%2FZYXjvdUz6O6YvqV5umkb7ekWo6bn%2B7ffzbENQpzL8RZEfvlqz82l8gnSkw%3D%3D\"}]}\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-expose-headers: WWW-Authenticate, WWW-Authenticate-username, WWW-Authenticate-userid\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776d5ce331a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c38781fbc2c5b63719c8688b0e9bf313","sha1":"51ca8faa3e9dc2e2b162af77dc39b8e203e9368b","sha256":"f42b123cf06eee9bb3cfe228b92afef3d959f09ba63005c20bb3f68d5c77ed81","sha512":"b8103568c4932e1e6b5a97b098c534db84f12eb9497d226e8b9c23a9936f57c5d3a2309e54f6d9241ad0270624fbbb558cbdd3eb3a8af14de58cbc638f1c041d","ssdeep":"","tlshash":"23a0029a1c189a82a8c329a595066b1525fc36a35b299698cc5d9739c9981b4f085818","first_seen":"2025-08-11T04:08:23.447528Z","last_seen":"2026-02-22T03:44:20.675152Z","times_seen":9451,"resource_available":false,"data":null}},"time_used":791,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":791,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/common.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:42.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/common.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:43 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"f3d0f6ea6624ad2a18b20202dcede905\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=a7P8NTGgbSe%2FF4QMQPxF8QILXQOUL%2FO6QlQEoAvG%2F2zjKQDV2VcZRgLCsN4zU9AvTQ5p9bdPrlRWpldCaYWRDUnupAY9Zkfxf%2F6tXR6oLj0ykg%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa7769d4ed11a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":997,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"cd66b75ebf83065eaaae58a0ab2032b0","sha1":"53dddaa5dc1a975b776b61ac255e7847f8932dab","sha256":"adf4a58e4c570b3d1b41ebf36dbe20a3831221f7730fdf59508ad861ff208b5b","sha512":"8416928b01e3976aeb804a99f9fe72ba2f1c1f61324f4ed1cf9bc74f7a8687e56cc35716dfa457f9c9aeb3d3ab4f1e3def9d7fb4393559e0d239ac197eb6564e","ssdeep":"","tlshash":"8a113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","first_seen":"2025-11-10T18:13:28.354747Z","last_seen":"2026-03-25T15:31:57.083285Z","times_seen":5293,"resource_available":true,"data":null}},"time_used":645,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":645,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/favicon.ico","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:44.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:44 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1ug1wlY%2F6iTH8u0XT40P%2FnUM83yaTPQS7Ge%2F7JGc0ED81JEJdzVy1ahK678Z3hQLFMi1YfCfFenGxNE%2FjER0Mfue4WE8Pu4wwZDxugr5xDc3%2Bw%3D%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9aa776a70ffb1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1397,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"99264b63f9e8bbd93f2c6a07a0aaeec6","sha1":"1726bc7b2b2c733c9757378f055e2ce7cc95ed88","sha256":"6e22bb7eb268a4f17b22ac79ad535c779d257af8a32d8f71ff5dbdfa2b39c2ac","sha512":"5ccac4bfd38395abb008dad0541c2a5e5f859ddfc70fb404426c91a1782bffab77570934f8295cfcee981199d056880061986265fcd3724a0f75b6acaa09f9cc","ssdeep":"","tlshash":"7221eb1a9841e41d403392615fb5a52cefd6a5538342c598bafd324b4fb630d4cebba8","first_seen":"2025-11-01T19:42:22.988486Z","last_seen":"2026-01-07T04:20:51.027785Z","times_seen":537,"resource_available":false,"data":null}},"time_used":352,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":352,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/check.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/check.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Thu, 13 Nov 2025 22:26:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"738684972518171d27007a4b5fbe7958\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5n8m4i3eFy1mavqADpgijG1KmmOAuCgnBA19nWceglLhBZ6R3PAFfLTIuQNAtCflr4bjSqHoosMO0eP7s4GRmUkaFFWaL%2FU2Zo%2FrvJOxRboa2A%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776b1d95d1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33812,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33796), with no line terminators","md5":"aa123fdcf02f3eb1ca1635a1a0cb32fd","sha1":"4957e4b6d878556173d37821b4135cfd4f5a0fd4","sha256":"20e89be048f166acf3c38ba7373b6ca7087ad003982c49b084f22e7101a71ccf","sha512":"fbf664d1f2512cc384ae88003c0e78a6bd68edab977370362897901dd4c3b5ee69673a370b7f42ea473d192858031673216f54e1285044bdc2e5cd91e9e1336f","ssdeep":"768:H9n57T7yFi6yjFKTSdJnwO1gQMmVZkj+yOe6gWukXXmoPLOZ50SbBrSWJ3P+3WAz:XJBFdoICJDu","tlshash":"8de243013ed47644234aab7b7f1ef0e5e52e086b2888088ee159fd55fa61717f2f1a34","first_seen":"2025-11-18T14:57:05.768722Z","last_seen":"2025-12-09T03:28:21.001601Z","times_seen":21,"resource_available":true,"data":null}},"time_used":2940,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2939,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_8d39235f2450_f2fh4t.webp","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_8d39235f2450_f2fh4t.webp HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 282280\r\naccept-ranges: bytes\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\netag: \"48f90bd83d7003c002f5f9f6066e6732\"\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=56ctSKiCKzXRFH%2BMX%2BKPs3hnQg0ZW0lCQrRAPicjhIJfU5MApwUY60i%2FYO4CHiIQet2MWGMAPO7WJL1dG0dMeZc8gSYtYsx9TfRceB0Cf2V6Vg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9aa776cf5d6d1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":282280,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1580x720, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"5681ce6dd7bb61356132ea93c101664c","sha1":"c14c82db6459ba91961c64b161772e3c615bc2e9","sha256":"19ba22f5d6650afc5884daad69cfddb453d8e81ba9300360781d9c3b4580f6a1","sha512":"dc7242e7643129986f7b0febe1d77527bae2df355eeff41b96a5be7836bed79f8fafcd2c186abae6d9af74c7059872c0d7a77e6fccacb75370b09a45f1c5b6eb","ssdeep":"6144:QpMtoiYWA4PYGvIjy5vWXiVp7jFQq9/jd7L5C39BUHHr7hB:DtoinY9jy5+g75QOBLIjaHZB","tlshash":"df5423f17ada68944d1f0aa0a1b1b11b4984520a6f73d1ea6fcc6ccad837514bd8fc4f","first_seen":"2025-11-03T20:22:01.218894Z","last_seen":"2026-04-03T06:07:45.367695Z","times_seen":5105,"resource_available":false,"data":null}},"time_used":1815,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":987,"receive":828,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/index.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:42.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/index.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:43 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Thu, 13 Nov 2025 22:26:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"c623df7d728f84aea600f7d43081738d\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=K6x1L3npLRFYvqzGmrWalnNtQjmNx%2FdA%2F1CsIDqjWFH4mcM7ElwqEaLYkDhCfX5gXIpuPmbjY%2B%2FqaLQOp%2FQT6HN9RfB9cIFuHX2pGM2r78aw4Q%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa7769d4ed31a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9859,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (9859), with no line terminators","md5":"bf5f2c2d6e5eb5867e8423c865ffe146","sha1":"b5a5e5c727e7f38f0a8c8f883d35263278df0009","sha256":"f37e59e725fd6bac07c1aa5000a0b9ebb0fbc7c6cbceb624f93fd5fde48be58e","sha512":"eeecd39da32b6dfef16b32e34b1609437021b411a9759c31cc4a20f6b8ec6def033e214cd25f9efa37b4e8730a30cb54d4f0fe59573004aa729e7ae8f1b01cb7","ssdeep":"192:IyXD5pF9gCYYApv/xXnR7XKB8uppVkGR0ITgp19SgSyRI4VT/ZLZbcLhocWQZoEK:IyXFFgCYYA9/xXnR7UVHT0IUp19SVuVb","tlshash":"f21261902fc035c1370b8bf7211b60c0d89e886f7acc88cfe2687d92749a617dad5a74","first_seen":"2025-11-15T05:03:59.323461Z","last_seen":"2025-12-09T03:28:21.008112Z","times_seen":64,"resource_available":true,"data":null}},"time_used":819,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":818,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/css/docaflld7944.css","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.874Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/css/docaflld7944.css HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:47 GMT\r\ncontent-type: text/css; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"bc36fb3a6620a8276a78337093c05d6f\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XQgtrvNJFNbRvYxk2g3DscjwRPlWH7O%2Bloq3DVVwL3Luuqf02M8yXMuRmpMFwt%2BA2s%2BURzuSRc5AVXsSXKUuqCpS%2B0sMRT6TjCZiiRRg8LfcCg%3D%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9aa776b1b94e1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":139691,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (19050), with CRLF line terminators","md5":"3b62f8f51d6d027364ae6094596f300d","sha1":"a2c292af4fc00724957628c6e7a89e7fa2c10a9e","sha256":"420db130158a782a951af4dce4f4de3714c0a12661db2cd6686c76812e10bf24","sha512":"e50461f1bdd8d3a6b2e2f60c204b782d88f4c7ee409a3d68f6a4dac082396013b42854cf0ea9d4df681d5389a9007b30c8982b8cefe0ad9fbc674198e41f8e7c","ssdeep":"3072:olI+lA2ppxNVGNvRpKE4pO9pHSppppUOWNu2Vupp4p4pppepnzGb:olI+lA2ppxNVGNvRpKE4pO9pHSppppU0","tlshash":"e7d3a6c5ba43b23f6827642d43b9a56c4f082985fb0b7fd6798574144bc6be38031b9e","first_seen":"2025-11-01T19:42:23.001647Z","last_seen":"2026-03-25T15:31:57.097698Z","times_seen":5628,"resource_available":false,"data":null}},"time_used":4121,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2081,"receive":2040,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_12b4cf3cd4ac_74bqpd.svg","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_12b4cf3cd4ac_74bqpd.svg HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:47 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"ceae2585f17e453c2d56150c7a44b86f\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aM62OiTBrOmNHiz7d48wbs8j%2F6ZgkEL4BAxpDsx7y1mMWXOk9HcY4FaZp0XC6vDQBUMkvN8zNIq%2B7cBBS%2Fj0zcJtMC5uZbzPeaEtjuGZ1S8w1w%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9aa776b1c9541a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7002,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"dd113a4a8f65fc8090a2ca3fe449616e","sha1":"cb541cbddae2c4402de47f9ddcdf97700b4aefa8","sha256":"d668fe7e2cb2720b0a3f77f441a0b9e8045ced8de9e25726f8586cd35a27e270","sha512":"957e5c6a084c89bd7a374cea03de65a868296005652771d65adbaffff5685b2207bd7b9c5e944169edbdc46ebd5f941726a0a2c28738d42d7bf27390af853cd1","ssdeep":"96:pvDBc6X9Qfih19OH7WMu+Yk6nJFZHdC1f1Y3JwraNlx4qHdCwV1YvbVlyh0Y4rc:pvm6NQfih1Y+JFZ9B3+aj90vbG0xc","tlshash":"a3e132518220e27d1947c518cf6b82f02a1f90e9f75fa39976e3d775a08bdd9f800a78","first_seen":"2023-07-14T05:43:07Z","last_seen":"2026-04-03T06:07:45.366102Z","times_seen":5646,"resource_available":false,"data":null}},"time_used":1408,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1408,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_326865703d0f_4uk8ra.svg","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_326865703d0f_4uk8ra.svg HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:47 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"bba53759dfc0143a0d9f1755724eed57\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cvkO2UzDpJEd6oyGSeTnok1sy1mJStiKNLEm%2BQaLGnzIxQWim11Q8TF2ag4oj9feVqdRE1ctXKDLRbYph%2FhWR9WjLzcb%2F289aqatLHcP1eChuQ%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9aa776b1c9551a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5927,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1ca722900e870f6a187940962e40e3b5","sha1":"6cafa77a6b0906eb8ac5c9561d241b19953167d1","sha256":"3cce84d34c3f04a3d2f337e6c9fca5f2daac9bbf26b1139cb2c7afb209900b06","sha512":"f9e1ec955b7e02e169685c44f1d9ea17cddddbdc7efca08e2545f75cad18dc05bf36be595f91f0d98f4adeba58e1bdfb1d6befea19754ed19bb58935bafef485","ssdeep":"96:pGTOuRVWi3V+bB/ZK0XpZSUe7SBeyUV5ELrlRnrX955kzdQM0LhB99V:pf6ra/ZdSUe7SBeuHnJV9LhBV","tlshash":"acc17555a205e87bd55bc32ccf7a82f1232f50dbb64d53a872b6cb369018ad2dc01f68","first_seen":"2023-07-14T05:43:07Z","last_seen":"2026-04-03T06:07:45.37907Z","times_seen":5643,"resource_available":false,"data":null}},"time_used":1808,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1808,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/common.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/common.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:45 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 2\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"f3d0f6ea6624ad2a18b20202dcede905\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JLaw%2BGBjrNlcd62nKGrzW5Rp9ugpe%2FvWUXcVhlOOUI3mG4yCd2mVSOcsnR10H9E2xjhRuCt3TXQ3jLSh7owgPzvMBzeMH%2BXxPQJ8FY6kNqJ88Q%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776b1d9581a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":997,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"cd66b75ebf83065eaaae58a0ab2032b0","sha1":"53dddaa5dc1a975b776b61ac255e7847f8932dab","sha256":"adf4a58e4c570b3d1b41ebf36dbe20a3831221f7730fdf59508ad861ff208b5b","sha512":"8416928b01e3976aeb804a99f9fe72ba2f1c1f61324f4ed1cf9bc74f7a8687e56cc35716dfa457f9c9aeb3d3ab4f1e3def9d7fb4393559e0d239ac197eb6564e","ssdeep":"","tlshash":"8a113444a9e34710919290bd358a3412f63a4453f93cbf6576ae91057f8ca2d07f27ee","first_seen":"2025-11-10T18:13:28.354747Z","last_seen":"2026-03-25T15:31:57.083285Z","times_seen":5293,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_518dcd5f8002_jsbl42.ico","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:46.