{"report_id":"9e310098-3f14-437a-8b71-1b4c488bc11f","version":6,"status":"done","tags":[],"date":"2026-04-21T09:41:25Z","url":{"schema":"https","addr":"saturn-credit.com/","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"saturn-credit.com/","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"title":"Saturn: Digital Dollars on Digital Credit","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"saturn-credit.com/","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-26T09:41:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"saturn-credit.com","ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-14","domain_rank":0,"first_seen":"2026-04-21T08:56:57.814126Z","last_seen":"2026-04-21T08:56:57.814126Z","alert_count":64,"request_count":32,"received_data":40932575,"sent_data":15430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Framer Sites","description":"Framer is a no-code web design platform for designing and publishing responsive websites.","website":"https://www.framer.com","common_platform_enumeration":"","icon":"Framer Sites.svg","categories":["CMS","Page builders"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}]},{"fqdn":"framerusercontent.com","ip":{"addr":"52.84.50.61","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2019-04-29","domain_rank":18507,"first_seen":"2019-05-01T19:48:10Z","last_seen":"2026-04-16T02:14:56.537922Z","alert_count":0,"request_count":1,"received_data":3545,"sent_data":471,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"saturn-credit.com/","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-04-23T02:44:36.463064Z","times_seen":3069,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/main-7f8b9c1d2e5a3f6b.min.js","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"59e7408e947111bc63fe7354d37035a6","sha1":"a18c27f69aaa69ca059026257f3b3f8d2e7f98c8","sha256":"d12317a02bf0dc0ad7d8b86bf587ec9a475eb21f4041506e3884bd8bc32593ec","sha512":"6d1cb03d90c0609e9ac46dc448052fef7a78ea5a7b7a7143f61d899f18a4c30be27df59fbfcf698b1f5bb8bbeca065e594939c7711589784c22250f7a03fe18d","ssdeep":"768:PAbVYcdqfggXs3EPIHtucNbjW4Pv6MnTZh3bBVgPj82W3cq7cKch50sbWcWFwcfV:xfN83EPIH9GC6S1pbBiP/qouPGyfr","tlshash":"8f63a8d6680ad4e68d5524cdd437fc09e0688963ccadf053e62cedc5b81ef69a44b23b","size":70464,"data":"","first_seen":"2026-03-24T12:03:34.920424Z","last_seen":"2026-04-22T12:27:18.093563Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"e154d7a74a29d4a158c5b6060ce92ebd","sha1":"2b3a668ed8b7f31863f16b299e580e2d9d497d95","sha256":"a48f48a8acc4ce735c3f1625d2182b0932e3678ebcada79282bdcd5aff7e4c57","sha512":"9422d02e41071939edde384d53f96420f02dc75ff83f0803eb277d3021f7b4f6341506619964d59a6cd0cdcdd86a7d397bf05d0f06c23adfd3d91aabae4a8471","ssdeep":"768:2EDVEcDKLIYP99Y4WZQLuJ40Cg4x25lZ/fot1kZ4QRcMcBN0oFWcW/gcfLcwe2S3:SLZPTY0SJbf46lSLQsc5Mkvk","tlshash":"c563a6d5680bd4e68d9124cdd437ed09e4688d23cd6df163a52ceec0781ef6aa44b23b","size":67381,"data":"","first_seen":"2026-03-24T12:03:34.945937Z","last_seen":"2026-04-22T12:27:18.107059Z","times_seen":43,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"saturn-credit.com/KQhFxnrr5zST1p0C8lrnI9BfEY-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.505Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /KQhFxnrr5zST1p0C8lrnI9BfEY-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3427\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-d63\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cpa5v61Py7Y6sHptj4AHCOO%2FiNHYjYEA2UKU2yGi95vS%2BUvyNYU%2F51IASkRsNU4oyLUJQ%2FwzOeYs7R0UYvCV%2FODOFdtg2WmLrGzzoejyvO4pj1iEvQjXpM%2BJ77Wu%2FclUmUqNCQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360df38deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3427,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 117, 8-bit