{"report_id":"8106ba80-84ee-4bfc-9522-3e5cf69c081c","version":6,"status":"done","tags":[],"date":"2026-04-18T12:38:08Z","url":{"schema":"http","addr":"invoice-check.click","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"172.67.162.239","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"new-pay.heleket.com/","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"title":"Heleket Pay","dom":{"size":168,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"05c3e028cb29a4932e583365fb1ec351","sha1":"007dc5ede273f1b30051bc3b1bfbf5302da22a03","sha256":"3ff54737ed53cb2754e4e54129859b63a67a4c586f1f36dbfd3ede81ac71fc36","sha512":"29c8f8c9d9e27fea700636606f918883419b9695932ade4f8d56b2c2575f4cf37b98df295dd801ce2a520bf0256e9b6cdd1f766e12ae6530a6df57cadecd0f0e","ssdeep":"","tlshash":"acc08cbf8c93845acd1067c098e9a2488b08d26caa25cd545de07c946908aca582939c","dom_hash":"domhashe7878feada357c83b98d617f7576c066","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"invoice-check.click","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"172.67.162.239","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T12:38:08Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"ekr.zdassets.com","ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"domain_registered":"2013-01-28","domain_rank":18657,"first_seen":"2018-06-13T23:52:57Z","last_seen":"2026-04-15T22:38:27.103926Z","alert_count":0,"request_count":2,"received_data":6008,"sent_data":972,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"new-pay.heleket.com","ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-02-08","domain_rank":0,"first_seen":"2026-03-24T01:55:28.30893Z","last_seen":"2026-03-24T01:55:28.30893Z","alert_count":0,"request_count":22,"received_data":1782429,"sent_data":11067,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-04-12T22:24:43.06808Z","alert_count":0,"request_count":3,"received_data":1408244,"sent_data":1357,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.com","ip":{"addr":"142.251.151.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":22,"first_seen":"2015-05-10T13:11:19Z","last_seen":"2026-04-12T22:38:35.592234Z","alert_count":0,"request_count":4,"received_data":1996,"sent_data":3502,"comment":"","tags":null,"fingerprints":null},{"fqdn":"backend.heleket.com","ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-02-08","domain_rank":0,"first_seen":"2026-03-18T10:51:38.550918Z","last_seen":"2026-03-25T11:00:24.797706Z","alert_count":0,"request_count":6,"received_data":2459,"sent_data":3431,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"invoice-check.click","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-03-27","domain_rank":0,"first_seen":"2026-04-18T12:38:14.923443Z","last_seen":"2026-04-18T12:38:14.923443Z","alert_count":12,"request_count":6,"received_data":102645,"sent_data":3218,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"static.zdassets.com","ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"domain_registered":"2013-01-28","domain_rank":16846,"first_seen":"2018-06-23T22:11:55Z","last_seen":"2026-04-13T13:50:12.314085Z","alert_count":0,"request_count":6,"received_data":1496062,"sent_data":2690,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"new-pay.heleket.com/","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":true,"md5":"34578e4347322b0df40bfdcd19a7d20c","sha1":"d9dbb030afe090e10d12ca75f5136e9257f7f631","sha256":"6afec017b193ec01721638732769a336fde58d08a356096e66760d8180d3a0f6","sha512":"6688c7d4f29586b3bdc6035e0136cf3fd0f84a49106c37c4a6949c0cafeb5a4f04815a1ab76bd2b309d04493435f831ba886b56a2a45b31c17fe57b7da7a47f1","ssdeep":"","tlshash":"07f0ab8b3adb14302d5b913d573a8e142092311ba184c433bcfcc8162f0879a4a60aec","size":475,"data":"","first_seen":"2026-03-24T01:55:34.29934Z","last_seen":"2026-04-18T12:45:25.377911Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/ekr/snippet.js?key=20c31533-77df-44dd-86a7-98733f5382e3","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"24d1751c412f03b504ef6dcccfbdfc7d","sha1":"047617956e9e43cabdb8fa520e5459c9bee83ffc","sha256":"9f8b3108af9634e30a6e9a4a68ae168beb8210d092458b4ce30034466a50bc64","sha512":"a6bd70106cd999127d9e4a919dbf55631c770c22b8b17d3d02d5a25b27f5d77fb887e8e7be3e21020f8ecb8ba247b5976bd8255ed38468babf15de37cbf19de1","ssdeep":"192:4TF0ROz77kD6B1c4QSZBxtjKkF2P5lQBbUMamqif8Xq1hyDZ8klCtsC8cTC:0FYOzfk+u4QSZYkIPnpc+G0DZ8kotsau","tlshash":"1612e8c6b1b2e47603a600e1603a9690f765191a360dc43cf97cecd6fd66dd1863beb8","size":9693,"data":"","first_seen":"2026-04-10T10:06:38.095172Z","last_seen":"2026-05-01T04:03:05.349874Z","times_seen":2131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/index-DHLbFvQt.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"ac88ef4487dac4e8a6ce377c4791b30c","sha1":"1be758680e530c291eebe0877fe9aebd1fdc349b","sha256":"6b0b9ee7007b6fb609366e3511dc9b76a63d111f50b52ad45aaeb822a010ab53","sha512":"94d81835711be986cff4777ee9efdc484716147c076a31e610d6e9235517689458952fe364c33a96ed2b265b521a6d9a4c38648d944ef3586d90c9313b6c1b8c","ssdeep":"12288:EXz8RnSah82HYre30HUyP/uNORacwnTtDykTeeGo:Y8RnV8dre301/uWaLhDy8ea","tlshash":"79f43ad972a6713247e755a4507b0202f3396915304c8468f62cedef3db980aa2bbf7d","size":783794,"data":"","first_seen":"2026-04-18T12:38:26.320226Z","last_seen":"2026-04-18T12:45:25.348617Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1KK6CSP6GX\u0026cx=c\u0026gtm=4e64g0h2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c06b590caea47a8953a3d1e9363d667","sha1":"2709a6f74c55b71a89089b77ba815ff1fe46876e","sha256":"5b2e6718cec4e5638823ea35c0092486c8ae2e7a9c2345fce5f1254a8ea09ce8","sha512":"eef667d4ca3e395e2411f3822c3d467ad6e688a654edae3e632956df7b96b882a2e816e35195324dc0d8f98c158712b3ea0172f7b4cba406fafdfe0791ade4c3","ssdeep":"6144:P1x+8juRPcVWD/1nyBZ8osjqpBKPzqQjtEdcbUfUQeMwpJUxabmK:PMRECnyn83IwkUQeUaj","tlshash":"a4c4f9ceb3c674625396f478903f01cba97b28a2b49cc8aab199ccf01d7454a5177f78","size":545837,"data":"","first_seen":"2026-04-18T12:38:25.922448Z","last_seen":"2026-04-18T12:38:25.922448Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/button-CTJSs1bV.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"f7313b2920c4e86d2099a74af3f0c912","sha1":"3e248a913c1511bfbcce4ccb448b43a597330958","sha256":"a053cf78361411b3b32f222f916c97e759ffff3ff14212ce06da5be91c241d62","sha512":"ebd3501bac84b9fa7684296343f97739af5d80274d4877f4559ef402dfa69fc785de17db04988b649088c9df53086868a2e9ccf3e9d325c83961f2bacc770c21","ssdeep":"192:YkXcIRcmTjIc+ucHjmburcVH0cMrBHvpfDPbm6MvD:YEcscVc5cDdrcicKBHvpfDPZMr","tlshash":"95d13088ef1c6138beb3401ba2763446f26a25bf5c75d8b8d41c4ebd528b1863a176d3","size":6401,"data":"","first_seen":"2026-04-18T12:38:25.896465Z","last_seen":"2026-04-18T12:45:25.372878Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/ekr/snippet.js?key=20c31533-77df-44dd-86a7-98733f5382e3","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"24d1751c412f03b504ef6dcccfbdfc7d","sha1":"047617956e9e43cabdb8fa520e5459c9bee83ffc","sha256":"9f8b3108af9634e30a6e9a4a68ae168beb8210d092458b4ce30034466a50bc64","sha512":"a6bd70106cd999127d9e4a919dbf55631c770c22b8b17d3d02d5a25b27f5d77fb887e8e7be3e21020f8ecb8ba247b5976bd8255ed38468babf15de37cbf19de1","ssdeep":"192:4TF0ROz77kD6B1c4QSZBxtjKkF2P5lQBbUMamqif8Xq1hyDZ8klCtsC8cTC:0FYOzfk+u4QSZYkIPnpc+G0DZ8kotsau","tlshash":"1612e8c6b1b2e47603a600e1603a9690f765191a360dc43cf97cecd6fd66dd1863beb8","size":9693,"data":"","first_seen":"2026-04-10T10:06:38.095172Z","last_seen":"2026-05-01T04:03:05.349874Z","times_seen":2131,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3711bb8a34b493ce6adb0d7cbc18182a","sha1":"b502501d6e50a97a09e7261e0820c01a73b2768d","sha256":"c2c26aba01d7412ba04421dad21632b224dff8a26d9d7606934b5d565edd4984","sha512":"779b977e9bc4de66d7ef812e284da5392387c038e87c693094ea244809c51164d7c164f31fbb64f9d0663ef425a6e8b308d4ea3d8d24ae9ea280c458e6602c61","ssdeep":"","tlshash":"c1a0024573b250453773d57645b7480d1172119b1586da6a392e35006f4439c32d31e5","size":65,"data":"","first_seen":"2025-06-14T12:47:39.380059Z","last_seen":"2026-04-21T08:56:27.67777Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/assets/js/app.js?v=1739450400","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb8082a88eb6e73f69f611ccb3b5a804","sha1":"9713c049ce2a8b4fe7db62e25e2a138fc8ba3ab3","sha256":"cf9d608a400fa51c99b489187513814d4f7ed2a5ec9bb1b1b22ed6e50113a674","sha512":"315c69a2d38839b45db101d50d41fee6f0fc631e6c1b97276dade1512872d9d8d4840e6faaca0da6704a354e38c4fb50d0e111c31a58b6b3d7cb3dc8c144560f","ssdeep":"384:SoA6cj1XjRrPYxjzsuFT7jpllWj/hokGK8Svmf5iv08BhhUnUcXkCgIsax/PMld5:0Dl+oThODkUnUBinQ","tlshash":"f903d578647311324013519f9bcf3045366460ef6a41d9b83ead8b9d2fcac6885b7fae","size":40693,"data":"","first_seen":"2026-03-24T01:55:34.301173Z","last_seen":"2026-04-18T12:45:25.375896Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-WZ85S256","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a2a90342811100db4d368f8f649d7df","sha1":"cb1fbbbccca90d860861be53977d8be0de41cfef","sha256":"ec8ed3e5c2a1945ae464c27449f57992117056ae321a434faadcc843b8f46849","sha512":"db2329d7704f5448ae3b7e29948735dff59719b43fffbb411fd7c0ee18f54b4a519839897584650ee90fc7337e5c066f658e367cc0039722f3a57c4a1d24e735","ssdeep":"6144:++8jjPcVWD/1nqBZ8osjqpBKPzqQjOed7bsNP5A0zK:OECnqn8IO/Iu","tlshash":"ec9408cdb3d6746253a2b478903f018ba57a29e2f44cc899f185cce42e7469a4277f7c","size":434522,"data":"","first_seen":"2026-04-18T12:38:26.497751Z","last_seen":"2026-04-18T12:38:26.497751Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/@tanstack/react-query-CiWnP6Gi.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"f1a228aa61a395d9cd00493ad8cac817","sha1":"4a19a112a8ad127266fa42547c14ea0af44345fe","sha256":"e112e18fe01af0796b68a24dc47b3e37124be3d4d5c0639acb6963b0066f1533","sha512":"e1f6482e1d78a6096f43840fa5e6843ece92257ce37585dc55de241dc914b287f495ff31db490c807cef0e49f6bf30cbd1699576aa28b00e8e421822bedc2554","ssdeep":"768:NmVfahInecirvdh9sdRr1c02RIvtGT7w+qStvSLvtivfGHNpd6cQRC9+9Pmm76kG:YSVk2Ng+Im9Zx8Bv","tlshash":"6b13c9d53142b2232ae2c491983f4115e2356c15340a906cb6ad9debf9a39cef4bff35","size":42690,"data":"","first_seen":"2026-04-18T12:38:26.51393Z","last_seen":"2026-04-18T12:45:25.344752Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/react-toastify-Vo5JRGsH.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"912be60f483d69a8d75681992d6bea46","sha1":"409a4f874cae595726ad55d7c20ba1f4e20e70cf","sha256":"52e92e44636a89d0dec21624f503c8811fe42b053317240a59876b9b6c3ec478","sha512":"87b1c6eb5e1191039255ded84fd8b636cb9c9f9327d9b1998cbc0c00b57dd59e08f2c55f981e97ba26b4426ec46b9169cf1bcb85e3a1ae9ce2635f40b4ec4240","ssdeep":"384:lXtOgrCTQzbeKylFsRXgiAeVSKbgD5s3aNFp51:dtOHQXB0s5nhbk63Y1","tlshash":"4ed2d680b9606e396da77d6643deca0dd12b60c288ef095d7def444d22c17c90fb2b5a","size":30749,"data":"","first_seen":"2026-04-18T12:38:25.946927Z","last_seen":"2026-04-18T12:45:25.35408Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/not-found-DSra4bGe.