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_518dcd5f8002_jsbl42.ico HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:48 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"cd1cef719bfd5ed60f06a52e299b72c2\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Tq0PFMNFVv10i7428y1%2F8EVAhOM10nmK7es5nhLqlZbYtJ11dij95Ego%2F9OkovASZdy6mMKrwIM2aKpP1J%2BXijvcCBMFHJY1L1iVi2R2WuZIag%3D%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9aa776b7b9e91a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"4f73afbc7910d52a386cb500013aa418","sha1":"1cbf6b524941a15f693914df43cb71d574d64c77","sha256":"65ab2bcfb4fd1fd6456976d856155f74a0a1b27ac4393231cfd583ee492c3397","sha512":"ea4000ac3183b9a46861f547d50668883a9958d0ef01a0be7830ce1ef9d2021b337ced593a92f4ce6c743cba0a7f3ac0e8f1e4da3d206ebd4286ce96c0d562d8","ssdeep":"","tlshash":"652130db355ef728c994dfb8ccb7fe6d7e9a9604e4a485275c4008ad0d2204f00bb2b6","first_seen":"2023-05-03T13:35:14Z","last_seen":"2026-04-05T01:13:50.251666Z","times_seen":6006,"resource_available":false,"data":null}},"time_used":1895,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1895,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/font/img_703fe0b04e0a_kgxkvs.woff2","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/font/img_703fe0b04e0a_kgxkvs.woff2 HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/static/css/docaflld7944.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 52788\r\naccept-ranges: bytes\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\netag: \"4d771d615c6e1ada84588859c991eee3\"\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vtmIierEkS%2F06mz6qHFqRTR%2Fh1ohVZbokmP71YeheVXNXRQZ0HarVxJJtXvXVD4gHn2rEHEkeHSl1icU3CRbehJ7fGnWU1XsHHXtjwMvFRPk2A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9aa776cbfce91a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":52788,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 52788, version 1.458","md5":"d8842e36f35731681aba49045b6cca9e","sha1":"3596365c47164d04b52e4baefdb618b29f22fea6","sha256":"c71a1aed463745d39ba361341c9274210142537418e4129708fdf83e20807ed5","sha512":"e9b382ba06b9d9212022d6633e4b6ac4482402c103a9d8a1b6867334ffe22e0b352b8914340151aeb5cc5cfd7982eb6346d0241eb2dcab1e40dca2c5c71e936d","ssdeep":"1536:KpsrYGE2WIStZnXnO33nV+S/WMnme9Zmxfp:Y2+k3vOle9Zmb","tlshash":"b7330183daf4fba53f6ed5cc106e447b45136e8fc1e51b22b61e97ea440017ad341b26","first_seen":"2024-11-27T04:08:46.934326Z","last_seen":"2026-04-05T01:13:50.177579Z","times_seen":5762,"resource_available":false,"data":null}},"time_used":1779,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1541,"receive":238,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_d898cec47e5b_7ixrsy.webp","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_d898cec47e5b_7ixrsy.webp HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 494672\r\naccept-ranges: bytes\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\netag: \"293ea9289f4a012e3f77547e9f9f7e74\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j%2BV59ORpF%2ByzGkNqWJDuvloOQ4FWxRcLAf7iX2%2BU6E4OdNlPNw2%2BzaWIDQG8%2F5g778lXuC3MaMBlrBGimsTE2CDkmJLGpdPx5NUrO2eF7KRJ%2BQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9aa776cc3cf61a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":494672,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1320x740, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"009d35856231dd4b855e17f10084d26b","sha1":"087625e61c98af29bbe7f6c7c3d44be8fc46683e","sha256":"d862077db5fcdaf33c1e6226d80c31aaf2f1a721f06eeda4f088d831f8e71b7f","sha512":"f102ac55ba2355933a8bf18d5df6182054356a86dca5e65e34eef71756f39b171a09640b7a6eb7b5b4a82aaa0d281a9cc4b36439b68478c153f8d043d8755ceb","ssdeep":"12288:6EuK15sbHJwJ9l59d2nv8fEjhfMiRjcU5qug60OeT4+4tT7usN7HXH/Tjk9:6u1Klsp9gEfE1foU5kH14+4txN73HLjc","tlshash":"95b423f072c9a64576d9e99c6d2d5c07bc6ce62308b1b0ac0724ea78c91178df79b3c9","first_seen":"2025-11-03T20:22:01.217256Z","last_seen":"2026-04-03T06:07:45.378001Z","times_seen":5118,"resource_available":false,"data":null}},"time_used":1842,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":419,"receive":1423,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_4f8a997287f0_enw7i2.svg","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_4f8a997287f0_enw7i2.svg HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:47 