{"report_id":"750807ec-7030-49f6-ab86-dfe93daffdd8","version":6,"status":"done","tags":["suspicious"],"date":"2026-04-02T12:50:25Z","url":{"schema":"http","addr":"h.carddsapply.com","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":0,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"https","addr":"h.carddsapply.com/","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"title":"Trust Wallet","dom":{"size":149436,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (30757)","md5":"9d599ab2285c608aed8329fb929774bf","sha1":"8070fe695d961a1c476c2497323c06e19fa1ead5","sha256":"09f4e6b90d4bb90df10c93bf9016cbe232c3b0b2e01e21826846c81c7f425c56","sha512":"9a4e47146bf8bd427f67d45e9036a81699f6ef4987b098a035f71bd1a8657b8f97a9ed2f5039d893b5202a5938ea1217e28d4ceff05ab6f35b6c56040e49f8f2","ssdeep":"1536:tXgI8bVIMqcN+IWI7YCYWQMqcN+IWI7YCYWPP2M:twI8D+m++B","tlshash":"97e32145ae86c017ba67812e2bd5f30432f9e007ecb79d58b99cd0808fc7d5d39a93a5","dom_hash":"domhash8ba13c274fb6115545c9eac4fab69c65","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"h.carddsapply.com","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":0,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-07T12:50:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":2,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-02T12:50:03Z","timestamp":1775134203,"ip_dst":{"addr":"173.244.207.30","port":443,"asn":13213,"as":"UK-2 Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":56398,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (rpc .ankr .com)","source":"{\"timestamp\":\"2026-04-02T12:50:03.853926+0000\",\"flow_id\":1230990877598105,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.22\",\"src_port\":56398,\"dest_ip\":\"173.244.207.30\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058825,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (rpc .ankr .com)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"rpc.ankr.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":914,\"bytes_toclient\":1584,\"start\":\"2026-04-02T12:50:03.795033+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-02T12:50:03Z","timestamp":1775134203,"ip_dst":{"addr":"173.244.207.30","port":443,"asn":13213,"as":"UK-2 Limited","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":56406,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Smart Chain Domain in TLS SNI (rpc .ankr .com)","source":"{\"timestamp\":\"2026-04-02T12:50:03.857682+0000\",\"flow_id\":368963024003595,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.22\",\"src_port\":56406,\"dest_ip\":\"173.244.207.30\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2058825,\"rev\":1,\"signature\":\"ET INFO Observed Smart Chain Domain in TLS SNI (rpc .ankr .com)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Windows_XP_Vista_7_8_10_Server_32_64_Bit\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_01_03\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\",\"TA_Abused_Service\"],\"updated_at\":[\"2025_01_03\"]}},\"tls\":{\"sni\":\"rpc.ankr.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"15af977ce25de452b96affa2addb1036\",\"string\":\"771,4866,43-51\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":914,\"bytes_toclient\":4434,\"start\":\"2026-04-02T12:50:03.795147+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-02","alert":"Detects file containing Telegram Bot API","trigger":"h.carddsapply.com/scripts/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"unpkg.com","ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-01-06","domain_rank":1093,"first_seen":"2016-01-07T23:26:01Z","last_seen":"2026-03-29T23:54:08.408227Z","alert_count":0,"request_count":1,"received_data":32008,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2026-03-29T23:04:54.250741Z","alert_count":0,"request_count":2,"received_data":146902,"sent_data":860,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-29T22:16:18.281815Z","alert_count":0,"request_count":2,"received_data":87942,"sent_data":1104,"comment":"","tags":null,"fingerprints":null},{"fqdn":"rpc.ankr.com","ip":{"addr":"173.244.207.30","port":443,"asn":13213,"as":"UK-2 Limited","country":"Germany","country_code":"DE"},"domain_registered":"2007-04-23","domain_rank":541361,"first_seen":"2021-10-24T12:41:06Z","last_seen":"2026-03-26T18:34:18.689995Z","alert_count":0,"request_count":2,"received_data":1356,"sent_data":1144,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"h.carddsapply.com","ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2026-03-29","domain_rank":0,"first_seen":"2026-04-02T12:50:30.045917Z","last_seen":"2026-04-02T12:50:30.045917Z","alert_count":46,"request_count":11,"received_data":4023186,"sent_data":4909,"comment":"","tags":null,"fingerprints":[{"name":"Axios:1.2.2","description":"Promise based HTTP client for the browser and node.js","website":"https://github.com/axios/axios","common_platform_enumeration":"","icon":"Axios.svg","categories":["JavaScript libraries"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]},{"name":"SweetAlert2:11","description":"SweetAlert2 is a JavaScript library that provides customisable, visually appealing, and responsive alert and modal dialog boxes for web applications.","website":"https://sweetalert2.github.io/","common_platform_enumeration":"","icon":"SweetAlert2.svg","categories":["JavaScript libraries"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-03-29T22:35:00.993215Z","alert_count":0,"request_count":4,"received_data":2315195,"sent_data":1760,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-29T22:20:07.848058Z","alert_count":0,"request_count":2,"received_data":25708,"sent_data":945,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"h.carddsapply.com/","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"6db1d946a72e8c64c0eec6496a9c7444","sha1":"2d063db5a413117b217190b903b2b13573195042","sha256":"bee355309770779a5e7b444f0f4e9c6a410b3dd2d38b4e3466cbef0542849f67","sha512":"791bff9bc922065b40bc50b7afbc6527ae9c60af089d14c79ba2e634b9947081de160ce05110df5031bb4a3d0714162a0371c22ab41e9a66c7b56bfdc4dd99fb","ssdeep":"","tlshash":"f711ac0b088378ba03e6607ee73b7d1a321910072850c4033f4c81485fe48392fb6f8c","size":912,"data":"","first_seen":"2026-04-02T03:19:54.811112Z","last_seen":"2026-04-05T11:05:10.86779Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-06-24T13:15:02.101497Z","times_seen":702676,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":760171,"data":"","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-06-24T10:50:46.241249Z","times_seen":3636,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/web3@1.8.1/dist/web3.