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"6de770720712323496f5b926ae184cda","sha1":"26f821d71d686979137c75210ba469c7e5b686a7","sha256":"55301315e9db8be55fe0d523ffb7b615ed35531ddc66dc3b7a6eec7ed6fb559f","sha512":"26b3c54f24409b5f32008a1c647d67f03eaa2d9f7ce05d3f7d49116301daf08e58dafea37c906241c8a20eac33c0ec96434fad7d1acca5d9f5fe55df2e9d5d40","ssdeep":"96:LfSvxDr7C+Bkm6xs8nU8hUuD9qWOIwzbtlXhF7GCn20ny42nJ4:Lf8f7C+BktxnnUhgqWmbtBL7Gi20nWn6","tlshash":"879185c2957dd3fc780a6bec56b280113c2b2def5641e81582d91cb1e71118c6dea88b","size":4542,"data":"","first_seen":"2026-04-18T12:38:26.578261Z","last_seen":"2026-04-18T12:45:25.357256Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-main-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f1dd8a94fafaa157646f04eb9ce4e90a","sha1":"7ff394d729fb21c2c465f6065ccbf85f6dad33a1","sha256":"58668927f566ec3dd46b3ff86724cd658a29c528d7e874eab89d24c01b75583e","sha512":"f93b44a14d84abaad06a51f280c9bbb4ee0d69b339c4cf46e60d50b21e7d9914236588a1fd639a57a604297a1fd3c19dd58838c9a776b97b9d38c44f244f19ae","ssdeep":"12288:+Q2d2VtmTf9GZ2F+6TvlXL+jj6lz6hH3ZlrVl8aQursIfmv2O/:+Q2d2VtmTf9GZ2F+68jj6lz693Zt8aQb","tlshash":"17e46bd970d2b06647f316e6907f1006f3392919780dc450f268ecda6ab948db2b7f6e","size":703654,"data":"","first_seen":"2026-04-16T11:15:00.786419Z","last_seen":"2026-04-21T11:43:16.44498Z","times_seen":192,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e92608223e4e03bbbd8b219df1fba17","sha1":"783a01b166f4d53e776dfdd76848110ea7fff872","sha256":"a6798f6cfe0af0bc8ce9e2c76cdd7f100e3ee116122c153b2c13f3df1edefb73","sha512":"6256325dbe8fec139b975e61a7b970da7f828720abed2ea3a45c639b1a8aa7403ef2d2c6e22897857db2a60428f0c39fc8eec96441ed97e6bd2b889071637158","ssdeep":"768:vEVoMZVXq2LHAmhmksmQm9YMRtM8bHIZAZsy10TvYJI+rTC6ndLo0K5u:vtAZsyMwj","tlshash":"f7e23b3b449ca91e3f75a6817c45b24eb7ab9500bd8c4778f4869c0e93ecd1026fbb49","size":31149,"data":"","first_seen":"2026-04-08T11:18:34.357346Z","last_seen":"2026-05-01T03:34:05.351277Z","times_seen":869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trxworks.sbs/static/tron/bundle.js","fqdn":"trxworks.sbs","domain":"trxworks.sbs","tld":"sbs"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"406911940b6efa8a564d7f15662a2af8","sha1":"aa55d9d94c269490af0605073309f1abf33bdfc5","sha256":"68320397bba5dcc4aba0d88bc7db8511d402d09e1bbb7205d6b86166f21a9be9","sha512":"8000132403a9ba3a2507080724fa0b62bae37de0a9234f1c3c072bd95a87d8848bb90300d7bb35d45e76b1736f4e371f419ffa76dcdaea586f285e60ae0e52bf","ssdeep":"6144:7//PRxd03vLVNughJdwlVCZXZgzCN4JyYtKPfz8m:TPRx4DVNughJdwlVCZXZP2sfl","tlshash":"7c645c51b7a53129076b0bd2407b1117f2376d9cb10a80acb3acecd66a7c589e46ff78","size":325880,"data":"","first_seen":"2026-03-28T05:11:08.266326Z","last_seen":"2026-04-19T05:26:20.86949Z","times_seen":18,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a7fbad248eef0354476e480db7b234","sha1":"d2ccb4fa0770558b914f0e38a9ea1f4383ae80cc","sha256":"481aa907df15c6b2f72c090969db7bf3623a3de12d812aeb337a810ee6e411c9","sha512":"9f5d9024ad2b67020fc2caeed4d2f91bf60591da37082d723e41515e6cde634b27b4fb52b747d05a78b6ce37c90e79ca6d825c3ea389ba917aa1f722b3ee13c8","ssdeep":"","tlshash":"e2e023e92c80803945781591a373c61470110e083c4af9e0d08d88816d70fe8188e54c","size":433,"data":"","first_seen":"2025-06-23T12:34:12.472132Z","last_seen":"2026-04-18T12:45:25.376556Z","times_seen":32,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/motion-BA0DeswC.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"introduction_type":"importedModule","is_inline":false,"md5":"2e656cb753f5d2bc22c53d292a6abb5e","sha1":"76ad8d8a02f70ff13d82ec9f34c2a203f85c68d1","sha256":"3c96309034e7e2d0d8038beef864531ea46b85fbbd48d37d55b7be98cfef4991","sha512":"67b085941c8ccf5a7cba45403636d285dd9b9e02cf13265638f91299cfeb67f318530fe727b3e4473023452b1125545ccb347eb96747f2462e09e0770cb17838","ssdeep":"3072:Y7gYamnA4PCOH3oOnj9ThnMTMoVARX/pLSU5EDEC7ngkPGu9vHK:nYab4xXf91MMoORMK","tlshash":"49d328d87291752283d784e580af0741b73a2c843009c4bcba7deddb7d6150a66bbb7d","size":142198,"data":"","first_seen":"2026-04-18T12:38:26.635155Z","last_seen":"2026-04-18T12:45:25.345546Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-17102470621\u0026cx=c\u0026gtm=4e64g0h2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e41156f040a92deadf6c5d92f15d048a","sha1":"960292172b04b0ca84274183c3566c874e54d318","sha256":"bccbe740d63a474df24a28c4643b3f1a03066c5a09bbc607da2c1707b3b1c89d","sha512":"818348e8ae28c182f6673d80dfdeabc3f380ae629722c65865371b77b06fd3c95be35bcdc4f7e34962b63dd7f0227cb6a59fc0063857e86beee87adde776c234","ssdeep":"6144:m+8jXPcVWD/1nqBZ8osjqpBKPzqQjKwd2b9NzWDb0K:cECnqn8MkCvCDN","tlshash":"c99408cdb3d6746253a3f478903f018ba57a29a2b44cc899f185cce42e7469a4277f7c","size":426019,"data":"","first_seen":"2026-04-18T12:38:26.37173Z","last_seen":"2026-04-18T12:38:26.37173Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-main-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f1dd8a94fafaa157646f04eb9ce4e90a","sha1":"7ff394d729fb21c2c465f6065ccbf85f6dad33a1","sha256":"58668927f566ec3dd46b3ff86724cd658a29c528d7e874eab89d24c01b75583e","sha512":"f93b44a14d84abaad06a51f280c9bbb4ee0d69b339c4cf46e60d50b21e7d9914236588a1fd639a57a604297a1fd3c19dd58838c9a776b97b9d38c44f244f19ae","ssdeep":"12288:+Q2d2VtmTf9GZ2F+6TvlXL+jj6lz6hH3ZlrVl8aQursIfmv2O/:+Q2d2VtmTf9GZ2F+68jj6lz693Zt8aQb","tlshash":"17e46bd970d2b06647f316e6907f1006f3392919780dc450f268ecda6ab948db2b7f6e","size":703654,"data":"","first_seen":"2026-04-16T11:15:00.786419Z","last_seen":"2026-04-21T11:43:16.44498Z","times_seen":192,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e92608223e4e03bbbd8b219df1fba17","sha1":"783a01b166f4d53e776dfdd76848110ea7fff872","sha256":"a6798f6cfe0af0bc8ce9e2c76cdd7f100e3ee116122c153b2c13f3df1edefb73","sha512":"6256325dbe8fec139b975e61a7b970da7f828720abed2ea3a45c639b1a8aa7403ef2d2c6e22897857db2a60428f0c39fc8eec96441ed97e6bd2b889071637158","ssdeep":"768:vEVoMZVXq2LHAmhmksmQm9YMRtM8bHIZAZsy10TvYJI+rTC6ndLo0K5u:vtAZsyMwj","tlshash":"f7e23b3b449ca91e3f75a6817c45b24eb7ab9500bd8c4778f4869c0e93ecd1026fbb49","size":31149,"data":"","first_seen":"2026-04-08T11:18:34.357346Z","last_seen":"2026-05-01T03:34:05.351277Z","times_seen":869,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"new-pay.heleket.com/fonts/Inter/Inter_Medium.woff2","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:47.807Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /fonts/Inter/Inter_Medium.woff2 HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 118976\r\nlast-modified: Thu, 16 Apr 2026 07:42:22 GMT\r\netag: \"69e092de-1d0c0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":118976,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 118976, version 1.0","md5":"f692b89fdfa1b7c91b4fe77fd9c389cf","sha1":"a11c6d6db04eea9f2a16dedfcbebd72e2703455b","sha256":"374be1a97881d4a7875bb12fdb82e690c0bd044f58680043f40069541c01bdb9","sha512":"298cfd2e7bd0c16d846f71934c9c1008bc4f7256cbfcdc4641025dad6d396c2f26ee0bb279d785cb07bb5ba5b9dc9454b3a7130754daec88b12dce9db3113fb5","ssdeep":"3072:8tKaJSQslpF0a49TpCnS+k+LAcczbmkZ9M:aKSS5414S+k+8cczbM","tlshash":"1ec312eafcadc1d5fa0e9fbb0e42e6078801f5268790192c263e45637a9ffd0448d975","first_seen":"2025-03-07T09:32:42.676155Z","last_seen":"2026-04-30T07:54:29.852793Z","times_seen":130,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/button-CTJSs1bV.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/button-CTJSs1bV.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/assets/not-found-DSra4bGe.js\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US; _ga_1KK6CSP6GX=GS2.1.s1776515868$o1$g0$t1776515868$j60$l0$h2061544839; _ga=GA1.1.397819720.1776515869\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-1901\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6401,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (6400)","md5":"f7313b2920c4e86d2099a74af3f0c912","sha1":"3e248a913c1511bfbcce4ccb448b43a597330958","sha256":"a053cf78361411b3b32f222f916c97e759ffff3ff14212ce06da5be91c241d62","sha512":"ebd3501bac84b9fa7684296343f97739af5d80274d4877f4559ef402dfa69fc785de17db04988b649088c9df53086868a2e9ccf3e9d325c83961f2bacc770c21","ssdeep":"192:YkXcIRcmTjIc+ucHjmburcVH0cMrBHvpfDPbm6MvD:YEcscVc5cDdrcicKBHvpfDPZMr","tlshash":"95d13088ef1c6138beb3401ba2763446f26a25bf5c75d8b8d41c4ebd528b1863a176d3","first_seen":"2026-04-18T12:38:25.896465Z","last_seen":"2026-04-18T12:45:25.372878Z","times_seen":3,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-1KK6CSP6GX\u0026cx=c\u0026gtm=4e64g0h2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:08 GMT","end":"Mon, 22 Jun 2026 08:35:07 GMT"},"fingerprint":{"sha1":"7B:71:3D:9A:FE:85:53:DF:44:BB:90:D6:C4:82:1E:58:A2:A4:4B:F0","sha256":"CA:E9:C5:B9:FA:2B:F0:20:19:FF:0A:2C:CB:22:9F:C6:8B:41:0E:09:94:8E:E6:48:22:CA:02:F6:BA:10:B7:A3"}}},"request":{"raw":"GET /gtag/js?id=G-1KK6CSP6GX\u0026cx=c\u0026gtm=4e64g0h2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\nexpires: Sat, 18 Apr 2026 12:37:48 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 177199\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":545837,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"7c06b590caea47a8953a3d1e9363d667","sha1":"2709a6f74c55b71a89089b77ba815ff1fe46876e","sha256":"5b2e6718cec4e5638823ea35c0092486c8ae2e7a9c2345fce5f1254a8ea09ce8","sha512":"eef667d4ca3e395e2411f3822c3d467ad6e688a654edae3e632956df7b96b882a2e816e35195324dc0d8f98c158712b3ea0172f7b4cba406fafdfe0791ade4c3","ssdeep":"6144:P1x+8juRPcVWD/1nyBZ8osjqpBKPzqQjtEdcbUfUQeMwpJUxabmK:PMRECnyn83IwkUQeUaj","tlshash":"a4c4f9ceb3c674625396f478903f01cba97b28a2b49cc8aab199ccf01d7454a5177f78","first_seen":"2026-04-18T12:38:25.922448Z","last_seen":"2026-04-18T12:38:25.922448Z","times_seen":1,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":48,"receive":93,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/react-toastify-Vo5JRGsH.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/react-toastify-Vo5JRGsH.