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"6e8e409e4c66524808eb3efe884d5277\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LY1iN1W03Vj0YvtoqtKwkUFcejYXfCTrTIv6SRLlyI4JvqNt53HZ9aNSB80%2BhpWKr8HrWjZ8UgHGJYREDoDr58q8LMS8Vo7xARKLNxdjHy2bcQ%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9aa776b1c9511a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":619,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fdd33df4ffa57fedd898b0eba7d03161","sha1":"ed766c35d5f28916440c869eb35b9f9fea1a51fd","sha256":"35c7dab49ed926b15da52e696311911e95d9a3a44ccfea0896b61e25eabefaa0","sha512":"f598c93eba458fa5fd57a43b216ec2c3646934fe59d40c1097884fa4430f9b131bbd61a88ccf24c4d69d2e221980c62498cce1c9b9be37a5b8eb96113b6d7b9b","ssdeep":"","tlshash":"ccf04c90b6c43859c75a0e358d1ebcc71b9b35a9a6a058bca04c184a34e3982bd8a5dc","first_seen":"2023-05-01T16:32:11Z","last_seen":"2026-04-03T06:07:45.369753Z","times_seen":5813,"resource_available":false,"data":null}},"time_used":1414,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1414,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_fbdeddb7a6d1_w37hxq.webp","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.889Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_fbdeddb7a6d1_w37hxq.webp HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:49 GMT\r\ncontent-type: image/webp\r\ncontent-length: 22608\r\naccept-ranges: bytes\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\netag: \"ad1f6036a457ef8c43e83982a05d56fc\"\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jpHOivfsWPszqWSrX6kzpaKmVNj%2F%2BKq5Z%2ByvZOUpEHMXLQ27UebGe1g%2FlmnzyOQ9U4BZLFwTSQHKkODHizifpzL9hiSF%2BJporQqJUnwREkVVIA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9aa776b1c9531a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22608,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 369x400, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"09459b26238962041cb24948d43260ff","sha1":"11abd4538dd0d6b12989f8278afef6319f495ed9","sha256":"eae272e0f2329cd4d8e87ef4d2a97b94f09dc1b61f64a4472bacec250899ccb0","sha512":"27dbca85045f8ee1d817ab4f7d5fe9c96464f44ff7b19a146a174ea9c27e970c3f1c8a35cb2373d832419804ceb91c2b7ef35734689d13e46611030ea6e4c995","ssdeep":"384:gr4d7vjS0dz+qRF1O2kY/3Wz4vS5LVynT9ZdWTSfOBDD6w/doBq+1UQHlF8ZIkWj:aijS0lF17fWzoSLYZZdWTWUD+w/d+q8h","tlshash":"a6a2e0e3b272581c8dbecfc36338de5d1032d7469a2519be57b4c21a19f2a1c4c8353a","first_seen":"2025-11-03T20:22:01.222122Z","last_seen":"2026-04-03T06:07:45.377535Z","times_seen":5189,"resource_available":false,"data":null}},"time_used":3203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3201,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_04ff157e5d9e_kaldad.svg","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_04ff157e5d9e_kaldad.svg HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:48 GMT\r\ncontent-type: image/svg+xml\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"4db831582b4f1d405855b1bec755e1d7\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jt08mY8nB6aJ7OnO5B9lE%2BntirwhWMAQqzgw7l6mQGMSoVUd%2B4Bo4xNXivdXc0Oc%2FWMv7%2FL%2Fmr0kOLx6itHybkuDzCP1N6s2yiUADP8%2BD2rIww%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9aa776b1d9561a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":576,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"da22a7f68789a5ac597fb908ac7b2496","sha1":"30aa5326be9ca4f73b0efc9881090e23bfdd0135","sha256":"a58df955d1e5f78fafe028b6b404ecdc558bbba91a7d5b508f13e5ddffc5d2c9","sha512":"e937a2a0ecd6a1b7e1a2425382f90a525851c5d242b0ca9743de11c5b8bebd4561507e2f0b9d4612a4312e758f835f2d4eb11578de8d8b9fa4bb96625eefee91","ssdeep":"","tlshash":"adf0e1d481d9686ccd00077c64c2fd631468b38ae6200ba3d1b001a7b2b125f94e43fa","first_seen":"2023-05-08T02:59:22Z","last_seen":"2026-04-05T01:13:50.234686Z","times_seen":5926,"resource_available":false,"data":null}},"time_used":2409,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2409,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/vue.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/vue.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Thu, 13 Nov 2025 22:26:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"bf4769f4d9ead1e1f6542a579675bf5c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UESwD4pCjUhm4M5wteQzEHBLURacRFLcEUd3rucP76vK7pX4AwahEHErEV15NdG9nBKIDYidABW5f1zp55%2FYUwsTP9W%2BjkuPrRiNHeNqqYtPEg%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776b1d95a1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":342147,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"a9b6fe71cb7cfcd689e1ef345aefba51","sha1":"5c39dfc37fc42400e4b4557db956f3f218a90ca7","sha256":"159f0ac0c8f517aaa736003b6e13ebc959b5f7129db87e4e56bf2eec8d6d02d7","sha512":"6172c62ec4018b01cf1cb08003d9e96568400d4b071028e467bd43d6ecd3d87a68a7cdbf78b9e615be9bd23a3ca4ae13d00bb48361444eb44935b945ff8e99cd","ssdeep":"3072:ViOkNK65nfn78CNzdlvdMvCCaNPdg7p2POCCnTlpsefhlDJsYB3lY5TxbMeBUw3k:VU9gCNHvdxPdg7cInToEw7BpyXq45","tlshash":"df74a45db9f322a25a5370b94bafa449b278c0130508ce907d8dd3a46f9053857fbfe9","first_seen":"2023-03-07T12:01:43Z","last_seen":"2026-03-30T05:24:48.21987Z","times_seen":2792,"resource_available":true,"data":null}},"time_used":4213,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2828,"receive":1385,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/main.