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7406458ff35f927bd90f7983b6e344db","sha1":"230a590c1c1aacc369465645b62b70643d68c5ea","sha256":"71d7328c8b5a399aac329a83d86b51058c01e0e0414fc4577dabfc79c518c6d8","sha512":"bed50e0b460868d9bf52eb54ef27e7c2a9c5f4b3989d7b691deda4c22d67bc9365a1e190ba770d06210a3ffdd6c370fad9448085b5c6b27629018a220ec6bec0","ssdeep":"12288:qTl6yDJDY2BYfdDZ3amsRMIWeLkV5niUjamsQHeB:qTl1B4DZ3DIWYkV1jhu","tlshash":"d565fbc47691b091c3a36aa1402f900be33efd682c4c4169b757ecf71cb9a995527f3a","size":1455961,"data":"","first_seen":"2023-04-06T20:37:25Z","last_seen":"2026-04-05T11:05:10.869882Z","times_seen":97,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/ethereumjs-tx-1.3.3.min.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ca1104de538caea2d54265fbe90916b4","sha1":"d6c416e5d153f500f7ac66d25a2b73db45867ad4","sha256":"10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0","sha512":"51fe1c1b91913f9108019b1d18ca38593175cbc827ee159e2942d62b2a9825317642833f17c2526ce292d9623e394cce1a750d9c6246c7eb201a57b15c8d8bc4","ssdeep":"3072:3dpgpHu8o3GVhW8Jg5bGpLsev6ns9oq1CfdfDWp1WrB33NjbLytdJ7bt3r:3fGVL2CNvms/CfdS1Dr","tlshash":"a6640989fba07052435671a5062f644fb67af92d5949006cf254e8fb3cf89c8a63bf34","size":323051,"data":"","first_seen":"2023-03-07T01:24:06Z","last_seen":"2026-06-21T09:49:07.258321Z","times_seen":2095,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ua-parser-js@1.0.33/src/ua-parser.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0f5dee1db90006370bfad15f1c6433f1","sha1":"aa3a087e6bee3dea9dc72df19744181649f40014","sha256":"0708d17e2795584e55ffe69838b2163d73ccf2f05cc177653b3884d6a7cff51e","sha512":"2187507129a58026e0443cdc57570b689626525c9cfdc123a5ef05ad2c39882aba2ecdb9c2e4b1d45165b02db0d6ec2f61786df208a46904487c987458ccf79e","ssdeep":"384:veSussfhlSg15+2rRSLkdAhYStQfdjpTJuU3ZGUshwzVXQd6VkedjyABx:G0Lk5/RSgd4YStQRpTJuU3ZGUshwzVSG","tlshash":"4862743fd295ff3c57dce908e77946442f0b6d2aca8860f499d092627cb86da0046777","size":15920,"data":"","first_seen":"2025-06-24T09:26:28.558042Z","last_seen":"2026-04-05T11:05:10.851923Z","times_seen":37,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"638f2fa82197eca995c38b60a16d077d","sha1":"d5ee251933328b564877a9a6d4cf25133c065747","sha256":"f7853264ce7327d4178382717736a417b83aedea347291de17a308a08610a9f5","sha512":"fd8afe8249825c61196e64e807cdaa73d3a50a018c8b9613bec422c2a94ddcd32d9b304c067af83ef855c0103e926b86eff0a978f8825021d31d53baf7d25052","ssdeep":"","tlshash":"6e119e7d0193583947abac172a8f57403eb0a0472101e4433c6c96efcf959989639fdd","size":992,"data":"","first_seen":"2026-04-02T03:19:54.812441Z","last_seen":"2026-04-05T11:05:10.868416Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.3.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"541e80b5bc224cfe384a99836e5062ec","sha1":"7da81d6d0701e3a6ff598a8e1af6f554976a70ca","sha256":"670a99215743de25cdc861db49876c9963fffd4068923d851c0c4ab9204a0d2a","sha512":"8f1c1309b2c99973e7576efb0af02301c5808d4473a5ea619347f49ceda5c2cbdca0332a05dcb5ae1d631305964da6d7d7e1ab7668fd185020b4ddb6ceb57429","ssdeep":"1536:fDFXTPlYFbED7yZxg6V4wMSzy7JyeuoJlQ5uCe/ZiE99WjNBsgGC3W/cL3JaQ47x:iDt1oJlQ5cwbGaJaQ47GKN","tlshash":"4a6308dd72c6b07257a770b9007f600bf136199a6c4e4410f129e8e9bc78a4a827bf7d","size":72818,"data":"","first_seen":"2023-03-12T21:51:55Z","last_seen":"2026-06-24T10:12:37.352959Z","times_seen":1164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/axios@1.2.2/dist/axios.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c68d87ae776cca50ba5f38e07b73717d","sha1":"547505afc711bba4c5d4fc2fdf1c3236b9456c07","sha256":"788113ee18acbedd4dd5c4cb8b1d134c50d05fb7e6c7449741f5f902f0dda741","sha512":"4139dbf414241b87c1608b7d246bd89b13e977a4c178aa7a96c52bb62550b2b27db1bdf7067f6cd303103bda950456cf5f7c47440b011ef5e572cae72631318e","ssdeep":"768:KCDYsInWThrul/MzFzBSQcFAm+KuzilN+afgb8Hph:3IGF1SDJ+Te+QHj","tlshash":"4fe209c8bad1b072936771b5406f150bf23ab966a48d8490f120ece67cb850e9767f7c","size":31153,"data":"","first_seen":"2023-03-12T10:34:08Z","last_seen":"2026-06-03T18:11:17.103252Z","times_seen":113,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/sweetalert2@11","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e8f033d3c7a50e4abe3d98ac65234d13","sha1":"caf431ea6dc8567be010d07f4f7d5798163821de","sha256":"7506c8f4d85e4707ab46f9858f0c6e65e3316b9d2f122dcf485b9dbf39d5a7ac","sha512":"ecad9d89ce602e5121c97135933a33122f0d9b32c15b43949d5fbe51fe576da069e9a416772117eb4666d8354b685046c0d7a3e086f669fffa488e2f05ff0ba3","ssdeep":"1536:iw46xylPIZSKcO355lcVU/SZ2DUdzI8bRj:PxYIvTlcVU/62mI8d","tlshash":"e173f8916a00f03776bb45ae65d1e7047ae99405fcb34894f42cc8804fe7d4f26b7aba","size":79991,"data":"","first_seen":"2026-03-20T09:57:21.567576Z","last_seen":"2026-06-21T19:44:49.803314Z","times_seen":2826,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/ABI.