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-781d\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30749,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (15870)","md5":"912be60f483d69a8d75681992d6bea46","sha1":"409a4f874cae595726ad55d7c20ba1f4e20e70cf","sha256":"52e92e44636a89d0dec21624f503c8811fe42b053317240a59876b9b6c3ec478","sha512":"87b1c6eb5e1191039255ded84fd8b636cb9c9f9327d9b1998cbc0c00b57dd59e08f2c55f981e97ba26b4426ec46b9169cf1bcb85e3a1ae9ce2635f40b4ec4240","ssdeep":"384:lXtOgrCTQzbeKylFsRXgiAeVSKbgD5s3aNFp51:dtOHQXB0s5nhbk63Y1","tlshash":"4ed2d680b9606e396da77d6643deca0dd12b60c288ef095d7def444d22c17c90fb2b5a","first_seen":"2026-04-18T12:38:25.946927Z","last_seen":"2026-04-18T12:45:25.35408Z","times_seen":3,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?rcb=12\u0026frm=0\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026gtm=45be64g0h2v9223905714z89206022683za20gzb9206022683zd9206022683xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115616985~115938466~115938468~117266401\u0026apve=1\u0026apvf=f\u0026apvc=0\u0026tids=AW-17102470621\u0026tid=AW-17102470621\u0026tft=1776515868539\u0026tfd=961","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.251.151.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:08 GMT","end":"Mon, 22 Jun 2026 08:35:07 GMT"},"fingerprint":{"sha1":"02:11:B2:1D:09:0D:9E:4E:5B:DC:0A:6C:D5:4B:C6:4A:5B:50:C8:26","sha256":"99:E1:4B:50:60:0E:C3:94:CB:2C:15:85:8E:68:FF:F1:9C:B7:0C:9E:E0:8C:B7:29:52:18:12:81:67:C4:38:23"}}},"request":{"raw":"GET /ccm/collect?rcb=12\u0026frm=0\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026gtm=45be64g0h2v9223905714z89206022683za20gzb9206022683zd9206022683xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115616985~115938466~115938468~117266401\u0026apve=1\u0026apvf=f\u0026apvc=0\u0026tids=AW-17102470621\u0026tid=AW-17102470621\u0026tft=1776515868539\u0026tfd=961 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: text/plain\r\npragma: no-cache\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?rcb=19\u0026frm=0\u0026ae=g\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026ep.ads_data_redaction=0\u0026gtm=45He64g0h2v9206022683za200zd9206022683xea\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115938466~115938468~117266400\u0026apve=1\u0026apvf=f\u0026apvc=1\u0026tft=1776515868209\u0026tfd=632","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.251.151.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:36 GMT","end":"Mon, 22 Jun 2026 08:37:35 GMT"},"fingerprint":{"sha1":"08:79:9D:7F:DB:8C:0A:9F:3E:E2:C7:8A:F2:4D:E4:E2:5B:36:28:22","sha256":"07:42:F0:13:40:B6:A1:62:31:62:8E:96:2F:96:8C:7C:C0:5B:F0:8A:DB:0B:A6:E2:44:14:41:7D:B2:7C:B9:74"}}},"request":{"raw":"POST /ccm/collect?rcb=19\u0026frm=0\u0026ae=g\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026ep.ads_data_redaction=0\u0026gtm=45He64g0h2v9206022683za200zd9206022683xea\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115938466~115938468~117266400\u0026apve=1\u0026apvf=f\u0026apvc=1\u0026tft=1776515868209\u0026tfd=632 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\npragma: no-cache\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: text/plain\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: https://new-pay.heleket.com\r\naccess-control-expose-headers: date,vary,vary,vary,server,content-length\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":185,"timings":{"blocked":82,"dns":0,"connect":8,"send":0,"wait":20,"receive":1,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/fonts/Inter/Inter_Bold.woff2","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /fonts/Inter/Inter_Bold.woff2 HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/assets/index-CWC_Z3vg.css\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US; _ga_1KK6CSP6GX=GS2.1.s1776515868$o1$g0$t1776515868$j60$l0$h2061544839; _ga=GA1.1.397819720.1776515869\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 119580\r\nlast-modified: Thu, 16 Apr 2026 07:42:22 GMT\r\netag: \"69e092de-1d31c\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119580,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 119580, version 1.0","md5":"3d4aed7e6ba6544e250d8d1c3037b240","sha1":"166b3e49324e99fa1d3ed7c944d891014f03df3f","sha256":"c3f2a8652643cc1db9debdcc2c93debc53bf3d0ad2cffb3a9330264888a61d8a","sha512":"c54cb9d0c7a8850665cd005124f48aa1fbe3990e0d947f1e188b0cc70fe9a00f943b92975591256294e02dd23c5c6ce1f9df2e3d9b6ac8ede072bd57816aad04","ssdeep":"3072:6FShHH2r5SdUiTu8zBe7y9LRM7uGB01iHhWHcz06bTxM+pLK:ZWr4dUiTuGe7MGB4iWcIAlVpu","tlshash":"6bc30282427178e1ce330068146f5878b441e534f2b3ee53aadb9a594d8b5ef80ec6b7","first_seen":"2025-02-03T15:00:19.378158Z","last_seen":"2026-04-29T01:31:34.193722Z","times_seen":94,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backend.heleket.com/api/v4/fingerprint/sessions/ba34ef89-f99d-4d68-b06f-99bbad0888b4/check","fqdn":"backend.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:49.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"backend.heleket.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 03:07:28 GMT","end":"Tue, 07 Jul 2026 03:07:27 GMT"},"fingerprint":{"sha1":"77:12:D7:EB:70:24:1F:FD:EC:4A:BC:61:7A:D4:D3:15:F4:44:8E:E2","sha256":"BC:26:CD:83:B0:91:18:F5:FE:58:3B:AC:86:FE:F0:42:C2:67:2D:D9:BE:6C:7D:73:B3:AD:61:44:95:55:27:6E"}}},"request":{"raw":"OPTIONS /api/v4/fingerprint/sessions/ba34ef89-f99d-4d68-b06f-99bbad0888b4/check HTTP/1.1\r\nHost: backend.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,language\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type,language\r\naccess-control-max-age: 0\r\nx-request-id: 07b4ae9deaceb9ad2065062015d8751b, 10e7226e8ba2aa232b37b954644d8848\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T12:37:46.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"invoice-check.click","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 10:49:16 GMT","end":"Thu, 25 Jun 2026 10:49:15 GMT"},"fingerprint":{"sha1":"0E:99:78:17:6C:16:97:88:2F:AE:28:E5:0E:81:0D:2D:FF:38:44:B3","sha256":"17:53:62:C7:13:D2:CC:E1:FE:AC:55:DA:6B:84:7D:A8:F8:75:2C:71:7D:DD:A4:65:4F:24:4E:DE:83:65:4E:24"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: invoice-check.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:46 GMT\r\ncontent-type: text/html\r\nset-cookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax\r\ncf-cache-status: DYNAMIC\r\npriority: u=1,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KJZlayueHqHQFmnACiB%2B0dF2bm9WibqKZDSljfr7M2I3HcIRvQN3Z4TfIKOVV1xHf0f0TbeTflgDj7y7tf22%2BIbwUoibg%2BD8ul5qCQhPEjt7cZSd2wdOktF3WM3as6xTq2QrPqUx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ee3b9078e110731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81717,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (45293)","md5":"74b3d7f3dbc0b4804164c5ebc3e7ae67","sha1":"7d2dbe4c7a011c1fdcc624cbb53a6a2e0a1cd5c7","sha256":"53954d5f052a56ea92328a8677d3cb7a7a37417a1c99b75a810ad9fc5f21435e","sha512":"5bb97ae37ae393aa014fb749bc6c3b4db70012247e9c8b08c05c29ee74cb7dba4042d753abbf2cb178da09814fe617b4ec5099adb3d31ef344fde148e7a2f791","ssdeep":"1536:W2btYhwtIw8mbY2EbJPEs77MSK2ST0/tYhwtIw8mV:W202EbJPEs7A6Sw5","tlshash":"55837e9091002a736d038fe68ee9ab1de13b70fad597048dbedd425843c1fe94e76ac5","first_seen":"2026-04-18T12:38:26.027932Z","last_seen":"2026-04-18T12:45:25.353338Z","times_seen":3,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":141,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"backend.heleket.com/api/v4/fingerprint/sessions/ba34ef89-f99d-4d68-b06f-99bbad0888b4/check","fqdn":"backend.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:49.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"backend.heleket.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 03:07:28 GMT","end":"Tue, 07 Jul 2026 03:07:27 GMT"},"fingerprint":{"sha1":"77:12:D7:EB:70:24:1F:FD:EC:4A:BC:61:7A:D4:D3:15:F4:44:8E:E2","sha256":"BC:26:CD:83:B0:91:18:F5:FE:58:3B:AC:86:FE:F0:42:C2:67:2D:D9:BE:6C:7D:73:B3:AD:61:44:95:55:27:6E"}}},"request":{"raw":"POST /api/v4/fingerprint/sessions/ba34ef89-f99d-4d68-b06f-99bbad0888b4/check HTTP/1.1\r\nHost: backend.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nLanguage: en-US\r\nContent-Length: 577\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":577,"data":"{\"fingerprint\":{\"available_screen_resolution\":\"1280x1024\",\"color_depth\":24,\"device_memory\":null,\"hardware_concurrency\":48,\"os\":\"Windows 10\",\"platform\":\"Win32\",\"screen_resolution\":\"1280x1024\",\"touch_support\":false,\"video_card_render\":\"llvmpipe\",\"video_card_vendor\":\"Mesa\",\"canvas_hash\":\"949c557074a26ce5c643bd74e5472f0def88beef91d1e39d0d93752b2c73c6c7\",\"timezone_offset\":0,\"language\":\"en-US\",\"languages\":[\"en-US\",\"en\"]},\"session\":{\"user_agent\":null,\"browser_major_version\":134,\"browser_name\":\"Firefox 134.0\",\"referrer\":\"https://invoice-check.click/\",\"timezone\":\"UTC\",\"ip\":null}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/json\r\ncontent-length: 41\r\ncache-control: private, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\nx-request-id: fa0c5f3a1473d584026534544ec6e29d, baf3688c87fea203f1cbb1e9c778d758\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"dec0ca102bef6c4c57c1f2d782f3b76a","sha1":"a4043ba002d00070edfba36e41eb55f41979e73e","sha256":"ba4e3d53d6765570dde9f11d570db1983e974a1114b00ee90830e82162fd949a","sha512":"07adfb4c64a3b020794b9a8e23bb6390458cf7f4f8ef946da984e33d9fdeed3f4faa66347b6eafafe399260d85baa31f88426b8037eb6aba877e46bf72ee2bcc","ssdeep":"","tlshash":"348004c314100057c4c0770c517c3f7151411157c50c014c40cc1414cd304047d4f505","first_seen":"2026-03-24T01:55:34.283068Z","last_seen":"2026-04-18T12:45:25.362497Z","times_seen":5,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:49.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-d7a417e.js HTTP/1.1\r\nHost: static.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-amz-id-2: 5oypiHD6EIjOxXaIQLP1jXjFJoYL4+SUyC9OiK/moDUL0GwyZ/rHbs5zIfmFWEIBiW6KQiVL9MUqAuMLK8h+ojxEtcKo7B3c\r\nx-amz-request-id: W5QA3W0G8478JTJT\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Wed, 15 Apr 2026 08:09:41 GMT\r\netag: W/\"7e92608223e4e03bbbd8b219df1fba17\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 15 Apr 2027 08:09:40 GMT\r\nx-amz-version-id: Jy32s.1Nta_kFT71s5BpPPs.ADzH0C6B\r\nage: 186204\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=FKYy89LJkvZXWbmW0OO5Hv8B71%2FOiQPEMZki%2B7E660R4ntquN0vxURr%2Bjd88r6JWlqt%2B0Wld%2Fx9TmqtLUckSM4fkSlGbuav3WstSt22KkuIPAo36zEL1msI3l7HRB0Y6hPtNv5w%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 0\r\nserver: cloudflare\r\ncf-ray: 9ee3b9179a6f0b49-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31149,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31133), with no line terminators","md5":"7e92608223e4e03bbbd8b219df1fba17","sha1":"783a01b166f4d53e776dfdd76848110ea7fff872","sha256":"a6798f6cfe0af0bc8ce9e2c76cdd7f100e3ee116122c153b2c13f3df1edefb73","sha512":"6256325dbe8fec139b975e61a7b970da7f828720abed2ea3a45c639b1a8aa7403ef2d2c6e22897857db2a60428f0c39fc8eec96441ed97e6bd2b889071637158","ssdeep":"768:vEVoMZVXq2LHAmhmksmQm9YMRtM8bHIZAZsy10TvYJI+rTC6ndLo0K5u:vtAZsyMwj","tlshash":"f7e23b3b449ca91e3f75a6817c45b24eb7ab9500bd8c4778f4869c0e93ecd1026fbb49","first_seen":"2026-04-08T11:18:34.357346Z","last_seen":"2026-05-01T03:34:05.351277Z","times_seen":869,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/assets/img/USDT.svg","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://invoice-check.click/","date":"2026-04-18T12:37:47.