colormap, non-interlaced","md5":"e636b7620f05b1289c14aaa9b9fc1159","sha1":"ac70d7c20cd3c7b436eca14724a174c9c9cc0b44","sha256":"a3a55450d8b98089c8f443bfe21f2c2eb6e40a5e70bcee2f37a74ce0199d7858","sha512":"fdfc721b5d53652951a8713029862f22754c128baf307adee9afc2d63e5b98b33a4df6682c65d0c50f28a3c47cb44d0cea66587b8ae21fd9900ecc53fb070558","ssdeep":"","tlshash":"d8616b0e7504c70ae8384a9a8820fbbc7bbbc6443c766bf5939b72e60a629095345800","first_seen":"2026-04-17T17:57:05.284441Z","last_seen":"2026-04-21T09:41:48.040652Z","times_seen":15,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/qjdHftdFSzLDWkBLonRlsNqVdIE-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /qjdHftdFSzLDWkBLonRlsNqVdIE-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4439\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-1157\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QvtT4e1nipSltaV%2FPnS9c1DEDSZ1R4c72ugUIXnDgQ6BYEZGfIRtEiQlZwexeLgzZ92EP9gaWx9KRXm%2FG4O7xqoPzOGO%2BDiZzXRKn6OZ23mPHzk2GaicV0OWSJLBmZJh0yWJKw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360df68deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4439,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 86, 8-bit colormap, non-interlaced","md5":"4bf934ba0cd9788317fd367acdb9b279","sha1":"e57857f584d1abb196f3ea245339a21adce194cc","sha256":"eda14a7634d80b99337e18587a75f153006a6640360531617a2e12210940a35a","sha512":"1b869cea8cfa2ef925822a571c6385a47514969ce7443607bcc3864c104fa9eb8de72522a3147195e60b1445d53395149c4b85bd3b1dff0865a89e63ee2916db","ssdeep":"96:JzSKgvh29tOdT9dHcHFlP04hztk7TS+Q3nOaJXybgltO:0DUQdfsAw4i3llI","tlshash":"a7915ca5f2025bd08f06f098a423f4975c94e58045c38f9cbb06ba59f43bf44b82d529","first_seen":"2026-04-17T17:57:05.310431Z","last_seen":"2026-04-21T09:41:48.047852Z","times_seen":15,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/246eb87d3844d339d667e381fe9018ac548c6719.svg","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /246eb87d3844d339d667e381fe9018ac548c6719.svg HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\nage: 2673\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\netag: W/\"69de7010-102e\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TZkdWXB63pUdIdihuqs7wKsRHhDi6hG5xfVLL%2BEE%2BJnfh5Tbtr2RH9gzv28Q5lCy2TiGBIxWDoORfsMX59G3k0xRFPlmEfIjkbMCitx955gK9FWSJeKBVo4mItXS08L1MayrrA%3D%3D\"}]}\r\ncf-ray: 9efb6e37ee588deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4142,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b51c044764319e4b98c619e86b772f6c","sha1":"246eb87d3844d339d667e381fe9018ac548c6719","sha256":"20f2499514fbb3fc583b9697571dc14240aa73c6b8a12bdaab9f4ccb72ae295a","sha512":"ae8cd19ba6aa63e9404679593db63de3064bb993802d23f76d80706d3e1e5528e6a443d1d45d4849f47575b571536d73d55324b550794145b89b69f0e0a2e6c1","ssdeep":"96:+5NLvhc7Mulzle+4zi4wwMeRKCKAWAto7z+8mlOC64:0Ntc3lzle+ipfaTD7z+84","tlshash":"428101fedf6c60f4d008b396d3a3056d65afd8a94a138f66c28d5e5aa941c0cf0298f1","first_seen":"2026-04-17T17:57:05.281143Z","last_seen":"2026-04-21T09:41:48.056527Z","times_seen":15,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/xiOrX3Hm0BOOIvxBzLbWNVAvRE.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.869Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /xiOrX3Hm0BOOIvxBzLbWNVAvRE.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 9573891\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-921603\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-9573890/9573891\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mQ%2B%2FsCCUkDUp8TuvVA4O2IbbkssYs30Hl6l5uAqIXrOcUcLtrFyxYktTJ9qrYo4Cr1%2Fky%2FsMWXs7eKbM1nR9zXZYTAb7YkzOj%2Fks0%2BZgwiu%2FB8Weg5OThOWfdKkhrph%2BhV1Sbg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e6d8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9573891,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"19b839a294adaa2877ceddc2acbe0b37","sha1":"dbce8b28da9a8907a3ab5cd82d6a398f07337b11","sha256":"df5877c946a7d0b007dd47153d24c03764ba8e2ce4bb4b115e97e0ca800ce2da