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e02bfe09ad56c856c4138a07bfc66853","sha1":"4581b906d58789491e062ee1da0dedb9d78531f1","sha256":"2950fef1ddb4a5e176416faf280da11a36081e4271ca4ff976345c659b4de8e7","sha512":"bbdcfcabb87a7d0efb26313ac228390dc1ca1ee9bae3803a4ef5de8913c9542c6ba26b279664a4783a7fa90324e89ce1bacf302e43b1b30a81c71bc8d1937a66","ssdeep":"96:nAWQ9AJVRXLPuejeN+WSUTyMPNJAB8AAAXQThRovQTiFRbpqg8hLU17hLBGTl1Xk:AWZdXAh95ov","tlshash":"1e520797321fad6f48882ba941f28788b5a9d1e7d1cdcc82284c8e32c7dd955c46e35f","size":13514,"data":"","first_seen":"2023-03-09T08:50:45Z","last_seen":"2026-04-05T11:05:10.85806Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/seaport.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e22d0c14f5be54af448df7ea306f55c","sha1":"9f93d601d838288124f6f2e48d5f3d7819c347a6","sha256":"b6654d21661d0e082cbe1eddcd03e3be37520016b7cd1efc277d3d9539e200e2","sha512":"22a057e56f955edb8c5dfbd1ac1877290c2a19ba7630d5c523eab67fdba0ddd9c706ea034943d90b047cb1c0b90ef74914d9d4484c5cc6b015d189355b8afbfa","ssdeep":"12288:s7oofGHBQKEJ1NL/w0SPzmigdlpNhny1Bnh/R1vyp7Y9gEziBx4x8tgz065Gxw8B:FDHBfEbNL40BoRpWT20ZNbAOH","tlshash":"6c95b449abf760619617707c4b6fa005b638d4174488dd64be8cd3a0af9583887fafec","size":2054903,"data":"","first_seen":"2026-03-07T01:02:17.390377Z","last_seen":"2026-04-05T11:05:10.867127Z","times_seen":36,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.3.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"541e80b5bc224cfe384a99836e5062ec","sha1":"7da81d6d0701e3a6ff598a8e1af6f554976a70ca","sha256":"670a99215743de25cdc861db49876c9963fffd4068923d851c0c4ab9204a0d2a","sha512":"8f1c1309b2c99973e7576efb0af02301c5808d4473a5ea619347f49ceda5c2cbdca0332a05dcb5ae1d631305964da6d7d7e1ab7668fd185020b4ddb6ceb57429","ssdeep":"1536:fDFXTPlYFbED7yZxg6V4wMSzy7JyeuoJlQ5uCe/ZiE99WjNBsgGC3W/cL3JaQ47x:iDt1oJlQ5cwbGaJaQ47GKN","tlshash":"4a6308dd72c6b07257a770b9007f600bf136199a6c4e4410f129e8e9bc78a4a827bf7d","size":72818,"data":"","first_seen":"2023-03-12T21:51:55Z","last_seen":"2026-06-24T10:12:37.352959Z","times_seen":1164,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/main.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"10513ec0210445d27a2a9f6ede8cbb3b","sha1":"2cd429fde0bcdb49030672e76f448cdf78547f7a","sha256":"4aadb01a94c38da83cc13e9e6fa92a146edbcac85aaf26bdb976f93b621b32d0","sha512":"3efd43eb6dd2b25511561512787ced76ac2388d2d782bf546b4b83b0f90cfc460de3d495ec9a593ccaeeaabd579fc749e6b478eb685fa517f17ded49d896a755","ssdeep":"768:IV4Bs/PZKrzypG4r6KbU3og5fDoR11JmsEmzu9:IVYsk/yTU3doR118sEmS9","tlshash":"994309f024f72025412b385ace5f740930257167aa8dd9a87aec57e1afcb429c5e3bcd","size":56569,"data":"","first_seen":"2026-04-02T03:19:54.792861Z","last_seen":"2026-04-02T12:50:31.977695Z","times_seen":7,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-02","alert":"Detects file containing Telegram Bot API","trigger":"h.carddsapply.com/scripts/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"rpc.ankr.com/eth/2f26e1d5d1d33832856cb3db7386378211364276b00985f802045f6857bc80a9","fqdn":"rpc.ankr.com","domain":"ankr.com","tld":"com"},"ip":{"addr":"173.244.207.30","port":443,"asn":13213,"as":"UK-2 Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:03.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shark.multi-rpc.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 11:28:53 GMT","end":"Sun, 21 Jun 2026 11:28:52 GMT"},"fingerprint":{"sha1":"AE:1D:6B:AA:47:F3:E6:57:DE:8E:AE:96:E2:57:FD:59:C7:98:35:45","sha256":"E7:E9:5B:8C:16:7D:7C:6C:3F:CA:EE:53:6B:E2:1C:37:99:35:61:A9:23:2A:B7:B5:21:15:EE:7D:F2:99:FF:57"}}},"request":{"raw":"POST /eth/2f26e1d5d1d33832856cb3db7386378211364276b00985f802045f6857bc80a9 HTTP/1.1\r\nHost: rpc.ankr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://h.carddsapply.com/\r\ncontent-type: application/json\r\nContent-Length: 60\r\nOrigin: https://h.carddsapply.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":60,"data":"{\"method\":\"eth_chainId\",\"params\":[],\"id\":42,\"jsonrpc\":\"2.0\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 02 Apr 2026 12:50:03 GMT\r\ncontent-type: application/json\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nx-shark-trace-id: 6fa9ad8c6c33427e8ea07b1ce83dc2e1\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,solana-client,client-sdk-version,client-sdk-type,client-target-api-version,x-ton-client-version,x-client-name,x-client-version\r\naccess-control-max-age: 1728000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3b13b016aca98e0d56efc6323686ce77","sha1":"d409afcbe00106e895feb9ffdc85d2b03da701eb","sha256":"03ccbdc6fc2746d106b6b3f8bb353474f144f135d4600cbe844ca44e1c78768d","sha512":"f16bb64f72473097f071b36023337043c7b3a497dc57422bdbde5eb554896d73e3c8e4da4664e3f9cf54c5e5daf80e35ea96e5947ae4ea1693dc813555b4bb14","ssdeep":"","tlshash":"b49004c01d050731450c0c41d40d015171c1375405040d044c0d414150441477304315","first_seen":"2024-08-29T17:47:19.362481Z","last_seen":"2026-06-03T16:15:21.756652Z","times_seen":63,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-02T12:50:02.