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"invoice-check.click","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 10:49:16 GMT","end":"Thu, 25 Jun 2026 10:49:15 GMT"},"fingerprint":{"sha1":"0E:99:78:17:6C:16:97:88:2F:AE:28:E5:0E:81:0D:2D:FF:38:44:B3","sha256":"17:53:62:C7:13:D2:CC:E1:FE:AC:55:DA:6B:84:7D:A8:F8:75:2C:71:7D:DD:A4:65:4F:24:4E:DE:83:65:4E:24"}}},"request":{"raw":"GET /assets/img/USDT.svg HTTP/1.1\r\nHost: invoice-check.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://invoice-check.click/\r\nCookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: image/svg+xml\r\nset-cookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax\r\ncf-cache-status: BYPASS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ffamFzAHyWZhPU7Fgtxlm1wbHV17nnUhjpEuoS4alW4r6IoHAVrYoIxRVzF7h9APU1jFD5VoCqqPQMUFc4dG%2BGZLB2hqaOvBWuiBo7bt1P6MGEBfV7jGenow6u%2FCKl1oDgts11O8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ee3b908f9440731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":921,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"35762cbedde965ec893b2ff285c71ec3","sha1":"746bbd649be994d28e12d9b6a77968b4015f666b","sha256":"bd8262abaf784659ac5fcfda44ef49972b6576d3379c96a03adeb7910bdf9bc3","sha512":"1c755e7e5aaccb7cb408589dc47216f0d9a731c1a39504ffa53e8975d12e0e67934056092d4558b101dc51eaeeb49b01e6095f967eb1d5f132fb9a4ae73589af","ssdeep":"","tlshash":"ad11c091d345e274c589c3f5137e35eda2af33d6ae13c04d6bf1681aa9274df58048c5","first_seen":"2026-04-18T12:38:26.207437Z","last_seen":"2026-04-18T12:38:26.207437Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?rcb=12\u0026frm=0\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026gtm=45be64g0h2v9223905714z89206022683za20gzb9206022683zd9206022683xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115616985~115938466~115938468~117266401\u0026apve=1\u0026apvf=f\u0026apvc=0\u0026tids=AW-17102470621\u0026tid=AW-17102470621\u0026tft=1776515868539\u0026tfd=961","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.251.151.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:36 GMT","end":"Mon, 22 Jun 2026 08:37:35 GMT"},"fingerprint":{"sha1":"08:79:9D:7F:DB:8C:0A:9F:3E:E2:C7:8A:F2:4D:E4:E2:5B:36:28:22","sha256":"07:42:F0:13:40:B6:A1:62:31:62:8E:96:2F:96:8C:7C:C0:5B:F0:8A:DB:0B:A6:E2:44:14:41:7D:B2:7C:B9:74"}}},"request":{"raw":"POST /ccm/collect?rcb=12\u0026frm=0\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026gtm=45be64g0h2v9223905714z89206022683za20gzb9206022683zd9206022683xec\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115616985~115938466~115938468~117266401\u0026apve=1\u0026apvf=f\u0026apvc=0\u0026tids=AW-17102470621\u0026tid=AW-17102470621\u0026tft=1776515868539\u0026tfd=961 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncontent-type: text/plain\r\npragma: no-cache\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: https://new-pay.heleket.com\r\naccess-control-expose-headers: date,vary,vary,vary,server,content-length\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:49.299Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /web_widget/messenger/latest/web-widget-locales/messenger/en-us-json-d7a417e.js HTTP/1.1\r\nHost: static.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-amz-id-2: 5oypiHD6EIjOxXaIQLP1jXjFJoYL4+SUyC9OiK/moDUL0GwyZ/rHbs5zIfmFWEIBiW6KQiVL9MUqAuMLK8h+ojxEtcKo7B3c\r\nx-amz-request-id: W5QA3W0G8478JTJT\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Wed, 15 Apr 2026 08:09:41 GMT\r\netag: W/\"7e92608223e4e03bbbd8b219df1fba17\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 15 Apr 2027 08:09:40 GMT\r\nx-amz-version-id: Jy32s.1Nta_kFT71s5BpPPs.ADzH0C6B\r\nage: 186204\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=QRx3tTjRw76IbJyQgK67sZwCNWiFt03h2L%2FAYsqbLNPbAbfJVIgEAHhYhbVW3A1ODqatBAZchGmXXVP%2BxoAI8Q0GvRzWMV40CpMsBzyj8dyE6OxiElFhfLGZygvpw3rfkcItUeg%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 0\r\nserver: cloudflare\r\ncf-ray: 9ee3b9171a2b0b49-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31149,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31133), with no line terminators","md5":"7e92608223e4e03bbbd8b219df1fba17","sha1":"783a01b166f4d53e776dfdd76848110ea7fff872","sha256":"a6798f6cfe0af0bc8ce9e2c76cdd7f100e3ee116122c153b2c13f3df1edefb73","sha512":"6256325dbe8fec139b975e61a7b970da7f828720abed2ea3a45c639b1a8aa7403ef2d2c6e22897857db2a60428f0c39fc8eec96441ed97e6bd2b889071637158","ssdeep":"768:vEVoMZVXq2LHAmhmksmQm9YMRtM8bHIZAZsy10TvYJI+rTC6ndLo0K5u:vtAZsyMwj","tlshash":"f7e23b3b449ca91e3f75a6817c45b24eb7ab9500bd8c4778f4869c0e93ecd1026fbb49","first_seen":"2026-04-08T11:18:34.357346Z","last_seen":"2026-05-01T03:34:05.351277Z","times_seen":869,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/index-CWC_Z3vg.css","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:47.815Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/index-CWC_Z3vg.css HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-2efe\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12030,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (12029)","md5":"3f7cf10f0e654183d904f54f70be0ed2","sha1":"bf66759495ad0042a0fb23a84374940e6b20a07f","sha256":"9259262e7053f77100dbb032a03a79bd4fb5e651decd0f24f50d432a792f31af","sha512":"a2ebd2ea02bd78d28e6793498dca446903a7c82b4b125a954173bee97cf81627e0cb9169e90d982b3f10beebcbe584583e3bb1457a4240a137d377a45b0503d3","ssdeep":"192:J2SeVZebTrSqmtJzyJEvn2ULtlxRB0UMn2tmyYDCbrcfynaHrC/F1oH:wSeDSrJmvf1LnMn2tmyYDCbrcqngqO","tlshash":"fb421a1507277228b8329ca36dc53ab22919919dea1d17f0d02d859cfadf3d707f0b89","first_seen":"2026-03-24T01:55:34.294495Z","last_seen":"2026-04-18T12:45:25.350727Z","times_seen":5,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":82,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/logo192.png","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.353Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /logo192.png HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-8ab\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2219,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"1dfa44b396c5aaa322b6f04d7f19fe49","sha1":"eb045d5c193cba67e17940c769b371d4ac950685","sha256":"b4c9445de1219d888b4ea2974aa0143237c57e93c94af9e9ae6ee1a1a7fb16ea","sha512":"9a3dc843d2b5ab0a74806d04d8885857ddf1e879701786ba2e1b84e8d95840234823985cf1aadc94590aa8552b071dd00d4414e6a88aab6efdc34137851966c1","ssdeep":"","tlshash":"4941fc023de5c91456345226baf1e4289c83724f9648dca4b4ee507e0fc6bd24e53bba","first_seen":"2026-04-18T12:38:26.28764Z","last_seen":"2026-04-18T12:45:25.354805Z","times_seen":3,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/index-DHLbFvQt.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:47.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/index-DHLbFvQt.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-bf5b2\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":783794,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (37703)","md5":"ac88ef4487dac4e8a6ce377c4791b30c","sha1":"1be758680e530c291eebe0877fe9aebd1fdc349b","sha256":"6b0b9ee7007b6fb609366e3511dc9b76a63d111f50b52ad45aaeb822a010ab53","sha512":"94d81835711be986cff4777ee9efdc484716147c076a31e610d6e9235517689458952fe364c33a96ed2b265b521a6d9a4c38648d944ef3586d90c9313b6c1b8c","ssdeep":"12288:EXz8RnSah82HYre30HUyP/uNORacwnTtDykTeeGo:Y8RnV8dre301/uWaLhDy8ea","tlshash":"79f43ad972a6713247e755a4507b0202f3396915304c8468f62cedef3db980aa2bbf7d","first_seen":"2026-04-18T12:38:26.320226Z","last_seen":"2026-04-18T12:45:25.348617Z","times_seen":3,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":83,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/react-toastify-Vo5JRGsH.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/react-toastify-Vo5JRGsH.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/assets/index-DHLbFvQt.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-781d\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30749,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (15870)","md5":"912be60f483d69a8d75681992d6bea46","sha1":"409a4f874cae595726ad55d7c20ba1f4e20e70cf","sha256":"52e92e44636a89d0dec21624f503c8811fe42b053317240a59876b9b6c3ec478","sha512":"87b1c6eb5e1191039255ded84fd8b636cb9c9f9327d9b1998cbc0c00b57dd59e08f2c55f981e97ba26b4426ec46b9169cf1bcb85e3a1ae9ce2635f40b4ec4240","ssdeep":"384:lXtOgrCTQzbeKylFsRXgiAeVSKbgD5s3aNFp51:dtOHQXB0s5nhbk63Y1","tlshash":"4ed2d680b9606e396da77d6643deca0dd12b60c288ef095d7def444d22c17c90fb2b5a","first_seen":"2026-04-18T12:38:25.946927Z","last_seen":"2026-04-18T12:45:25.35408Z","times_seen":3,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/ekr/snippet.js?key=20c31533-77df-44dd-86a7-98733f5382e3","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.781Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /ekr/snippet.js?key=20c31533-77df-44dd-86a7-98733f5382e3 HTTP/1.1\r\nHost: static.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nx-amz-id-2: rsGXsD3PDD1yd/nJsN/x5KYtcoo/lM/jR2TxVom7lbvtTSB9AjSyun2Ykco0ZlBulUPeDRVeGqs=\r\nx-amz-request-id: RKDXSJMEY8P5V3KV\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Fri, 10 Apr 2026 10:02:01 GMT\r\netag: W/\"24d1751c412f03b504ef6dcccfbdfc7d\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=3600, s-maxage=60\r\nx-amz-version-id: sDG6_AovsLSQXMsmWTedEdoESGe_PZNZ\r\nage: 22\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=kcrqJrZsUDV1ghhcvfcyrkGtldTHfYOvHTyTDtCEuMpksRiD6LIp6Kds6oGnnfHEgXrD57wkC3VmoQ0q%2BfMiy12cxw7259hvbaL1HWU7tv7RTv9W5GBvmIyjy6NAtcxlBpRrYA0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 0\r\nserver: cloudflare\r\ncf-ray: 9ee3b91428570b49-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9693,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9693), with no line terminators","md5":"24d1751c412f03b504ef6dcccfbdfc7d","sha1":"047617956e9e43cabdb8fa520e5459c9bee83ffc","sha256":"9f8b3108af9634e30a6e9a4a68ae168beb8210d092458b4ce30034466a50bc64","sha512":"a6bd70106cd999127d9e4a919dbf55631c770c22b8b17d3d02d5a25b27f5d77fb887e8e7be3e21020f8ecb8ba247b5976bd8255ed38468babf15de37cbf19de1","ssdeep":"192:4TF0ROz77kD6B1c4QSZBxtjKkF2P5lQBbUMamqif8Xq1hyDZ8klCtsC8cTC:0FYOzfk+u4QSZYkIPnpc+G0DZ8kotsau","tlshash":"1612e8c6b1b2e47603a600e1603a9690f765191a360dc43cf97cecd6fd66dd1863beb8","first_seen":"2026-04-10T10:06:38.095172Z","last_seen":"2026-05-01T04:03:05.349874Z","times_seen":2131,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":48,"dns":4,"connect":5,"send":0,"wait":15,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backend.heleket.com/api/v4/fingerprint/sessions/create","fqdn":"backend.