","sha512":"5d1aae99b9ecb03fc5e7875e954e7ef28166d983d5bad9927be1f27729113bd1d3890359f8b210c7e23d1142fdf4fdcfc8e11305c3eff3ee56f83b589159a818","ssdeep":"12288:wE6xCheXo8hQTvE8I+k2ECyCodliiINljE9G5ppoL+E5AMLEssUeSX3bC1EwPskf:gwKl1l2ulixE91l5A9M61iNK8hw6PAYM","tlshash":"bf2523bceed14960ff80fa7d8090d425d4e0c992ccd6d92b358e1b450b7a6d20baf6b5","first_seen":"2026-04-09T00:19:23.079159Z","last_seen":"2026-04-21T09:41:48.058027Z","times_seen":16,"resource_available":false,"data":null}},"time_used":3386,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":3374,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/4ba42seEpWNXWYDrn2HDy24dCdE.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:02.254Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /4ba42seEpWNXWYDrn2HDy24dCdE.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:05 GMT\r\ncontent-type: image/png\r\ncontent-length: 2979\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-ba3\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2676\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iqaUN7ZhJeouZvvi2SLzBeNIEWDgz3fnbq3ktzm2%2FMDARP7YBcKce3B8EoGeLMsEisccmTb5apPXY%2F4mwt1HS%2FNAFtgghMmEaU7jiqHhUpH32B8wsvsPayJUQ2dHXa9WXE0wBg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\ncf-ray: 9efb6e534a008deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2979,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 800, 8-bit colormap, non-interlaced","md5":"19c34f309eea3df3e07d63a2e2c2b04e","sha1":"17822dd1a6cc558b7e122eb6dfb52f4cfe71227e","sha256":"8bb5c1962650ef43c4a1c34962e2dc6e8c1d877b965e868c7c692f4c85467ab2","sha512":"d881c3135a97a395311d1678b4994dba77b3a9b09c7e564fa9104ca296dab230bff86d67aa9b3ec41ff3059127532b30edef1dc4c6aacb6d73640488f7e3f230","ssdeep":"","tlshash":"065194d8da924913e2f844bd21050a43c52d35ef0423658b9663bebdba4ac8ff11e45f","first_seen":"2026-04-17T17:57:05.271681Z","last_seen":"2026-04-21T09:41:48.068346Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2918,"timings":{"blocked":2909,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/ugFBHvE1Lp8kyYzpFgbDD6Pp0.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /ugFBHvE1Lp8kyYzpFgbDD6Pp0.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 493338\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-7871a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-493337/493338\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mcElsZpwRo%2FLOVFBk%2BQjURZhwas%2FQSgMhUdUyubPEcLkWJdTlNcC1ZYkOuitHfoGjf%2Btt8tsYjrwKi6SkznC9YtxR%2FQellD39JDYmhWImPFuO5AdJQYdJa%2FO5t6qGO88IhIMKA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e738deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":493338,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"c1de8514d1f2c3f0769ab026242920cf","sha1":"ba01411ef1352e9f24c98ce91606ff0c3e8ffe9d","sha256":"4b56704e96cd8f3dc9d8d795587a1bb595536e1c98246410a64340313f8c6ab0","sha512":"6841eb124cfd15d18d160d6d2c38c1344b1d4cac34438611a5ee06601ffa55d0903adfc2d66659b6b52b6bb603f8305cc0dce1b9705d6e31b95829b4de0a1611","ssdeep":"12288:Y7F75CpwLYVMdqLM7CRrk3baja9EGYSrmH:YFV82dIMei3bqaOGpaH","tlshash":"0fa41254effde38bfc73c67585232e891f963740247eabb263750d94605987b8809a0b","first_seen":"2026-04-17T17:57:05.291223Z","last_seen":"2026-04-21T09:41:48.059759Z","times_seen":15,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":31,"receive":123,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/zmiw00Qbg2m3Cy7Dife5BSwbo4w-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /zmiw00Qbg2m3Cy7Dife5BSwbo4w-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 5437\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-153d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VetKL7GswFJxs4fZPbZLiAGAH3P3KqFkFRkesixPmcXAp0QKzOSwxr4i2FPSSYKpc1ib4PVr%2FJQa4A3SB3RxYibPoyTUBvFacjpIEwW7ZNUWeZqGn78et3iZyXs2%2FxhhwrPVZA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e361df98deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5437,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 