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:02 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:52:00 GMT\r\nETag: W/\"1d71d-19d4950bb90\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Axios:1.2.2","description":"Promise based HTTP client for the browser and node.js","website":"https://github.com/axios/axios","common_platform_enumeration":"","icon":"Axios.svg","categories":["JavaScript libraries"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Unpkg","description":"Unpkg is a content delivery network for everything on npm.","website":"https://unpkg.com","common_platform_enumeration":"","icon":"Unpkg.png","categories":["CDN"]},{"name":"SweetAlert2:11","description":"SweetAlert2 is a JavaScript library that provides customisable, visually appealing, and responsive alert and modal dialog boxes for web applications.","website":"https://sweetalert2.github.io/","common_platform_enumeration":"","icon":"SweetAlert2.svg","categories":["JavaScript libraries"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":120605,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"2e355dcccce17938cbaac85c5c334b19","sha1":"b418c70591432eb8e608ea429e0c5a5cccd174c5","sha256":"a7bf78bb421baa3bf1b723a96f7712b1ca455dd6176a79da81d251f4ecb2295f","sha512":"580a7157687869d8b3d841476e3aafd58dea0ca7565c7a6839eed636336d7313574a07f5a7200de520297fce91514c85f22d428e302876653ae153fd7c20626d","ssdeep":"1536:J7+MqcN+IWI7YCYWQMqcN+IWI7YCYWP52M:JL+m+al","tlshash":"3fc3fd456e978053ba67812e2be6f30432f5e003dcb6ed58bd9cd1808fc7d5c29a93a4","first_seen":"2026-04-02T03:19:54.803161Z","last_seen":"2026-04-05T11:05:10.860354Z","times_seen":35,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":66,"dns":11,"connect":23,"send":0,"wait":49,"receive":22,"ssl":30},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ua-parser-js@1.0.33/src/ua-parser.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/ua-parser-js@1.0.33/src/ua-parser.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.0.33\r\nx-jsd-version-type: version\r\netag: W/\"3e30-qjoIfmvuPeqdxy3xl0QYFkn0ABQ\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 1759539\r\ndate: Thu, 02 Apr 2026 12:50:02 GMT\r\nx-served-by: cache-fra-eddf8230120-FRA, cache-hel1410029-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 7390\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15920,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (15585)","md5":"0f5dee1db90006370bfad15f1c6433f1","sha1":"aa3a087e6bee3dea9dc72df19744181649f40014","sha256":"0708d17e2795584e55ffe69838b2163d73ccf2f05cc177653b3884d6a7cff51e","sha512":"2187507129a58026e0443cdc57570b689626525c9cfdc123a5ef05ad2c39882aba2ecdb9c2e4b1d45165b02db0d6ec2f61786df208a46904487c987458ccf79e","ssdeep":"384:veSussfhlSg15+2rRSLkdAhYStQfdjpTJuU3ZGUshwzVXQd6VkedjyABx:G0Lk5/RSgd4YStQRpTJuU3ZGUshwzVSG","tlshash":"4862743fd295ff3c57dce908e77946442f0b6d2aca8860f499d092627cb86da0046777","first_seen":"2025-06-24T09:26:28.558042Z","last_seen":"2026-04-05T11:05:10.851923Z","times_seen":37,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":74,"dns":1,"connect":29,"send":0,"wait":15,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/ABI.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.826Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /scripts/ABI.js HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:02 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 13514\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:53:22 GMT\r\nETag: W/\"34ca-19d4951f87f\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":13514,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (4230), with CRLF line terminators","md5":"e02bfe09ad56c856c4138a07bfc66853","sha1":"4581b906d58789491e062ee1da0dedb9d78531f1","sha256":"2950fef1ddb4a5e176416faf280da11a36081e4271ca4ff976345c659b4de8e7","sha512":"bbdcfcabb87a7d0efb26313ac228390dc1ca1ee9bae3803a4ef5de8913c9542c6ba26b279664a4783a7fa90324e89ce1bacf302e43b1b30a81c71bc8d1937a66","ssdeep":"96:nAWQ9AJVRXLPuejeN+WSUTyMPNJAB8AAAXQThRovQTiFRbpqg8hLU17hLBGTl1Xk:AWZdXAh95ov","tlshash":"1e520797321fad6f48882ba941f28788b5a9d1e7d1cdcc82284c8e32c7dd955c46e35f","first_seen":"2023-03-09T08:50:45Z","last_seen":"2026-04-05T11:05:10.85806Z","times_seen":44,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":4,"connect":28,"send":0,"wait":46,"receive":1,"ssl":55},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/assets/f_5ab5d2f1.png","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /assets/f_5ab5d2f1.png HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 544902\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:52:06 GMT\r\nETag: W/\"85086-19d4950d1b9\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":544902,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 815 x 763, 8-bit/color RGBA, non-interlaced","md5":"e9538487a7fcf7030c27dad22c558103","sha1":"031541c9f7e022e397e098ede71384a961e80402","sha256":"271e9d12653ced631a06f14e4112f44976d7b25b0331e6d767c4f0b6e3d52446","sha512":"4298084eb89d6daca44f991a20983d1fa7cf5a2be6f866b6115ca9aa526a9a97a224f278ee3ea399cf9fd5953f9db9e516015f4786a96ece0225539bdf1c883e","ssdeep":"12288:W9jwg8AN76gwOcLg/BH2D0eIhavUT9+7xVq/sPJnlRGiwRa2kUayj:W90gdQpg/h2pIrqU/eR4RU3m","tlshash":"e5c4235efb6dd75cc0a3d14848b8ef35afc1aa4c60b521d099381aba5627d434e338bc","first_seen":"2026-03-07T01:02:17.364795Z","last_seen":"2026-04-05T11:05:10.866192Z","times_seen":36,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":310,"dns":0,"connect":0,"send":0,"wait":39,"receive":77,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"rpc.ankr.com/eth/2f26e1d5d1d33832856cb3db7386378211364276b00985f802045f6857bc80a9","fqdn":"rpc.ankr.com","domain":"ankr.com","tld":"com"},"ip":{"addr":"173.244.207.30","port":443,"asn":13213,"as":"UK-2 Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:03.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"shark.multi-rpc.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Mon, 23 Mar 2026 11:28:53 GMT","end":"Sun, 21 Jun 2026 11:28:52 GMT"},"fingerprint":{"sha1":"AE:1D:6B:AA:47:F3:E6:57:DE:8E:AE:96:E2:57:FD:59:C7:98:35:45","sha256":"E7:E9:5B:8C:16:7D:7C:6C:3F:CA:EE:53:6B:E2:1C:37:99:35:61:A9:23:2A:B7:B5:21:15:EE:7D:F2:99:FF:57"}}},"request":{"raw":"OPTIONS /eth/2f26e1d5d1d33832856cb3db7386378211364276b00985f802045f6857bc80a9 HTTP/1.1\r\nHost: rpc.ankr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://h.carddsapply.com/\r\nOrigin: https://h.carddsapply.