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"backend.heleket.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 03:07:28 GMT","end":"Tue, 07 Jul 2026 03:07:27 GMT"},"fingerprint":{"sha1":"77:12:D7:EB:70:24:1F:FD:EC:4A:BC:61:7A:D4:D3:15:F4:44:8E:E2","sha256":"BC:26:CD:83:B0:91:18:F5:FE:58:3B:AC:86:FE:F0:42:C2:67:2D:D9:BE:6C:7D:73:B3:AD:61:44:95:55:27:6E"}}},"request":{"raw":"OPTIONS /api/v4/fingerprint/sessions/create HTTP/1.1\r\nHost: backend.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,language\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\nvary: Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: content-type,language\r\naccess-control-max-age: 0\r\nx-request-id: 085ef8809254a9b70b2c0c3afbc5ae7c, 7996eb25c22472e11d108fe0bc1000c9\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/favicon.ico","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://invoice-check.click/","date":"2026-04-18T12:37:44.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"invoice-check.click","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 10:49:16 GMT","end":"Thu, 25 Jun 2026 10:49:15 GMT"},"fingerprint":{"sha1":"0E:99:78:17:6C:16:97:88:2F:AE:28:E5:0E:81:0D:2D:FF:38:44:B3","sha256":"17:53:62:C7:13:D2:CC:E1:FE:AC:55:DA:6B:84:7D:A8:F8:75:2C:71:7D:DD:A4:65:4F:24:4E:DE:83:65:4E:24"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: invoice-check.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://invoice-check.click/\r\nCookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Sat, 18 Apr 2026 12:37:44 GMT\r\ncontent-type: text/plain\r\ncontent-length: 13\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=x2T94ZYawDnLhDgeJGIyjBAYpPogx9z7buEA30mc%2F1KFpCgwF5otQRxeqE0obFswyQCuvFS43UxebYj7Vz%2FrZ4xnYWjqCmDfc2d6FVfs5iqFlq5kQfWHAbfU7mjPlC4%2BDViSRIBx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9ee3b8faf90e0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"1e6cd917ed71a1241e4bedc29264bd98","sha1":"5b65037351caeb0e5a48d963d7ffa88d0271d546","sha256":"7d04f7431bbfa41a04bcc7e6b98b9de0d919756c4c671c5785c99fff45f16402","sha512":"90e7e9f406dbb9a55b45643d6b4afce103cd565b33e40397b8422e3347ad3778220f8d1ae7befe66db61ce796d3e22d24cbef5fd3ecbbcb5f89a852d19f47e99","ssdeep":"","tlshash":"eb60000c0003c3cc0000003033c00003c000030c303300330000c000000c03c00c00cc","first_seen":"2023-03-08T15:13:39Z","last_seen":"2026-05-01T02:27:34.917442Z","times_seen":13702,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=AW-17102470621\u0026cx=c\u0026gtm=4e64g0h2","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:08 GMT","end":"Mon, 22 Jun 2026 08:35:07 GMT"},"fingerprint":{"sha1":"7B:71:3D:9A:FE:85:53:DF:44:BB:90:D6:C4:82:1E:58:A2:A4:4B:F0","sha256":"CA:E9:C5:B9:FA:2B:F0:20:19:FF:0A:2C:CB:22:9F:C6:8B:41:0E:09:94:8E:E6:48:22:CA:02:F6:BA:10:B7:A3"}}},"request":{"raw":"GET /gtag/js?id=AW-17102470621\u0026cx=c\u0026gtm=4e64g0h2 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\nexpires: Sat, 18 Apr 2026 12:37:48 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 18 Apr 2026 12:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 144717\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":426019,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (5929)","md5":"e41156f040a92deadf6c5d92f15d048a","sha1":"960292172b04b0ca84274183c3566c874e54d318","sha256":"bccbe740d63a474df24a28c4643b3f1a03066c5a09bbc607da2c1707b3b1c89d","sha512":"818348e8ae28c182f6673d80dfdeabc3f380ae629722c65865371b77b06fd3c95be35bcdc4f7e34962b63dd7f0227cb6a59fc0063857e86beee87adde776c234","ssdeep":"6144:m+8jXPcVWD/1nqBZ8osjqpBKPzqQjKwd2b9NzWDb0K:cECnqn8MkCvCDN","tlshash":"c99408cdb3d6746253a3f478903f018ba57a29a2b44cc899f185cce42e7469a4277f7c","first_seen":"2026-04-18T12:38:26.37173Z","last_seen":"2026-04-18T12:38:26.37173Z","times_seen":1,"resource_available":true,"data":null}},"time_used":141,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":73,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/not-found-BCdP_OOH.css","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/not-found-BCdP_OOH.css HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-1cb\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":459,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (458)","md5":"16134ee03c585409d4acf5abd6d66196","sha1":"0d31668458af632c02b37f73a6eb0f81be7830f7","sha256":"19676319779b9883c602b00bf587df4afdc29b6f34662348e95b34c3e79b9e3b","sha512":"899d474facd4a48bdb9a4eca068f428353f57b458c53cbe20b48a3824a4e204e784f983b9d60f318e78bdde1ce55f198c7d721a44d9686bd73eeeab12cd2e225","ssdeep":"","tlshash":"2ef0dc16ca0262bcf62fe01c49908985f00bc84bc90b769ddf42b32ac6c52c697b018c","first_seen":"2026-03-24T01:55:34.298228Z","last_seen":"2026-04-18T12:45:25.351193Z","times_seen":5,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backend.heleket.com/v1/fingerprint/geo","fqdn":"backend.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"backend.heleket.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 03:07:28 GMT","end":"Tue, 07 Jul 2026 03:07:27 GMT"},"fingerprint":{"sha1":"77:12:D7:EB:70:24:1F:FD:EC:4A:BC:61:7A:D4:D3:15:F4:44:8E:E2","sha256":"BC:26:CD:83:B0:91:18:F5:FE:58:3B:AC:86:FE:F0:42:C2:67:2D:D9:BE:6C:7D:73:B3:AD:61:44:95:55:27:6E"}}},"request":{"raw":"OPTIONS /v1/fingerprint/geo HTTP/1.1\r\nHost: backend.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: language\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncache-control: no-cache, private\r\naccess-control-allow-origin: *\r\nvary: Access-Control-Request-Method,Access-Control-Request-Headers\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: language\r\naccess-control-max-age: 0\r\nx-request-id: 21cad271e49e510e7ea87d1cd703c9a6\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":281,"timings":{"blocked":106,"dns":35,"connect":21,"send":0,"wait":69,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/assets/css/index-CWC_Z3vg.css?v=1739450300","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://invoice-check.click/","date":"2026-04-18T12:37:47.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"invoice-check.click","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 10:49:16 GMT","end":"Thu, 25 Jun 2026 10:49:15 GMT"},"fingerprint":{"sha1":"0E:99:78:17:6C:16:97:88:2F:AE:28:E5:0E:81:0D:2D:FF:38:44:B3","sha256":"17:53:62:C7:13:D2:CC:E1:FE:AC:55:DA:6B:84:7D:A8:F8:75:2C:71:7D:DD:A4:65:4F:24:4E:DE:83:65:4E:24"}}},"request":{"raw":"GET /assets/css/index-CWC_Z3vg.css?v=1739450300 HTTP/1.1\r\nHost: invoice-check.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://invoice-check.click/\r\nCookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: text/css\r\nset-cookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax\r\ncf-cache-status: BYPASS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5fyf3a1SWByklkBi6p70Yo9xWfiXnFUykQdT9kYcBZJYezaFSTTbsYi%2B%2BANI2RStsVvRZxY2KgUvmBE9SnXCH%2BlCe0vIM%2BBU8uRjEaalaVxck34jdGGjgdIahTU1E7JtDsvQrmnH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ee3b908c8ed0731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12012,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (12011)","md5":"c6c2ea70caeac9383a47c10e3e749023","sha1":"5fa5e5200e203850cd7f1f6e6a5bc909cbfe6762","sha256":"3aeb30526fdfa2c6619ac410fb0fd1bbab7f724f58771f9a423ee6198e44923f","sha512":"9c9bcc5eea9429ae672dc39c670e384c74920524a5684081e7870e32e830bdeba2bc491c1e92db5eb60ea5c7a0d5f37218188a2cc223a1b7505254a6ac8f7877","ssdeep":"192:J2SeVZebTrSqmtJzyJEvn2ULtlxRB0UPSJCm9IwlYrJfynaHrC/F1oH:wSeDSrJmvf1LnPSJCm9IwlYrJqngqO","tlshash":"a4422a2503177228b8328ca36dc53ab22519915dea1d27f1e02d855cfadf3e707f0b89","first_seen":"2026-03-24T01:56:15.198453Z","last_seen":"2026-04-18T12:38:26.422537Z","times_seen":2,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/assets/css/lang-modal.css?v=1739450300","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://invoice-check.click/","date":"2026-04-18T12:37:47.033Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"invoice-check.click","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 10:49:16 GMT","end":"Thu, 25 Jun 2026 10:49:15 GMT"},"fingerprint":{"sha1":"0E:99:78:17:6C:16:97:88:2F:AE:28:E5:0E:81:0D:2D:FF:38:44:B3","sha256":"17:53:62:C7:13:D2:CC:E1:FE:AC:55:DA:6B:84:7D:A8:F8:75:2C:71:7D:DD:A4:65:4F:24:4E:DE:83:65:4E:24"}}},"request":{"raw":"GET /assets/css/lang-modal.css?v=1739450300 HTTP/1.1\r\nHost: invoice-check.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://invoice-check.click/\r\nCookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: text/css\r\nset-cookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax\r\ncf-cache-status: BYPASS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p2Moqixh9WOXb7%2BAUnJtqvY1RZUy7W2BGrJvj5cckvXWhMTc9ograLNVtYtWaNhIqkdptWZiUmALQhqvMSCLhKMpIc%2FMMY9ANzIdib2nHGfVV1cD%2B9c47H89Rt4K2NmiVrag2sSJ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ee3b908e9200731-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2981,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"56b7a1590ca3a3beb85ae2530019d5a2","sha1":"317e854b6284abb502bbe6c196a50a4a34441c6f","sha256":"bffe55cf7c70aeef1715b92ba9043dcefc3efa8d63189d964c6aaab4cbad19dc","sha512":"a86e0c8bf5659cc44a6df17820b1fe9f3262ad3fcd24a6a017c72dfdc686f5acdace3f12a11b6a6bd6677e848f6cac1d18b68a31e79d1f25427de63bc2d97db9","ssdeep":"","tlshash":"9551e0d086b05026f44b1338a5c71e196b6ee0458a06fefda3f1505cafc63dcd1a6ba9","first_seen":"2026-03-24T01:55:34.276125Z","last_seen":"2026-04-18T12:38:26.450216Z","times_seen":2,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/fonts/Inter/Inter_Regular.woff2","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:47.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /fonts/Inter/Inter_Regular.woff2 HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 116968\r\nlast-modified: Thu, 16 Apr 2026 07:42:22 GMT\r\netag: \"69e092de-1c8e8\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":116968,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 116968, version 1.0","md5":"b1376a34ab286e2382cd1a5f8af75537","sha1":"8abdb806484fc4302000105048cc3ea60db94d53","sha256":"d2edfede04b854c438c5ec1e1161207d389e7bef0b9ecb96ddc8ded6781a8423","sha512":"4bcc65b2d39946c8dae008206d0262673bb4d53b39d7c31602edb2137f6536a9c22f445b71c68da6a8360436ccd18a221201b9d3560653e9f0c511702a02d058","ssdeep":"1536:rM3EgwlRIICqa1krsCq5HwDg6FZg92n0UF2NgHW6rIq7ZvHL6cDUfclu9:5plRjCqaCRlvLbFin6rI4hmRL","tlshash":"02b312c5c153e966c6040ef7b37a8a1f1de54a63839878dc730520a44f2c6fee1da74a","first_seen":"2025-02-03T15:00:19.375313Z","last_seen":"2026-04-29T06:15:44.796229Z","times_seen":179,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-WZ85S256","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.8","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:47.