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/main.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:48 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Thu, 13 Nov 2025 22:26:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"70cd4511bfbdfe865b4f2286799b42a1\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2cFw3mAejp0WvyFYRDCeB%2BIacPAOM7kiMVl2N5CjsjefqKOM1W3GET76Sq4BDgdnoXDv8r6v0DyGbart0EgRtvq4MO72jzqwFYcTeD2sdTKJBA%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776b1d95b1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":139088,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65274), with no line terminators","md5":"53ccb9bf8d456068bc73f2d8784f49fc","sha1":"e7d11f9ef81c0bc8e8ef67d0c10df50a669b5e4a","sha256":"a49c23c6213c7cc75aa15d5c251f726ddaba8835cb67c62dba69d9168aa33bf5","sha512":"f6cd36c8a554dccac8432c1774a2b4ebc3508f6d2eb20653e2b1c549fc1288c557f148fa9043bcbb948383cb56a9d4824ec85fac517d3282e790513f5cee4dac","ssdeep":"3072:9e6zlokbbajR7KFX6t9OBjQjPsKH28TbP4q72a:9eYnajR7KFX6t9WQjPsKH2WP4q72a","tlshash":"c8d385452e846906634a1b7b362a70f5d51528cd38088a8bf66c7c74f5df6b3fae9330","first_seen":"2025-11-17T00:48:27.219535Z","last_seen":"2025-12-09T03:28:21.015456Z","times_seen":31,"resource_available":true,"data":null}},"time_used":4096,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3058,"receive":1038,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_be96930b1854_2tmghh.webp","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_be96930b1854_2tmghh.webp HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:50 GMT\r\ncontent-type: image/webp\r\ncontent-length: 2540\r\naccept-ranges: bytes\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\netag: \"f879869d175afe9b0e713bccb7f25054\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P7bw0nmsT5wEcfywnxeYkYbFUywpGpsmPlp8H3%2BjyZrZ%2BDGukJ962WIpb6SL8We25w3zulZYlii8VWfEQrDmNEL54bC58PsfVjarGPn8IzpEKQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9aa776cc3cf41a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2540,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 156x48, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c3363bd8e95e97f09d878a9a25d213db","sha1":"ffc49956cb790a772e9737367a5d747a3ae52a9f","sha256":"6b4a725e775f6181cd9dff4a9079339f59b68e395430ec1d6e1e0a8b26dae3b2","sha512":"7b1849b2850eae838b5db03715559415a976eeb6861afd534973c8deae3b23242fc6ce46cd436b62c5bbba995cbeeb8b3b56c5687ef0746445a4261c2afce782","ssdeep":"","tlshash":"23515d058de2d3a3225668d458d1d487e03ae5ccbd54f02d8f6a8a3fa10983d32d91ca","first_seen":"2025-11-03T20:22:01.22949Z","last_seen":"2026-04-03T06:07:45.367182Z","times_seen":5142,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 08:31:42 GMT","end":"Mon, 19 Jan 2026 09:31:40 GMT"},"fingerprint":{"sha1":"18:54:BC:32:F5:78:9E:49:22:F8:83:70:B5:69:C4:53:F0:B0:C2:36","sha256":"85:63:48:DD:A0:B5:06:15:E8:95:A8:A5:FE:8A:2E:A0:80:42:CE:75:9D:8E:2D:D7:B4:63:F1:93:4C:24:32:59"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://t-mobile.xchty.icu\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 22:29:50 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: POST, OPTIONS, OPTIONS, HEAD, GET\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://t-mobile.xchty.icu\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RUAn%2BnG%2FbPt2lAe6GyKcVxRYPOq3ejqvFMX3Ui0HKZYtjJf4XU%2FahINqi3rGyWn1eqqnqkA5L%2BXzqpaCT12xcHt2%2BFrdPH8%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9aa776cd6a065a0f-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":744,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"10f032b6d95dce6b7abbaae68787b67f","sha1":"7e2a30920ac65465c5c5daf94e45dc8435a3efcb","sha256":"596cbcdd96c9bd505a58fa6a6a66d20081f7e416e6e84646d083483c90c8f1e2","sha512":"8bed577d29f9d8c5aa17db8afae8e822d1209302d99aa2d8d3e49d00b1b107a20b5916fc07dc360d371d6980c92012f8ffa999673f10e696b06d6d333b437a51","ssdeep":"","tlshash":"d701df78e4680ebb9cb9135cb4386907123422075e56398e7fd49b8d0f8e8bf30b525e","first_seen":"2025-12-03T13:37:35.146543Z","last_seen":"2025-12-17T08:02:12.429433Z","times_seen":614,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":19,"dns":2,"connect":1,"send":0,"wait":224,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/?qr=tv5wn5","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-07T22:29:42.