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Thu, 02 Apr 2026 12:50:03 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS\r\naccess-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,solana-client,client-sdk-version,client-sdk-type,client-target-api-version,x-ton-client-version,x-client-name,x-client-version\r\naccess-control-max-age: 1728000\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-24T13:14:28.237166Z","times_seen":16681323,"resource_available":true,"data":null}},"time_used":432,"timings":{"blocked":201,"dns":77,"connect":30,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/sweetalert2@11","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/sweetalert2@11 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 11.26.24\r\nx-jsd-version-type: version\r\netag: W/\"13877-yvQx6m3IVnvgENB/T31XmBY4Id4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 02 Apr 2026 12:50:02 GMT\r\nage: 3243\r\nx-served-by: cache-fra-eddf8230135-FRA, cache-hel1410029-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 21418\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":79991,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (49001)","md5":"e8f033d3c7a50e4abe3d98ac65234d13","sha1":"caf431ea6dc8567be010d07f4f7d5798163821de","sha256":"7506c8f4d85e4707ab46f9858f0c6e65e3316b9d2f122dcf485b9dbf39d5a7ac","sha512":"ecad9d89ce602e5121c97135933a33122f0d9b32c15b43949d5fbe51fe576da069e9a416772117eb4666d8354b685046c0d7a3e086f669fffa488e2f05ff0ba3","ssdeep":"1536:iw46xylPIZSKcO355lcVU/SZ2DUdzI8bRj:PxYIvTlcVU/62mI8d","tlshash":"e173f8916a00f03776bb45ae65d1e7047ae99405fcb34894f42cc8804fe7d4f26b7aba","first_seen":"2026-03-20T09:57:21.567576Z","last_seen":"2026-06-21T19:44:49.803314Z","times_seen":2826,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":37,"dns":1,"connect":13,"send":0,"wait":17,"receive":1,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/seaport.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /scripts/seaport.js HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:02 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 2054903\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:53:31 GMT\r\nETag: W/\"1f5af7-19d49521be4\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2054903,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (864)","md5":"3a1fc9ac373d724f6b4a1883ab14226a","sha1":"f48a79c05df973a46a0f576eabc2d57b0ed0c8e0","sha256":"497ea7b61f0f22813d61d10d4a3fcd6b945604e1afdb1555cc8b58020bdbd85e","sha512":"fd1d2fe64511a5020258c22ad40413b0e88ab72c9cf21a471be763349b913dce75b099d7bb19decbbf49808962b8fe0c5a64783dec02fc5f083b0b2788f14f67","ssdeep":"6144:sx8sq74VN29yVZMKi/opYsLdKt3DCeKbPUD1kxksoOkQT:s7oofB","tlshash":"1925a44abaf760614617317c4b6f9005b634d4575588dc64be8cc3a0af9983c8bfabec","first_seen":"2026-03-07T01:02:17.379104Z","last_seen":"2026-04-05T11:05:10.850299Z","times_seen":36,"resource_available":false,"data":null}},"time_used":318,"timings":{"blocked":-1,"dns":1,"connect":49,"send":0,"wait":46,"receive":183,"ssl":50},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:40 GMT","end":"Mon, 01 Jun 2026 08:37:39 GMT"},"fingerprint":{"sha1":"5F:99:6E:26:2A:3A:DA:FF:7F:0D:EE:C5:8B:2A:01:AE:28:26:AD:C4","sha256":"2B:88:E7:79:70:E5:E9:DE:0E:A9:0A:B8:F1:F5:C6:D6:10:77:F0:C9:0F:E6:2A:13:A3:D6:08:F9:89:A3:60:E8"}}},"request":{"raw":"GET /css2?family=Roboto:wght@400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 02 Apr 2026 12:50:03 GMT\r\ndate: Thu, 02 Apr 2026 12:50:03 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"4c8ef72eb043b6205edde8d9e910787e","sha1":"fa8b1cd29ea6e9bd2113a33d10ab096306430f37","sha256":"0031e12119f0b0e9820611dc4e888b0decf9c9924e4b2bea291397e70105305a","sha512":"80bf1edac61df533f32176b490302e90a6213b72b5ea335092fa25128a4229cc7967e5c4cdc6cec06c923335260d0ecb779fad1b36a26ff616b4eb4465e34e7f","ssdeep":"384:89fM919W969yh9/qY4X9N9t9i9fD9O9d9B9ya9/qY4Q9G9m949fd9k9D939yQ9/O:8yjooYhREHPM5svvYaR7AIWP2ZZYQRVs","tlshash":"8c721fa1041744009b838ce223cebf35fe1f52117142d0b5abfd9b6baddbca6526936d","first_seen":"2026-02-19T23:44:13.889102Z","last_seen":"2026-06-24T11:57:13.774211Z","times_seen":4867,"resource_available":false,"data":null}},"time_used":537,"timings":{"blocked":259,"dns":10,"connect":23,"send":0,"wait":19,"receive":0,"ssl":219},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/style.css","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:02 GMT\r\nContent-Type: text/css; charset=UTF-8\r\nContent-Length: 33413\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:52:01 GMT\r\nETag: W/\"8285-19d4950bf7c\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":33413,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"241a48ec1cf17342d7aee5455ac581f5","sha1":"da481e824810864ebcc35e7a38e70343a7dabd52","sha256":"60e50e27031ce58b530f5679d93dbc8f7f1a65caf686cea83fb9d5366fd22465","sha512":"82fd2cb646a4f66b1d7e36da9560059c1482d220c059ab4ca74137517a5091f8902a394c4415f0a668a1d792363dcf33ecce362688c1cf70f3f8e0ec556786dd","ssdeep":"384:JJWQnA9uTIC18qr0HcvtlJxciT/rXa7+tn:JJWQOun8bI9/O7En","tlshash":"2fe23e24d9022046b3339bb96fb30609eb5990638b42d1a9bfdc32588ff517c5662fdd","first_seen":"2026-03-07T01:02:17.386018Z","last_seen":"2026-04-05T11:05:10.85589Z","times_seen":36,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/assets/f_41ffce8e.png","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /assets/f_41ffce8e.png HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 111066\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:52:04 GMT\r\nETag: W/\"1b1da-19d4950ca23\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":111066,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 486 x 429, 8-bit/color