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:08 GMT","end":"Mon, 22 Jun 2026 08:35:07 GMT"},"fingerprint":{"sha1":"7B:71:3D:9A:FE:85:53:DF:44:BB:90:D6:C4:82:1E:58:A2:A4:4B:F0","sha256":"CA:E9:C5:B9:FA:2B:F0:20:19:FF:0A:2C:CB:22:9F:C6:8B:41:0E:09:94:8E:E6:48:22:CA:02:F6:BA:10:B7:A3"}}},"request":{"raw":"GET /gtm.js?id=GTM-WZ85S256 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\nexpires: Sat, 18 Apr 2026 12:37:47 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 18 Apr 2026 12:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 146758\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":434522,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (7119)","md5":"6a2a90342811100db4d368f8f649d7df","sha1":"cb1fbbbccca90d860861be53977d8be0de41cfef","sha256":"ec8ed3e5c2a1945ae464c27449f57992117056ae321a434faadcc843b8f46849","sha512":"db2329d7704f5448ae3b7e29948735dff59719b43fffbb411fd7c0ee18f54b4a519839897584650ee90fc7337e5c066f658e367cc0039722f3a57c4a1d24e735","ssdeep":"6144:++8jjPcVWD/1nqBZ8osjqpBKPzqQjOed7bsNP5A0zK:OECnqn8IO/Iu","tlshash":"ec9408cdb3d6746253a2b478903f018ba57a29e2f44cc899f185cce42e7469a4277f7c","first_seen":"2026-04-18T12:38:26.497751Z","last_seen":"2026-04-18T12:38:26.497751Z","times_seen":1,"resource_available":true,"data":null}},"time_used":348,"timings":{"blocked":121,"dns":6,"connect":21,"send":0,"wait":40,"receive":61,"ssl":95},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/@tanstack/react-query-CiWnP6Gi.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/@tanstack/react-query-CiWnP6Gi.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-a6c2\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42690,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34572)","md5":"f1a228aa61a395d9cd00493ad8cac817","sha1":"4a19a112a8ad127266fa42547c14ea0af44345fe","sha256":"e112e18fe01af0796b68a24dc47b3e37124be3d4d5c0639acb6963b0066f1533","sha512":"e1f6482e1d78a6096f43840fa5e6843ece92257ce37585dc55de241dc914b287f495ff31db490c807cef0e49f6bf30cbd1699576aa28b00e8e421822bedc2554","ssdeep":"768:NmVfahInecirvdh9sdRr1c02RIvtGT7w+qStvSLvtivfGHNpd6cQRC9+9Pmm76kG:YSVk2Ng+Im9Zx8Bv","tlshash":"6b13c9d53142b2232ae2c491983f4115e2356c15340a906cb6ad9debf9a39cef4bff35","first_seen":"2026-04-18T12:38:26.51393Z","last_seen":"2026-04-18T12:45:25.344752Z","times_seen":3,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/favicon.ico","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 3774\r\nlast-modified: Thu, 16 Apr 2026 07:42:22 GMT\r\netag: \"69e092de-ebe\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3774,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 28x32, 32 bits/pixel","md5":"60408ec4dff0c9bd0931fc4837a87491","sha1":"e4355818e9e03a2ae8d6fb2c4025e808bb30b091","sha256":"fd6af3ab4435c2dd7fe657debddd1345a70c76978f479a24ce9d5b05d89da7d8","sha512":"e64b8b2d3a8c86c047304694e4d2198cd9afb6439720d34b377e990e9adca2d0da7a32da5c77f1f5f5b97119e4ce80e149a7979b65b5dc6f583d69b7a3af4d8d","ssdeep":"","tlshash":"2671388b21066b2cc62b4536a62f5f42f045ebdd2ccd8f7d1c14cfa3424ba1a0a759b9","first_seen":"2025-06-23T12:34:12.370012Z","last_seen":"2026-04-18T12:45:25.356653Z","times_seen":9,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/not-found-DSra4bGe.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/not-found-DSra4bGe.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/assets/index-DHLbFvQt.js\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-11be\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4542,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (4541)","md5":"6de770720712323496f5b926ae184cda","sha1":"26f821d71d686979137c75210ba469c7e5b686a7","sha256":"55301315e9db8be55fe0d523ffb7b615ed35531ddc66dc3b7a6eec7ed6fb559f","sha512":"26b3c54f24409b5f32008a1c647d67f03eaa2d9f7ce05d3f7d49116301daf08e58dafea37c906241c8a20eac33c0ec96434fad7d1acca5d9f5fe55df2e9d5d40","ssdeep":"96:LfSvxDr7C+Bkm6xs8nU8hUuD9qWOIwzbtlXhF7GCn20ny42nJ4:Lf8f7C+BktxnnUhgqWmbtBL7Gi20nWn6","tlshash":"879185c2957dd3fc780a6bec56b280113c2b2def5641e81582d91cb1e71118c6dea88b","first_seen":"2026-04-18T12:38:26.578261Z","last_seen":"2026-04-18T12:45:25.357256Z","times_seen":3,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/button-BdGWBdDR.css","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.385Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/button-BdGWBdDR.css HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nCookie: _gcl_au=1.1.28640778.1776515868; i18next=en-US\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: text/css\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-3a08\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14856,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (14855)","md5":"5c361308746a808722e702e729e2a27d","sha1":"fda11723f8a2d83b1e2c89299cb4b6f98895b19a","sha256":"12fa35f4b4af5075c716a7d7d389317ce4aa72f62e0d93f65139b9c18abf2e61","sha512":"ff12e334272b13f23b8d568ea95eacbf4b5f9f1a059ca72485e68e0ede6d6f81faa8abf30e8eeb9aa7960c2ddba058d700dfe13abe24dd65a80e5fe21782a311","ssdeep":"384:ecc7zctcuc1cQcYcVcTcVckc7c5cqcIucQicA4ckclAck5I:ZcHctcuc1cQcYcVcTcVckc7c5cqcpcpt","tlshash":"4c628a94b330b134bc774827ea45191ab315e9da1e72ca7ac9589bdc82cf25f2d077c8","first_seen":"2026-03-24T01:55:34.297069Z","last_seen":"2026-04-18T12:45:25.360042Z","times_seen":5,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ekr.zdassets.com/compose/20c31533-77df-44dd-86a7-98733f5382e3","fqdn":"ekr.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /compose/20c31533-77df-44dd-86a7-98733f5382e3 HTTP/1.1\r\nHost: ekr.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-expose-headers: \r\naccess-control-max-age: 7200\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncdn-cache-control: max-age=60\r\nvary: Accept,Origin, Accept-Encoding\r\ncache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600\r\netag: W/\"69a73ca680522be8076729c952e6a607\"\r\nx-request-id: 9ed26b86ce5577e4-LHR\r\nx-runtime: 0.008071\r\nx-envoy-upstream-service-time: 10\r\nzendesk-service: embed-key-registry\r\nx-zendesk-zorg: yes\r\ncontent-encoding: br\r\nvia: zorg\r\nx-envoy-decorator-operation: /\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=niGbebd5RHxx6hIiyrn1dco3HPBrSSOEqVxbD6AAv1GqEj60VP%2F9ElutxfyICJeT0k91kAo%2B55MbrZMF9EUDCX%2Flqb%2F0Mfl8eG0zvaiei2v%2Bc6qFez44xsv4Pcdga1M9aYs%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\ncf-ray: 9ee3b9151d3d5689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1669,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6f52f26af22fff88117e1c8dabaa33a7","sha1":"4772c615322e164e4d255af546dc41ab174c9290","sha256":"69a73ca680522be8076729c952e6a607e87628ae3f066fd106ccb6f4373e01e4","sha512":"d0ce861b2062b7093e81b1a0d57660d7e17f8b492073fadcae116d7ad598db974308344a66152487f72af51f8179a69763d21ec05bcc2cec541c2e41c67cbce7","ssdeep":"","tlshash":"6131307ede4d3469c552c362d9247a0327b58f7b13887458f88c9c0c51df1ea1197b9b","first_seen":"2026-04-18T12:38:26.616339Z","last_seen":"2026-04-18T12:45:25.352655Z","times_seen":3,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":45,"dns":26,"connect":1,"send":0,"wait":57,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/@tanstack/react-query-CiWnP6Gi.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.104Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/@tanstack/react-query-CiWnP6Gi.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/assets/index-DHLbFvQt.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-a6c2\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":42690,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (34572)","md5":"f1a228aa61a395d9cd00493ad8cac817","sha1":"4a19a112a8ad127266fa42547c14ea0af44345fe","sha256":"e112e18fe01af0796b68a24dc47b3e37124be3d4d5c0639acb6963b0066f1533","sha512":"e1f6482e1d78a6096f43840fa5e6843ece92257ce37585dc55de241dc914b287f495ff31db490c807cef0e49f6bf30cbd1699576aa28b00e8e421822bedc2554","ssdeep":"768:NmVfahInecirvdh9sdRr1c02RIvtGT7w+qStvSLvtivfGHNpd6cQRC9+9Pmm76kG:YSVk2Ng+Im9Zx8Bv","tlshash":"6b13c9d53142b2232ae2c491983f4115e2356c15340a906cb6ad9debf9a39cef4bff35","first_seen":"2026-04-18T12:38:26.51393Z","last_seen":"2026-04-18T12:45:25.344752Z","times_seen":3,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/motion-BA0DeswC.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/motion-BA0DeswC.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-22b76\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":142198,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (42455)","md5":"2e656cb753f5d2bc22c53d292a6abb5e","sha1":"76ad8d8a02f70ff13d82ec9f34c2a203f85c68d1","sha256":"3c96309034e7e2d0d8038beef864531ea46b85fbbd48d37d55b7be98cfef4991","sha512":"67b085941c8ccf5a7cba45403636d285dd9b9e02cf13265638f91299cfeb67f318530fe727b3e4473023452b1125545ccb347eb96747f2462e09e0770cb17838","ssdeep":"3072:Y7gYamnA4PCOH3oOnj9ThnMTMoVARX/pLSU5EDEC7ngkPGu9vHK:nYab4xXf91MMoORMK","tlshash":"49d328d87291752283d784e580af0741b73a2c843009c4bcba7deddb7d6150a66bbb7d","first_seen":"2026-04-18T12:38:26.635155Z","last_seen":"2026-04-18T12:45:25.345546Z","times_seen":3,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.com/ccm/collect?rcb=19\u0026frm=0\u0026ae=g\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026ep.ads_data_redaction=0\u0026gtm=45He64g0h2v9206022683za200zd9206022683xea\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115938466~115938468~117266400\u0026apve=1\u0026apvf=f\u0026apvc=1\u0026tft=1776515868209\u0026tfd=632","fqdn":"www.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.251.151.119","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:36 GMT","end":"Mon, 22 Jun 2026 08:37:35 GMT"},"fingerprint":{"sha1":"08:79:9D:7F:DB:8C:0A:9F:3E:E2:C7:8A:F2:4D:E4:E2:5B:36:28:22","sha256":"07:42:F0:13:40:B6:A1:62:31:62:8E:96:2F:96:8C:7C:C0:5B:F0:8A:DB:0B:A6:E2:44:14:41:7D:B2:7C:B9:74"}}},"request":{"raw":"GET /ccm/collect?rcb=19\u0026frm=0\u0026ae=g\u0026en=page_view\u0026dr=invoice-check.click\u0026dl=https%3A%2F%2Fnew-pay.heleket.com%2F\u0026scrsrc=www.googletagmanager.com\u0026rnd=1190425138.1776515868\u0026dt=Heleket%20Pay\u0026auid=28640778.1776515868\u0026navt=n\u0026npa=1\u0026ep.ads_data_redaction=0\u0026gtm=45He64g0h2v9206022683za200zd9206022683xea\u0026gcd=13l3l3l2l1l1\u0026dma_cps=a\u0026dma=1\u0026tag_exp=0~115938466~115938468~117266400\u0026apve=1\u0026apvf=f\u0026apvc=1\u0026tft=1776515868209\u0026tfd=632 HTTP/1.1\r\nHost: www.