125, 8-bit colormap, non-interlaced","md5":"ca4df88edd71699a1df06004a8f6f28a","sha1":"c56091ffc8020c520bdfeda4fb84c89dd9636351","sha256":"794d241a0c89e94f70b65d9c1cce4b079e156cb41590fa4a9290f13ceef9953c","sha512":"9d84370b842422ec1d14e50d561d721e29218ad11a06b8680ba9cd5799b17097d03bf41404b023e15afddce3ed857c1b46b0829932f45b0de2f3cc2362bf3e52","ssdeep":"96:lohhCBHoab1wdPFdR2YbNpXsZLglONFtfl8ldsh2vHJwQ5YibcKJjzcCH3zeKq9X:e+BIab0tdR3BpXfm8vshmptbbXXzBq9X","tlshash":"1ab18e84dab61f840c57aa24d704d1f8b1f1963d9f07e8d975583af0c9441ccf25caa9","first_seen":"2026-04-17T17:57:05.293475Z","last_seen":"2026-04-21T09:41:48.088166Z","times_seen":15,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"framerusercontent.com/images/4ba42seEpWNXWYDrn2HDy24dCdE.png","fqdn":"framerusercontent.com","domain":"framerusercontent.com","tld":"com"},"ip":{"addr":"52.84.50.61","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:02.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"framerusercontent.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 16 Oct 2025 00:00:00 GMT","end":"Fri, 13 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:EF:AE:14:9A:1C:B7:8C:AB:DF:01:C0:39:9E:AE:49:90:E5:84:94","sha256":"B7:E9:B0:B0:73:ED:29:A4:09:64:FA:77:EF:60:53:32:51:10:08:95:FD:7B:4A:69:60:51:6D:9F:AF:31:9D:5E"}}},"request":{"raw":"GET /images/4ba42seEpWNXWYDrn2HDy24dCdE.png HTTP/1.1\r\nHost: framerusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: CloudFront\r\ncontent-type: image/avif\r\ndate: Sun, 05 Apr 2026 06:08:14 GMT\r\nx-amzn-trace-id: Root=1-69d1fc4d-466591057941aa2424638c44;Sampled=1;Lineage=1:f456f256:0\r\nx-amzn-requestid: 23516076-d060-4c15-a55d-3fc859756fb2\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-xss-protection: 0\r\naccess-control-allow-origin: *\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: deny\r\ncontent-security-policy: default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; report-uri https://framer.report-uri.com/r/t/csp/enforce;\r\ncache-control: public, max-age=31536000, stale-while-revalidate=31536000\r\nx-content-type-options: nosniff\r\netag: \"fec937eaa3f0e4bb1c30de1ba32d728b\"\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 a82071c7a558f0fabf37ee3b940ad600.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P3\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: _HZFCobNBJfoZXKa3EYU7_rkWdJe-pbO9LKlzXcUFF-I6jTagOPxfA==\r\nage: 1395171\r\ntiming-allow-origin: *\r\nserver-timing: cdn-cache-hit,cdn-pop;desc=\"OSL50-P3\",cdn-rid;desc=\"_HZFCobNBJfoZXKa3EYU7_rkWdJe-pbO9LKlzXcUFF-I6jTagOPxfA==\",cdn-hit-layer;desc=\"EDGE\",cdn-downstream-fbl;dur=2\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":2275,"size_decoded":0,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"fec937eaa3f0e4bb1c30de1ba32d728b","sha1":"356e78771aa838b6e8974acdea27a99702b12cfa","sha256":"90e2b4a53095bda634285634039c7bfdf5138a27f9f0e6d36395b71307fc1a9f","sha512":"10917adba11ca44b76ea746efb5038944d640d1f26c9d3e918bb0895b213d99a6795adbb3c7aca3188b88b67ae702d8f2cb8f8a441700530ef6789f91853dff2","ssdeep":"","tlshash":"4a41090843616816e31c1fb5d10d8a313230b1796e697edd8552b118cfae8c2ec99d64","first_seen":"2026-04-09T00:19:23.081314Z","last_seen":"2026-04-21T09:41:48.064748Z","times_seen":16,"resource_available":false,"data":null}},"time_used":2929,"timings":{"blocked":1999,"dns":912,"connect":1,"send":0,"wait":4,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/2hcMZqCZYI3S1LEPGFCOZLg.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /2hcMZqCZYI3S1LEPGFCOZLg.