RGBA, non-interlaced","md5":"bf7815553b052f106719dd4864758187","sha1":"9c4a6191087e5a45dea41f44a25ef9301423f718","sha256":"84445f55d0d97cb3aadb37f72238604d0d9571769de4fc909ed9d7177c614b6d","sha512":"433fdd6322735e4628307649ee0e3ac305fd443592cc31b98ed71dbaa9da0de48c78c4c200b8b73d3e1df4984042e659dcf12f267dc64e305aa59e387d42a1d3","ssdeep":"3072:nTZ2BcW2ebC9V5ZZmtV9IS9g5vm5wS/E6IFPHXYROO76R:OcW2ebS2bmT5vmaC6FPy7e","tlshash":"6bb31250a55441ed5e5864c37c741831abfbdabe313461e9cbb1e9fa20763f20eace48","first_seen":"2026-02-28T00:33:53.806002Z","last_seen":"2026-04-05T11:05:10.858571Z","times_seen":40,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":312,"dns":0,"connect":0,"send":0,"wait":59,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.883Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:40 GMT","end":"Mon, 01 Jun 2026 08:37:39 GMT"},"fingerprint":{"sha1":"5F:99:6E:26:2A:3A:DA:FF:7F:0D:EE:C5:8B:2A:01:AE:28:26:AD:C4","sha256":"2B:88:E7:79:70:E5:E9:DE:0E:A9:0A:B8:F1:F5:C6:D6:10:77:F0:C9:0F:E6:2A:13:A3:D6:08:F9:89:A3:60:E8"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 02 Apr 2026 12:50:03 GMT\r\ndate: Thu, 02 Apr 2026 12:50:03 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7581,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"75d871927f5e58b96f7bf7b5de083ae0","sha1":"ba1c473216e2bfb9613075ac3729a7b976118e04","sha256":"0014d56cd9cf8b2d3da043344ee9c6e4c4ad96ad62cb3d167b838ea5dfbd2ffb","sha512":"748385a376279efccc77e2d9e1126f22d4f9c4329772c63c0f9cf383ec71a00caa6d0caf93536b8a0c836f390cb5e2ebb0b53f9aae74fbf92fbec704298d6445","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8ONEhYO3RrxGx:vXuM1+4","tlshash":"cbf17792002ba400ab971dc223cf7e3aaece10896085d1b95ffd0dc59ceed66436876d","first_seen":"2025-09-10T19:11:46.108203Z","last_seen":"2026-06-24T13:13:47.662246Z","times_seen":3438,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":169,"dns":9,"connect":7,"send":0,"wait":19,"receive":0,"ssl":151},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/assets/_next/static/media/f_c9a03fb2.svg","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:03.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /assets/_next/static/media/f_c9a03fb2.svg HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:03 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 854\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:53:38 GMT\r\nETag: W/\"356-19d49523988\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":854,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1a2ea22e9e3715f46aa10c5d5d515802","sha1":"8a1c176baabdea1858dbbfa49ebdd2bd08e84fa7","sha256":"c3729a732e44aec8b096f4b888d211efe395566452e3eccc7c6743467158b148","sha512":"150f8e44dbc8627b7a6b06b4098facabd4465b6bbd4279a7fe8a15cce065607bc65e3787d6497a530b9defe1c8c79d105dfc87549b47d7ed230d91c07f997038","ssdeep":"","tlshash":"4a0108268798e62bed5ed20ed058e420312650e76bc8c245f2be9f4f5f145864c477d9","first_seen":"2024-01-20T14:08:29Z","last_seen":"2026-06-11T20:21:07.821007Z","times_seen":189,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"unpkg.com/axios@1.2.2/dist/axios.min.js","fqdn":"unpkg.com","domain":"unpkg.com","tld":"com"},"ip":{"addr":"104.18.1.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"unpkg.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 08:16:48 GMT","end":"Tue, 19 May 2026 09:15:09 GMT"},"fingerprint":{"sha1":"F3:CF:0B:A3:28:07:E9:5A:D0:8B:F4:9E:A8:A1:9B:71:A6:59:38:23","sha256":"DD:EE:6D:62:AC:D0:59:11:F9:1C:53:44:27:F0:8B:A5:2C:A2:C6:C4:BF:B8:79:AF:A5:5F:B3:E1:29:E8:45:8E"}}},"request":{"raw":"GET /axios@1.2.2/dist/axios.min.js HTTP/1.1\r\nHost: unpkg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 02 Apr 2026 12:50:02 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncf-ray: 9e5ff4ffa97756cb-OSL\r\ncf-cache-status: HIT\r\nfly-request-id: 01KN03DXDW4NDY0SB87RDT8TDP-fra\r\naccess-control-allow-origin: *\r\nage: 34241\r\ncache-control: public, max-age=31536000\r\nexpires: Fri, 02 Apr 2027 12:50:02 GMT\r\nlast-modified: Mon, 30 Mar 2026 19:27:17 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: accept-encoding\r\nvia: 1.1 fly.io, 1.1 fly.io\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncontent-digest: sha256=:eIET7hisvt1N1cTLix0TTFDQX7fmx0SXQfX5AvDdp0E=:\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Fly.io","description":"Fly is a platform for running full stack apps and databases.","website":"https://fly.io","common_platform_enumeration":"","icon":"Fly.io.png","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31153,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31114)","md5":"c68d87ae776cca50ba5f38e07b73717d","sha1":"547505afc711bba4c5d4fc2fdf1c3236b9456c07","sha256":"788113ee18acbedd4dd5c4cb8b1d134c50d05fb7e6c7449741f5f902f0dda741","sha512":"4139dbf414241b87c1608b7d246bd89b13e977a4c178aa7a96c52bb62550b2b27db1bdf7067f6cd303103bda950456cf5f7c47440b011ef5e572cae72631318e","ssdeep":"768:KCDYsInWThrul/MzFzBSQcFAm+KuzilN+afgb8Hph:3IGF1SDJ+Te+QHj","tlshash":"4fe209c8bad1b072936771b5406f150bf23ab966a48d8490f120ece67cb850e9767f7c","first_seen":"2023-03-12T10:34:08Z","last_seen":"2026-06-03T18:11:17.103252Z","times_seen":113,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":3,"dns":0,"connect":1,"send":0,"wait":21,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/assets/f_bf6ce74a.png","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /assets/f_bf6ce74a.png HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 28146\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:52:06 GMT\r\nETag: W/\"6df2-19d4950d2a1\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":28146,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 753 x 673, 8-bit/color RGBA, non-interlaced","md5":"3515fad471d01d38e7484bca9494cbcc","sha1":"d0d99b3c06f0fff18c566bfb9289db0034565faf","sha256":"885f7417b13e3d57c613434fa950d1f6283024a87f5de7d77b437a2a069c5667","sha512":"f6b8cebc20034b00bcdc2b4add9ca5015c4e6b3540b9af42260799df66215716a8a65fdd5af6513f72d39d254a58bc9d558d652ca4b6fe35a1051dbabc67e41d","ssdeep":"768:e9P2FpwRPBIIsjp3eAn22FyzVVRMhoT79:ewFpQ6593eAVcVF1","tlshash":"bbc2e141655668a19d4ec9133e1b29d97778923be30c3fb02d095e2a33d61f2242f63a","first_seen":"2026-02-15T08:27:17.955241Z","last_seen":"2026-04-05T11:05:10.851119Z","times_seen":41,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":311,"dns":0,"connect":0,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.3.