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npragma: no-cache\r\ncache-control: no-cache, no-store, must-revalidate\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncontent-type: text/plain\r\nvary: Origin, X-Origin, Referer\r\nserver: scaffolding on HTTPServer2\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T03:39:36.105826Z","times_seen":14453630,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/fonts/Inter/Inter_SemiBold.woff2","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:47.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /fonts/Inter/Inter_SemiBold.woff2 HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 119508\r\nlast-modified: Thu, 16 Apr 2026 07:42:22 GMT\r\netag: \"69e092de-1d2d4\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":119508,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 119508, version 1.0","md5":"c37cb8fe20e436fd3246c24aa23da4d9","sha1":"7e971e2f77fde259d9b4895c04945d3083a2f477","sha256":"654d24db683a1732d18b708246b63541ad6794c367c6acd044a543b3c2e3f2cb","sha512":"ea3743490368c5385f36dbafff1b1c331782403a07f14fc50ef88e942d58e68575bf700e8edb35e5ff249dee5dc513f2ad900478858d2b033d6d3d51f8b7dbcd","ssdeep":"3072:/u0qI3Yplb3nHTukL11ReTgNk1Pkswg7UsTut1mU1zkrc5rARoTW:13g3X4qswg7Egra8oi","tlshash":"31c312955d06c85de075172268b587af0a6bdf308e7cb7e7aafc402d742b887c1891dc","first_seen":"2025-02-10T22:08:58.898266Z","last_seen":"2026-04-27T20:23:46.952722Z","times_seen":115,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":47,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T12:37:47.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://invoice-check.click/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:47 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-8ab\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2219,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"1dfa44b396c5aaa322b6f04d7f19fe49","sha1":"eb045d5c193cba67e17940c769b371d4ac950685","sha256":"b4c9445de1219d888b4ea2974aa0143237c57e93c94af9e9ae6ee1a1a7fb16ea","sha512":"9a3dc843d2b5ab0a74806d04d8885857ddf1e879701786ba2e1b84e8d95840234823985cf1aadc94590aa8552b071dd00d4414e6a88aab6efdc34137851966c1","ssdeep":"","tlshash":"4941fc023de5c91456345226baf1e4289c83724f9648dca4b4ee507e0fc6bd24e53bba","first_seen":"2026-04-18T12:38:26.28764Z","last_seen":"2026-04-18T12:45:25.354805Z","times_seen":3,"resource_available":true,"data":null}},"time_used":198,"timings":{"blocked":84,"dns":21,"connect":21,"send":0,"wait":22,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/button-CTJSs1bV.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.394Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/button-CTJSs1bV.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-1901\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6401,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (6400)","md5":"f7313b2920c4e86d2099a74af3f0c912","sha1":"3e248a913c1511bfbcce4ccb448b43a597330958","sha256":"a053cf78361411b3b32f222f916c97e759ffff3ff14212ce06da5be91c241d62","sha512":"ebd3501bac84b9fa7684296343f97739af5d80274d4877f4559ef402dfa69fc785de17db04988b649088c9df53086868a2e9ccf3e9d325c83961f2bacc770c21","ssdeep":"192:YkXcIRcmTjIc+ucHjmburcVH0cMrBHvpfDPbm6MvD:YEcscVc5cDdrcicKBHvpfDPZMr","tlshash":"95d13088ef1c6138beb3401ba2763446f26a25bf5c75d8b8d41c4ebd528b1863a176d3","first_seen":"2026-04-18T12:38:25.896465Z","last_seen":"2026-04-18T12:45:25.372878Z","times_seen":3,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/ekr/snippet.js?key=20c31533-77df-44dd-86a7-98733f5382e3","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /ekr/snippet.js?key=20c31533-77df-44dd-86a7-98733f5382e3 HTTP/1.1\r\nHost: static.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nx-amz-id-2: rsGXsD3PDD1yd/nJsN/x5KYtcoo/lM/jR2TxVom7lbvtTSB9AjSyun2Ykco0ZlBulUPeDRVeGqs=\r\nx-amz-request-id: RKDXSJMEY8P5V3KV\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Fri, 10 Apr 2026 10:02:01 GMT\r\netag: W/\"24d1751c412f03b504ef6dcccfbdfc7d\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=3600, s-maxage=60\r\nx-amz-version-id: sDG6_AovsLSQXMsmWTedEdoESGe_PZNZ\r\nage: 22\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=5MiwU8d952VAPsQCO0O5GGet4esvL6QRb19ZYoX8Ik%2F320OMAPjRcqv08TwaUSlTQc05LbJsvuMIFJ%2FeXZonj7qMhOSG5q7yyX2SjQq5GzCVIi32eTaC7rjgoXY0a%2Fsr1wEoF6Y%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 0\r\nserver: cloudflare\r\ncf-ray: 9ee3b91438580b49-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":9693,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (9693), with no line terminators","md5":"24d1751c412f03b504ef6dcccfbdfc7d","sha1":"047617956e9e43cabdb8fa520e5459c9bee83ffc","sha256":"9f8b3108af9634e30a6e9a4a68ae168beb8210d092458b4ce30034466a50bc64","sha512":"a6bd70106cd999127d9e4a919dbf55631c770c22b8b17d3d02d5a25b27f5d77fb887e8e7be3e21020f8ecb8ba247b5976bd8255ed38468babf15de37cbf19de1","ssdeep":"192:4TF0ROz77kD6B1c4QSZBxtjKkF2P5lQBbUMamqif8Xq1hyDZ8klCtsC8cTC:0FYOzfk+u4QSZYkIPnpc+G0DZ8kotsau","tlshash":"1612e8c6b1b2e47603a600e1603a9690f765191a360dc43cf97cecd6fd66dd1863beb8","first_seen":"2026-04-10T10:06:38.095172Z","last_seen":"2026-05-01T04:03:05.349874Z","times_seen":2131,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":53,"dns":1,"connect":1,"send":0,"wait":12,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"invoice-check.click/","fqdn":"invoice-check.click","domain":"invoice-check.click","tld":"click"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T12:37:44.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"invoice-check.click","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 27 Mar 2026 10:49:16 GMT","end":"Thu, 25 Jun 2026 10:49:15 GMT"},"fingerprint":{"sha1":"0E:99:78:17:6C:16:97:88:2F:AE:28:E5:0E:81:0D:2D:FF:38:44:B3","sha256":"17:53:62:C7:13:D2:CC:E1:FE:AC:55:DA:6B:84:7D:A8:F8:75:2C:71:7D:DD:A4:65:4F:24:4E:DE:83:65:4E:24"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: invoice-check.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:44 GMT\r\ncontent-type: text/html; charset=utf-8\r\nset-cookie: hcsid=a.77f5033ca9da61b2be6c7fe321bcbda5479502c24677ab3887d4d100e9d330ab; Max-Age=604800; Path=/; HttpOnly; SameSite=Lax\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ua%2F0jWe%2FtrFWwgSMaciFPGzJUgCu3l3THvl1ZyRwFtqAKubu0tZA7nEVOLf3k%2B6MkVPATyHoT6pOgtT9%2Bs5O3bL78CbbOmCRceUwqcjOyQyCF2vg%2Bgh6YemXAQecAu4uv2RSlrg1\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ee3b8f8db3c56c0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":843,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"9ecc509e685bb3287f746886e0e9476e","sha1":"977139cb9cafdc688b748db5a1dded740ad3150e","sha256":"15e93175e97737a4f23f7bf412910e4e5ad59459cd52bfaafe1be5db8a655746","sha512":"95de15ff995fb44cbda31221efd3f20ae32d9f24f4881a520398b1c40189d8c4f16cbd0b0ae13a2ed23d9d391b3276e20524c614e83fd53f4b8fe37b8e1697ad","ssdeep":"","tlshash":"4901ce526d931006a213d5401ff6520d3295e55b819fdab57fe03059cf8578c9de32ac","first_seen":"2026-04-03T12:11:13.261875Z","last_seen":"2026-04-21T08:56:27.676794Z","times_seen":19,"resource_available":true,"data":null}},"time_used":306,"timings":{"blocked":76,"dns":44,"connect":7,"send":0,"wait":154,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"invoice-check.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/motion-BA0DeswC.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/motion-BA0DeswC.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/assets/index-DHLbFvQt.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-22b76\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":142198,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (42455)","md5":"2e656cb753f5d2bc22c53d292a6abb5e","sha1":"76ad8d8a02f70ff13d82ec9f34c2a203f85c68d1","sha256":"3c96309034e7e2d0d8038beef864531ea46b85fbbd48d37d55b7be98cfef4991","sha512":"67b085941c8ccf5a7cba45403636d285dd9b9e02cf13265638f91299cfeb67f318530fe727b3e4473023452b1125545ccb347eb96747f2462e09e0770cb17838","ssdeep":"3072:Y7gYamnA4PCOH3oOnj9ThnMTMoVARX/pLSU5EDEC7ngkPGu9vHK:nYab4xXf91MMoORMK","tlshash":"49d328d87291752283d784e580af0741b73a2c843009c4bcba7deddb7d6150a66bbb7d","first_seen":"2026-04-18T12:38:26.635155Z","last_seen":"2026-04-18T12:45:25.345546Z","times_seen":3,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ekr.zdassets.com/compose/20c31533-77df-44dd-86a7-98733f5382e3","fqdn":"ekr.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /compose/20c31533-77df-44dd-86a7-98733f5382e3 HTTP/1.1\r\nHost: ekr.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-expose-headers: \r\naccess-control-max-age: 7200\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncdn-cache-control: max-age=60\r\nvary: Accept,Origin, Accept-Encoding\r\ncache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600\r\netag: W/\"69a73ca680522be8076729c952e6a607\"\r\nx-request-id: 9ed26b86ce5577e4-LHR\r\nx-runtime: 0.008071\r\nx-envoy-upstream-service-time: 10\r\nzendesk-service: embed-key-registry\r\nx-zendesk-zorg: yes\r\ncontent-encoding: br\r\nvia: zorg\r\nx-envoy-decorator-operation: /\r\nage: 6\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=O4qdLP5avoAeCPW8zX77pmn%2BuMpfAiPWZ0SUrMLbBHKBtyZRtPFLpfrhJKpwngLWqR0t%2FEEOkhNTMtlodFifu0bJxPwp3HWJHt8o7Rp%2BPkBuiZYstwwntYX1jiO0mCPJuYk%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=0\r\nserver: cloudflare\r\ncf-ray: 9ee3b9151d415689-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":1669,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6f52f26af22fff88117e1c8dabaa33a7","sha1":"4772c615322e164e4d255af546dc41ab174c9290","sha256":"69a73ca680522be8076729c952e6a607e87628ae3f066fd106ccb6f4373e01e4","sha512":"d0ce861b2062b7093e81b1a0d57660d7e17f8b492073fadcae116d7ad598db974308344a66152487f72af51f8179a69763d21ec05bcc2cec541c2e41c67cbce7","ssdeep":"","tlshash":"6131307ede4d3469c552c362d9247a0327b58f7b13887458f88c9c0c51df1ea1197b9b","first_seen":"2026-04-18T12:38:26.616339Z","last_seen":"2026-04-18T12:45:25.352655Z","times_seen":3,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":45,"dns":27,"connect":1,"send":0,"wait":55,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backend.heleket.com/api/v4/fingerprint/sessions/create","fqdn":"backend.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"backend.heleket.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 03:07:28 GMT","end":"Tue, 07 Jul 2026 03:07:27 GMT"},"fingerprint":{"sha1":"77:12:D7:EB:70:24:1F:FD:EC:4A:BC:61:7A:D4:D3:15:F4:44:8E:E2","sha256":"BC:26:CD:83:B0:91:18:F5:FE:58:3B:AC:86:FE:F0:42:C2:67:2D:D9:BE:6C:7D:73:B3:AD:61:44:95:55:27:6E"}}},"request":{"raw":"POST /api/v4/fingerprint/sessions/create HTTP/1.1\r\nHost: backend.