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /?qr=tv5wn5 HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Dec 2025 22:29:42 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cJpvvdxVbrKZ1J4u7p9VP3RkesFjTExqpSCLJF67syKDL39pFVnyjiZE%2FgzsYql%2BIWacRSHaJP7D49JgUYcTlUAqa3l42mjwTaLwrA8wrgc%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9aa7769b8a9156ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1397,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"99264b63f9e8bbd93f2c6a07a0aaeec6","sha1":"1726bc7b2b2c733c9757378f055e2ce7cc95ed88","sha256":"6e22bb7eb268a4f17b22ac79ad535c779d257af8a32d8f71ff5dbdfa2b39c2ac","sha512":"5ccac4bfd38395abb008dad0541c2a5e5f859ddfc70fb404426c91a1782bffab77570934f8295cfcee981199d056880061986265fcd3724a0f75b6acaa09f9cc","ssdeep":"","tlshash":"7221eb1a9841e41d403392615fb5a52cefd6a5538342c598bafd324b4fb630d4cebba8","first_seen":"2025-11-01T19:42:22.988486Z","last_seen":"2026-01-07T04:20:51.027785Z","times_seen":537,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":19,"dns":0,"connect":1,"send":0,"wait":129,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/axios.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:42.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/axios.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:44 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Thu, 13 Nov 2025 22:26:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"3fcd6fd14bb3c7a6f9f215a916d35dff\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x27FzHKNHjOaK7FSNPHWfh9R1B8%2FYFwseSauZmdVv8nBHVDN83TJ2usqZ%2BcatR%2FteZKA54dVRbG%2FxIZoVAmbpkEWyFo3GTX69Nx3EA8nfkuWJQ%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa7769d4ed21a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42736,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"1eb8e8e2284670dc214a3e70c25992b8","sha1":"94ece417aa560aa8de906e8f54c0985da90364cc","sha256":"96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455","sha512":"ae6cce74fa46a0ee1b00245f7da885ace7bd608d96152f3b4d9b2c1e66d53cbf5c1f298d1eb60cdf4a17a14296edc2fec63c22a7cf968025911ebe9272f7d49e","ssdeep":"768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k","tlshash":"0a1385c6fbd57803b51630a98e8f754a76b4d05374046ca5bc4cb9e83fd883c86e6a89","first_seen":"2023-03-08T19:53:18Z","last_seen":"2026-04-05T09:53:04.309739Z","times_seen":16984,"resource_available":true,"data":null}},"time_used":1533,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1529,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/api/open/getTemplateData/US-Points-T-Mobile/a_index.html","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:44.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /api/open/getTemplateData/US-Points-T-Mobile/a_index.html HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:45 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KyDFc4cRbA0K3C0sYvVHVyPpzmiwZ0uP9TwrVxE75FH%2BSt6M579S9J5Hwya%2BFxP3e6G4%2FX8Okn1YvSIU7wnaIElRvAg%2BA5%2F2krdd8AF5kXuqag%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776a71ffd1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":116791,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c6138f56efcc18ba551912d8ad2b4c7c","sha1":"df69eec513ca6172acfcbeb248c511d37d1b271f","sha256":"17a06184dbc0b0299323783d58f41d42a9bdccfffff22c79aa9c4369a2582d54","sha512":"942d8c624d0506aab8f41904e6fa73211bb09bd26f1fef278d9d5df501e4848ee19e8c27676727aad34b64ad5e708375d4a33d9dee811e38542d48c9707c178a","ssdeep":"1536:oF5YfIHJ3xdlf6YuxIM7oAgb4bLOmvLyzxwZxg+VwS7fyoH3lY+Uo1qFRcdifxx4:qYfIHJ3blfOIQBxPyoH3AjPZT2nL88B","tlshash":"32b3e872b1a8a03744074fefb838ba68b637fa5def5211457bd8876d12cac74240b95c","first_seen":"2025-11-01T19:42:23.008319Z","last_seen":"2026-01-07T04:20:51.016755Z","times_seen":526,"resource_available":false,"data":null}},"time_used":1679,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1326,"receive":353,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/js/axios.js","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:45.