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:03.559Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.3.slim.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-11c72\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 02 Apr 2026 12:50:03 GMT\r\nage: 961896\r\nx-served-by: cache-lga21925-LGA, cache-hel1410028-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 1219, 32\r\nx-timer: S1775134204.564042,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 24764\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72818,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65241)","md5":"541e80b5bc224cfe384a99836e5062ec","sha1":"7da81d6d0701e3a6ff598a8e1af6f554976a70ca","sha256":"670a99215743de25cdc861db49876c9963fffd4068923d851c0c4ab9204a0d2a","sha512":"8f1c1309b2c99973e7576efb0af02301c5808d4473a5ea619347f49ceda5c2cbdca0332a05dcb5ae1d631305964da6d7d7e1ab7668fd185020b4ddb6ceb57429","ssdeep":"1536:fDFXTPlYFbED7yZxg6V4wMSzy7JyeuoJlQ5uCe/ZiE99WjNBsgGC3W/cL3JaQ47x:iDt1oJlQ5cwbGaJaQ47GKN","tlshash":"4a6308dd72c6b07257a770b9007f600bf136199a6c4e4410f129e8e9bc78a4a827bf7d","first_seen":"2023-03-12T21:51:55Z","last_seen":"2026-06-24T10:12:37.352959Z","times_seen":1164,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.3.slim.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.822Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-3.6.3.slim.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-11c72\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 02 Apr 2026 12:50:02 GMT\r\nage: 961895\r\nx-served-by: cache-lga21925-LGA, cache-hel1410028-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 1219, 31\r\nx-timer: S1775134203.876238,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 24764\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72818,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65241)","md5":"541e80b5bc224cfe384a99836e5062ec","sha1":"7da81d6d0701e3a6ff598a8e1af6f554976a70ca","sha256":"670a99215743de25cdc861db49876c9963fffd4068923d851c0c4ab9204a0d2a","sha512":"8f1c1309b2c99973e7576efb0af02301c5808d4473a5ea619347f49ceda5c2cbdca0332a05dcb5ae1d631305964da6d7d7e1ab7668fd185020b4ddb6ceb57429","ssdeep":"1536:fDFXTPlYFbED7yZxg6V4wMSzy7JyeuoJlQ5uCe/ZiE99WjNBsgGC3W/cL3JaQ47x:iDt1oJlQ5cwbGaJaQ47GKN","tlshash":"4a6308dd72c6b07257a770b9007f600bf136199a6c4e4410f129e8e9bc78a4a827bf7d","first_seen":"2023-03-12T21:51:55Z","last_seen":"2026-06-24T10:12:37.352959Z","times_seen":1164,"resource_available":true,"data":null}},"time_used":130,"timings":{"blocked":48,"dns":1,"connect":13,"send":0,"wait":16,"receive":2,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/ethereumjs-tx-1.3.3.min.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /scripts/ethereumjs-tx-1.3.3.min.js HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:02 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 323051\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:53:22 GMT\r\nETag: W/\"4edeb-19d4951fb12\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":323051,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (43040)","md5":"ca1104de538caea2d54265fbe90916b4","sha1":"d6c416e5d153f500f7ac66d25a2b73db45867ad4","sha256":"10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0","sha512":"51fe1c1b91913f9108019b1d18ca38593175cbc827ee159e2942d62b2a9825317642833f17c2526ce292d9623e394cce1a750d9c6246c7eb201a57b15c8d8bc4","ssdeep":"3072:3dpgpHu8o3GVhW8Jg5bGpLsev6ns9oq1CfdfDWp1WrB33NjbLytdJ7bt3r:3fGVL2CNvms/CfdS1Dr","tlshash":"a6640989fba07052435671a5062f644fb67af92d5949006cf254e8fb3cf89c8a63bf34","first_seen":"2023-03-07T01:24:06Z","last_seen":"2026-06-21T09:49:07.258321Z","times_seen":2095,"resource_available":true,"data":null}},"time_used":285,"timings":{"blocked":70,"dns":1,"connect":23,"send":0,"wait":42,"receive":86,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/scripts/main.js","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /scripts/main.js HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:02 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 56569\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:53:24 GMT\r\nETag: W/\"dcf9-19d49520102\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":56569,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6612)","md5":"10513ec0210445d27a2a9f6ede8cbb3b","sha1":"2cd429fde0bcdb49030672e76f448cdf78547f7a","sha256":"4aadb01a94c38da83cc13e9e6fa92a146edbcac85aaf26bdb976f93b621b32d0","sha512":"3efd43eb6dd2b25511561512787ced76ac2388d2d782bf546b4b83b0f90cfc460de3d495ec9a593ccaeeaabd579fc749e6b478eb685fa517f17ded49d896a755","ssdeep":"768:IV4Bs/PZKrzypG4r6KbU3og5fDoR11JmsEmzu9:IVYsk/yTU3doR118sEmS9","tlshash":"994309f024f72025412b385ace5f740930257167aa8dd9a87aec57e1afcb429c5e3bcd","first_seen":"2026-04-02T03:19:54.792861Z","last_seen":"2026-04-02T12:50:31.977695Z","times_seen":7,"resource_available":true,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":1,"connect":33,"send":0,"wait":38,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-04-02","alert":"Detects file containing Telegram Bot API","trigger":"h.carddsapply.com/scripts/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:03.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:39 GMT","end":"Mon, 01 Jun 2026 08:37:38 GMT"},"fingerprint":{"sha1":"31:A8:B5:C1:CD:F5:51:78:A9:8C:E3:B4:73:92:CF:C0:6D:69:48:19","sha256":"81:9A:84:FB:F5:4C:AB:82:DF:C1:27:CC:60:46:A6:23:A8:49:56:99:47:CF:C4:05:3F:0D:87:31:DD:2C:23:A2"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://h.carddsapply.