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nLanguage: en-US\r\nContent-Length: 577\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":577,"data":"{\"fingerprint\":{\"available_screen_resolution\":\"1280x1024\",\"color_depth\":24,\"device_memory\":null,\"hardware_concurrency\":48,\"os\":\"Windows 10\",\"platform\":\"Win32\",\"screen_resolution\":\"1280x1024\",\"touch_support\":false,\"video_card_render\":\"llvmpipe\",\"video_card_vendor\":\"Mesa\",\"canvas_hash\":\"949c557074a26ce5c643bd74e5472f0def88beef91d1e39d0d93752b2c73c6c7\",\"timezone_offset\":0,\"language\":\"en-US\",\"languages\":[\"en-US\",\"en\"]},\"session\":{\"user_agent\":null,\"browser_major_version\":134,\"browser_name\":\"Firefox 134.0\",\"referrer\":\"https://invoice-check.click/\",\"timezone\":\"UTC\",\"ip\":null}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/json\r\ncontent-length: 72\r\ncache-control: private, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\naccess-control-allow-origin: *\r\ncontent-encoding: br\r\nx-request-id: da8a3c5ba4cfe7a2a3d7f109c0bc9e3c, d06033960742b6fe1e7ad8c4d6ba91b9\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9e6c5d1c766ae4869c142e1d713a934c","sha1":"3ebd05351f98f35ecdfb12bec4f7a2b5580e21a3","sha256":"3bba5ecc2073d5113caa82e935d1d8d05cd170c2914dcac30322e291ddcce8d8","sha512":"3a022d9a2b6537d1790abd4dcb60e2f1aaf8982b2ecb80026f70c319f3b40f12bbe6934fbc9593ce5f7ac11d2f55e73c00487a830a633473b00912230ff1c754","ssdeep":"","tlshash":"70a022b83c30c2ca0882c30e00000bb08883008a0b282cbc00e8c8280820c2b23eea32","first_seen":"2026-03-24T01:55:34.285498Z","last_seen":"2026-04-18T12:45:25.355517Z","times_seen":5,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"backend.heleket.com/v1/fingerprint/geo","fqdn":"backend.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"backend.heleket.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 08 Apr 2026 03:07:28 GMT","end":"Tue, 07 Jul 2026 03:07:27 GMT"},"fingerprint":{"sha1":"77:12:D7:EB:70:24:1F:FD:EC:4A:BC:61:7A:D4:D3:15:F4:44:8E:E2","sha256":"BC:26:CD:83:B0:91:18:F5:FE:58:3B:AC:86:FE:F0:42:C2:67:2D:D9:BE:6C:7D:73:B3:AD:61:44:95:55:27:6E"}}},"request":{"raw":"GET /v1/fingerprint/geo HTTP/1.1\r\nHost: backend.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nLanguage: en-US\r\nOrigin: https://new-pay.heleket.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://new-pay.heleket.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Accept-Encoding\r\ncache-control: private, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\naccess-control-allow-origin: *\r\nx-request-id: 5e2c1e2109405b0cbec31141afb556ca\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3a7331dc185c3ccfd0f132fdd4bab3f2","sha1":"fdc935059a1447745ca7e4c717c9f599074877aa","sha256":"f379dc658b05ebf2186997353179d64746d1ff77a8a5d32254e8ca7350eba026","sha512":"d35583a50865a336921874a29eb3362c905237022f56d748f16339858a1176dd5663e35bc18372ff6b118857315fc6e913f3fed29cc752dedae12e3f98325b67","ssdeep":"","tlshash":"19a0019abae88e685ea6de41582b625749af9259cbae0501cd892b60c60148d6208a98","first_seen":"2026-03-24T01:55:34.293295Z","last_seen":"2026-04-18T12:45:25.364901Z","times_seen":5,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-main-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:49.064Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /web_widget/messenger/latest/web-widget-main-d7a417e.js HTTP/1.1\r\nHost: static.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-amz-id-2: FxSAeNYCG0L/6Z3dueZhUUwHe/oKKyCIYAaXPJNRCe5IdVJhBsxU5RNgbHiH4cib3nXPqwvCbbCqVxjCAwT4N6J8TOYSpOmJ\r\nx-amz-request-id: W5Q8RVQ4DEQFR758\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Wed, 15 Apr 2026 08:09:39 GMT\r\netag: W/\"f1dd8a94fafaa157646f04eb9ce4e90a\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 15 Apr 2027 08:09:38 GMT\r\nx-amz-version-id: Lb1Ljk.8Wc.a9P1scl..FMz8Psu.neeG\r\nage: 186204\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=LwW%2Byy2RTK5gkqtxp%2BGkLu7h5lbUF9zXP68v4mgE0PvhQn%2Fmf51Jbdy3sQT0OFfL0UZwPvG9O416wD29ZR3x9lWiYP9yWESS9Q5rJr8aaRnW9UdwBDRXYVPCsuc%2Bm39vhosk9IU%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 0\r\nserver: cloudflare\r\ncf-ray: 9ee3b915a93b0b49-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":703654,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65306)","md5":"f1dd8a94fafaa157646f04eb9ce4e90a","sha1":"7ff394d729fb21c2c465f6065ccbf85f6dad33a1","sha256":"58668927f566ec3dd46b3ff86724cd658a29c528d7e874eab89d24c01b75583e","sha512":"f93b44a14d84abaad06a51f280c9bbb4ee0d69b339c4cf46e60d50b21e7d9914236588a1fd639a57a604297a1fd3c19dd58838c9a776b97b9d38c44f244f19ae","ssdeep":"12288:+Q2d2VtmTf9GZ2F+6TvlXL+jj6lz6hH3ZlrVl8aQursIfmv2O/:+Q2d2VtmTf9GZ2F+68jj6lz693Zt8aQb","tlshash":"17e46bd970d2b06647f316e6907f1006f3392919780dc450f268ecda6ab948db2b7f6e","first_seen":"2026-04-16T11:15:00.786419Z","last_seen":"2026-04-21T11:43:16.44498Z","times_seen":192,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.zdassets.com/web_widget/messenger/latest/web-widget-main-d7a417e.js","fqdn":"static.zdassets.com","domain":"zdassets.com","tld":"com"},"ip":{"addr":"216.198.53.3","port":443,"asn":209242,"as":"Cloudflare London, LLC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:49.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"zdassets.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 18 Feb 2026 17:00:34 GMT","end":"Tue, 19 May 2026 18:00:30 GMT"},"fingerprint":{"sha1":"14:9A:89:D7:CB:70:A3:11:58:FE:26:A0:14:7E:0E:40:5A:6E:0A:D3","sha256":"F7:5B:93:5D:37:70:AA:1F:CE:DB:DF:AF:12:84:79:9D:67:51:14:E9:D7:D9:AB:0C:32:4E:65:FD:74:64:C5:23"}}},"request":{"raw":"GET /web_widget/messenger/latest/web-widget-main-d7a417e.js HTTP/1.1\r\nHost: static.zdassets.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 12:37:49 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nx-amz-id-2: FxSAeNYCG0L/6Z3dueZhUUwHe/oKKyCIYAaXPJNRCe5IdVJhBsxU5RNgbHiH4cib3nXPqwvCbbCqVxjCAwT4N6J8TOYSpOmJ\r\nx-amz-request-id: W5Q8RVQ4DEQFR758\r\nx-amz-replication-status: COMPLETED\r\nlast-modified: Wed, 15 Apr 2026 08:09:39 GMT\r\netag: W/\"f1dd8a94fafaa157646f04eb9ce4e90a\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: public, max-age=31536000\r\nexpires: Thu, 15 Apr 2027 08:09:38 GMT\r\nx-amz-version-id: Lb1Ljk.8Wc.a9P1scl..FMz8Psu.neeG\r\nage: 186204\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=yE4t4LuexBiwwF6Er%2BDo4yFRUejYtiu%2B8wKy75klYweYJ49JkCE0ypvu%2FovzwZuAjdem8tMyaWRT5Q99KDJbQJXZ3Q%2FD8MnUhGL5Mvdg3sDFLkPSLU%2Fwx01xhVSNODb6hC75pj8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=0\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 0\r\nserver: cloudflare\r\ncf-ray: 9ee3b915d9610b49-OSL\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":703654,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65306)","md5":"f1dd8a94fafaa157646f04eb9ce4e90a","sha1":"7ff394d729fb21c2c465f6065ccbf85f6dad33a1","sha256":"58668927f566ec3dd46b3ff86724cd658a29c528d7e874eab89d24c01b75583e","sha512":"f93b44a14d84abaad06a51f280c9bbb4ee0d69b339c4cf46e60d50b21e7d9914236588a1fd639a57a604297a1fd3c19dd58838c9a776b97b9d38c44f244f19ae","ssdeep":"12288:+Q2d2VtmTf9GZ2F+6TvlXL+jj6lz6hH3ZlrVl8aQursIfmv2O/:+Q2d2VtmTf9GZ2F+68jj6lz693Zt8aQb","tlshash":"17e46bd970d2b06647f316e6907f1006f3392919780dc450f268ecda6ab948db2b7f6e","first_seen":"2026-04-16T11:15:00.786419Z","last_seen":"2026-04-21T11:43:16.44498Z","times_seen":192,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/locales/en/default.json","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /locales/en/default.json HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nsentry-trace: d952f1fa9687441891ad70702999ca46-b8cd83a08d2cf848-0\r\nbaggage: sentry-environment=production,sentry-public_key=e9c7b14eb319495cbc9a47a78316b752,sentry-trace_id=d952f1fa9687441891ad70702999ca46,sentry-sample_rate=0.5,sentry-sampled=false\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _gcl_au=1.1.28640778.1776515868\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:22 GMT\r\netag: W/\"69e092de-72a9\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":29353,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2d3ba5166582247cd3b3a87968237792","sha1":"513ebf8cc6d0feefab352ad4a40fbed7927c84e0","sha256":"dbd1fab41d662daf6f611a896f81ddb01765b784a203ce1199decf3cf665d6de","sha512":"1dd54a4b06d20722354bb03e1ea590651cfbbf919ff22f3a523282bfa744991791f5556d118f24a2083b89ac6e1a0fd4ef04952ad0987e9b57f43316d8f876f7","ssdeep":"384:ma5gCqxAMsn0PUxGSDMbttN4scyKCmIvkSW5V+p+Ns2BX7u1sizTklIrwulnx8fi:maQxcn08DYi2hW5VTi1DBr1Obe+MwG","tlshash":"e7d2410ef244167305c10202749fa5e7ab1a89ab0721717a5baf811d17eeebf8d7b4cd","first_seen":"2026-04-18T12:38:26.755541Z","last_seen":"2026-04-18T12:45:25.349331Z","times_seen":3,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"new-pay.heleket.com/assets/not-found-DSra4bGe.js","fqdn":"new-pay.heleket.com","domain":"heleket.com","tld":"com"},"ip":{"addr":"31.133.222.28","port":443,"asn":50245,"as":"Serverel Inc.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://new-pay.heleket.com/","date":"2026-04-18T12:37:48.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"new-pay.heleket.com","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 04 Mar 2026 03:08:11 GMT","end":"Tue, 02 Jun 2026 03:08:10 GMT"},"fingerprint":{"sha1":"03:19:AB:11:EB:90:E9:30:D5:F2:1F:B3:32:37:CE:BC:E8:F8:9F:95","sha256":"69:37:77:61:4C:20:D3:21:E5:61:48:26:5D:80:12:76:BD:C2:AC:A7:58:F2:38:3A:A0:13:15:0F:18:8E:50:96"}}},"request":{"raw":"GET /assets/not-found-DSra4bGe.js HTTP/1.1\r\nHost: new-pay.heleket.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://new-pay.heleket.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Apr 2026 12:37:48 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding, Accept-Encoding\r\nlast-modified: Thu, 16 Apr 2026 07:42:25 GMT\r\netag: W/\"69e092e1-11be\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4542,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (4541)","md5":"6de770720712323496f5b926ae184cda","sha1":"26f821d71d686979137c75210ba469c7e5b686a7","sha256":"55301315e9db8be55fe0d523ffb7b615ed35531ddc66dc3b7a6eec7ed6fb559f","sha512":"26b3c54f24409b5f32008a1c647d67f03eaa2d9f7ce05d3f7d49116301daf08e58dafea37c906241c8a20eac33c0ec96434fad7d1acca5d9f5fe55df2e9d5d40","ssdeep":"96:LfSvxDr7C+Bkm6xs8nU8hUuD9qWOIwzbtlXhF7GCn20ny42nJ4:Lf8f7C+BktxnnUhgqWmbtBL7Gi20nWn6","tlshash":"879185c2957dd3fc780a6bec56b280113c2b2def5641e81582d91cb1e71118c6dea88b","first_seen":"2026-04-18T12:38:26.578261Z","last_seen":"2026-04-18T12:45:25.357256Z","times_seen":3,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}