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/js/axios.js HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://t-mobile.xchty.icu/?qr=tv5wn5\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:45 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\nlast-modified: Thu, 13 Nov 2025 22:26:16 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 1\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"3fcd6fd14bb3c7a6f9f215a916d35dff\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mNcJEGLiUD8w2UqdC1svC6I8lXbQDjzLttXSTyCed2RsI162UhfwgA3MjvUensF1y0bdkmhQluaVKyH3MnDEMMbuWV5T8QkR7d5ofDzwLYG%2BMw%3D%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776b1d9591a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":42736,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"1eb8e8e2284670dc214a3e70c25992b8","sha1":"94ece417aa560aa8de906e8f54c0985da90364cc","sha256":"96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455","sha512":"ae6cce74fa46a0ee1b00245f7da885ace7bd608d96152f3b4d9b2c1e66d53cbf5c1f298d1eb60cdf4a17a14296edc2fec63c22a7cf968025911ebe9272f7d49e","ssdeep":"768:iE/e1fRWqcYe4Q2q3jetDArR2d1mP2EduTgeIQN/s:VGoqcY22q3GASme1k","tlshash":"0a1385c6fbd57803b51630a98e8f754a76b4d05374046ca5bc4cb9e83fd883c86e6a89","first_seen":"2023-03-08T19:53:18Z","last_seen":"2026-04-05T09:53:04.309739Z","times_seen":16984,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/api/open/getSyncSettings","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /api/open/getSyncSettings HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:51 GMT\r\ncontent-type: application/json\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OdpkcsRaDi96GE2ZhE5GPow2j5ctLqQALQn%2BIv3cfQDcKahBO%2B9sTee%2BU%2F0bM4%2FFljY18bhkraY9mL7SxacXWtARjv7ovW2xY8zsl2yp7tYRug%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: 9aa776cf4d6c1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4505,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2e956e286245b134cb03a73a7e806ed8","sha1":"96a2baeb120e62deb375a707f80f6fe791d239b3","sha256":"fa03ba64639066549e75bdcc96707c2fe77cc8e58ffd6e0c58cb53ef97b8a4d0","sha512":"ff54ca135b90fa1d549840379edc6223e0710c37eb6e7b1095d2356c117abca819b4cf701919806ca2f5ed0b1c5d992f9c4796f03ec7e27e7c186f9afff777f5","ssdeep":"96:IARXoRlJE8kvfrfKcwKM3YuyZ4bXeTnk+rSU:IIoRl68mfKTVyZ4DeA+rSU","tlshash":"be9152604e6be8b332eb8947f25a3948d5250e329c9033a4ea43b8d528bcdc1d95c8d7","first_seen":"2025-12-07T21:59:59.487783Z","last_seen":"2025-12-07T22:31:18.410417Z","times_seen":5,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":998,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"t-mobile.xchty.icu/static/img/img_85951218b056_ebofvu.webp","fqdn":"t-mobile.xchty.icu","domain":"xchty.icu","tld":"icu"},"ip":{"addr":"104.21.37.101","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://t-mobile.xchty.icu/?qr=tv5wn5","date":"2025-12-07T22:29:50.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xchty.icu","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 04 Dec 2025 08:41:32 GMT","end":"Wed, 04 Mar 2026 09:40:25 GMT"},"fingerprint":{"sha1":"96:32:BC:E1:AD:C3:71:18:4C:C1:24:B7:6E:EB:FD:3B:E9:BE:A5:5F","sha256":"0D:93:2B:A1:2A:4E:8B:56:74:9E:45:9C:97:B2:03:49:07:E3:38:B7:D0:A9:6A:D3:B7:EE:9D:B2:BD:36:C6:51"}}},"request":{"raw":"GET /static/img/img_85951218b056_ebofvu.webp HTTP/1.1\r\nHost: t-mobile.xchty.icu\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sun, 07 Dec 2025 22:29:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 173160\r\naccept-ranges: bytes\r\nlast-modified: Mon, 17 Nov 2025 19:41:12 GMT\r\netag: \"8829f263f83dee928b3c5f30e3a37d0d\"\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z4YanU54eo7I0zR6dwPOjzfFOefj%2FcVM%2FJjIWA5L%2Fx9paGD9P2%2Fvo5deZ4Cr8BIei4Ixd1923rz8WO8mb8dnVx7ZtBycXWOJy6SZArzpVhcixQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\ncf-ray: 9aa776cf5d6e1a30-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":173160,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1580x720, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"d0a49c46ad8019f13c5230798860fd79","sha1":"a7225151df09feb26466cd62acac5818d2ad0339","sha256":"724a616c4b09edb590278189979e33e564d2750da1a7406f156f3653ccfc8c5a","sha512":"443f5b9da839c306a0991ca1141c8bd10dbd57e117c6b6bf474ec3fd67c624bfad1c5357cc7d8ed6552ad0c02e7102405d0d02c51b03d72403b38a4d43251363","ssdeep":"3072:6ZLr72LXUT86sGS/xpn7E0/6GzMlPXT9/o0S6LbhOX038oIhdThs:6ZvTRsGgrnp/bzMlPM6kk38TRs","tlshash":"7e0423433d47ce49ea391ad6deda502e5a3990dbad0cbfc5b0bfc5124a3fa0c9118285","first_seen":"2025-11-03T20:22:01.230324Z","last_seen":"2026-04-03T06:07:45.378549Z","times_seen":5122,"resource_available":false,"data":null}},"time_used":1349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":994,"receive":355,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-07","alert":"Sinkholed","trigger":"t-mobile.xchty.icu","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}