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 27 Mar 2026 21:23:23 GMT\r\nexpires: Sat, 27 Mar 2027 21:23:23 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 487600\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-24T13:15:55.190342Z","times_seen":199852,"resource_available":false,"data":null}},"time_used":236,"timings":{"blocked":92,"dns":1,"connect":26,"send":0,"wait":23,"receive":26,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"172.217.19.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:03.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 09 Mar 2026 08:37:39 GMT","end":"Mon, 01 Jun 2026 08:37:38 GMT"},"fingerprint":{"sha1":"31:A8:B5:C1:CD:F5:51:78:A9:8C:E3:B4:73:92:CF:C0:6D:69:48:19","sha256":"81:9A:84:FB:F5:4C:AB:82:DF:C1:27:CC:60:46:A6:23:A8:49:56:99:47:CF:C4:05:3F:0D:87:31:DD:2C:23:A2"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://h.carddsapply.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 27 Mar 2026 21:23:23 GMT\r\nexpires: Sat, 27 Mar 2027 21:23:23 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nage: 487600\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-24T13:15:55.190342Z","times_seen":199852,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":93,"dns":0,"connect":33,"send":0,"wait":47,"receive":15,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/web3@1.8.1/dist/web3.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.817Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/web3@1.8.1/dist/web3.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 1.8.1\r\nx-jsd-version-type: version\r\netag: W/\"163759-IwpZDBwarMNpRlZFtitwZD1oxeo\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 458844\r\ndate: Thu, 02 Apr 2026 12:50:02 GMT\r\nx-served-by: cache-fra-eddf8230031-FRA, cache-hel1410029-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 306652\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1455961,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (64083)","md5":"aa213ea6a5c23384afc506993a4a769d","sha1":"0a53e8300ee7f9785158be2378e96a63a750e6af","sha256":"c6ac604a8e4068f4712de65915f11c269191d40d5edc17263dd6d2eb0d5d7913","sha512":"2b33ebe2664052f668a7cdc6b78bf2dfc7592ae542351cf3d582739345aaa346b00eb494c5604de5d1c9766f926cd94ad238af54b1efb3b93c1476650d0c245c","ssdeep":"6144:fky3E6vdg3nvC2xj7z03o6yDJD8hv5UrHnP5XJE1iOBDhHkXAZ3CNvmskkE3I5kB:qTl6yDJDY2BYfdDZ3amsRMIWeLkj","tlshash":"3f251ac47691b0a183a361e5406f500fe33abd692c4c4168f754fcf62cb9a99562bf3e","first_seen":"2025-08-02T03:11:59.489425Z","last_seen":"2026-04-05T11:05:10.85652Z","times_seen":77,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":81,"dns":1,"connect":28,"send":0,"wait":16,"receive":17,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.193.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.7.2\r\nx-jsd-version-type: version\r\netag: W/\"b996b-tlFUVYf2JXNF3D3p3apESxDe3z4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 623578\r\ndate: Thu, 02 Apr 2026 12:50:02 GMT\r\nx-served-by: cache-fra-etou8220026-FRA, cache-hel1410029-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 168432\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":760171,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-06-24T10:50:46.241249Z","times_seen":3636,"resource_available":true,"data":null}},"time_used":159,"timings":{"blocked":49,"dns":1,"connect":14,"send":0,"wait":22,"receive":27,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"h.carddsapply.com/assets/f_b822a4ef.png","fqdn":"h.carddsapply.com","domain":"carddsapply.com","tld":"com"},"ip":{"addr":"45.87.41.234","port":443,"asn":62068,"as":"SpectraIP B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://h.carddsapply.com/","date":"2026-04-02T12:50:02.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"carddsapply.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 31 Mar 2026 18:05:57 GMT","end":"Mon, 29 Jun 2026 18:05:56 GMT"},"fingerprint":{"sha1":"A3:EB:C7:7A:6B:41:3F:E6:58:26:8E:26:14:D5:18:37:B7:CC:1A:43","sha256":"0F:1F:B4:6F:D9:31:77:73:04:96:56:5C:39:EB:FD:59:44:94:11:96:03:55:BD:B5:07:EF:18:73:16:2A:6D:52"}}},"request":{"raw":"GET /assets/f_b822a4ef.png HTTP/1.1\r\nHost: h.carddsapply.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://h.carddsapply.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.24.0 (Ubuntu)\r\nDate: Thu, 02 Apr 2026 12:50:03 GMT\r\nContent-Type: image/png\r\nContent-Length: 732569\r\nConnection: keep-alive\r\nX-Powered-By: Express\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Wed, 01 Apr 2026 13:52:05 GMT\r\nETag: W/\"b2d99-19d4950cefe\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":732569,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 863 x 936, 8-bit/color RGBA, non-interlaced","md5":"d32ac363c2998c3864c7d15de918fb17","sha1":"b359c147adaa834c82f35b7c287a769cd1d04a3d","sha256":"3a1184331b78f03f38a81b9394448b3930753b1128a0a91b1a2c0d6a5ecd06d6","sha512":"e2c69370c79fec6da9bcc21f2fff811183922b3b8365d6bfc52c67b2997c76efa69387a1d6d70cff99cc1e831ab75a59bd3ef3e56e4b4762cc3bf73a2bb32218","ssdeep":"12288:KBiaQlWq4N1NCTGZ36X/vUiYDfUBwybnCAXafDKlclxckrP6g8rFOILplJjy4FHk:65q4N1N5Z36X3AsBhCA26fkH85DJhFHk","tlshash":"d2f42384b44341472208e262ce2766d8dedba37fdd79879d87906a6e0c78fe715287cc","first_seen":"2026-03-07T01:02:17.386867Z","last_seen":"2026-04-05T11:05:10.855189Z","times_seen":36,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":311,"dns":0,"connect":0,"send":0,"wait":37,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-04-02","alert":"Phishing Block","trigger":"h.carddsapply.com","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-02","alert":"Sinkholed","trigger":"h.carddsapply.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}