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 1855\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-73f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GbWxPtkOMBji8FFSETGlfHi3l5VGE%2BGLNxfXybj%2Fzjirzgzt3i%2BObQ0Hw6s%2B4Dit%2FBWytPXTpt2%2By0RvbhZtXz82w%2BjlhILGE6N07HYwwJ8UtdttZrYTzAbzOtsw18btq02kgw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360df08deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1855,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 401 x 102, 8-bit colormap, non-interlaced","md5":"a7edcc064db61300e03489b8ab49ad59","sha1":"c460f5215011a95f9f6b4f29f8db2e8663774fa8","sha256":"f864797904687ccde65d0904cd61fc558af5ee9149419d25a2d2af436e9d6039","sha512":"fc6fd9e8c6d1f77a75cf0d8fd286365570c7b4d0295812956b50633389271958a107a04e96413433ad86746eed48748eccd50b405de8e18dbdf31e0e3bf77193","ssdeep":"","tlshash":"6b3109d936a8bcf69ce87e71465830651f32ad944193122d8880ba3062f1d4c8e0fba0","first_seen":"2026-04-17T17:57:05.274883Z","last_seen":"2026-04-21T09:41:48.055127Z","times_seen":15,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/index_1.html","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nvary: accept-encoding\r\nage: 2673\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vaWTjrrEWHVQ2KK7Xxn6xeQ%2Fkb41iu0j3QoTw6bYUQjSa8Osmn6xf5xgnFg4tnd13g5%2FlqQpChLI2hgB2LxMEwea0V9PX4EBa5MK7Wnjy9A3V2u5nIwzeUOj4AFwoA%2FDBuK6IA%3D%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e37ce558deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":486,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"196116135c85575be93ff48a98e1f6e8","sha1":"1b94c306512197f6c88fc5f63f3c917721319ed7","sha256":"ddb701a3b46c3bdbebf58bbf45738b153fd037a4e464470d0e8ef420d1b9b69d","sha512":"73a8eaa25c0c1f17c9da807cfd7cbfd6437f6a0584fc250dc232f89514bfa69d62f1053c02364b982809618c168f98bbe93378024ac206ff099b1654510baf1c","ssdeep":"","tlshash":"11f0d453d0d0842d046386bbdd80b1880e6ddd2cfb71a4d0bec9e65d5cc9f74c66e154","first_seen":"2026-04-17T17:57:05.307227Z","last_seen":"2026-04-21T09:41:48.090615Z","times_seen":15,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0Q5nw.woff2","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0Q5nw.woff2 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 48432\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-bd30\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2673\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1jQXFkQkAtL4%2BRez6SzPT2TFFhCSN6kM4USB9SDY0j895rfPOHXXjYWIhmS3efDDXo6u843o0svsqHP9LRjO1o%2F6T2YkUjFOU0wiUQ6kpBONUsBKDlwyprykJlR2nt7OjZ20CA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e383e678deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48432,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 48432, version 1.0","md5":"65850a373e258f1c897a2b3d75eb74de","sha1":"1dc044f4824fd5af6bfed67fee48be70fa069f3f","sha256":"c940764593d0fe5d596be327ca7558855e018039fb78509aa21921fd3644c3e4","sha512":"df2683f3dd9724de589451a47bc608c9925d54b874ad97b733dd465ef41f9db75e9e31604762415c2fc1433d050e45fdefc6ecd7ecadf58d1243d9ca5f4bf74b","ssdeep":"768:3IkDHBYoX5Pi4JxTGz9CDR0s1ROSsA8mF77YNt7wFhVq9oN2WfpdqWjBA:tNYoX53xTl/R8W77YNtUFrWoUWvdA","tlshash":"56230251f5f8624a7fc3003fbc317bd862909fe5996ee5d91288f30225611dd29ee017","first_seen":"2025-05-30T12:57:00.85385Z","last_seen":"2026-04-24T08:24:55.340115Z","times_seen":41344,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/vTRD9zMVBeKCbnmQ2hzMsjJ0XdA.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /vTRD9zMVBeKCbnmQ2hzMsjJ0XdA.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 3238406\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-316a06\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-3238405/3238406\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gx7w7KEUD5Z4hqKk1cT%2BRnW9s0SsTsYsQdSbaBu9cUQXN3DJt0xAfvkYPb5siDg%2FI1tYDrFB6DOEmWWSu0yyUwmKdW1B48YLhLaukCheAOUjQLi9JzHQSYVPP3pdw6RxzvV8ng%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e708deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3238406,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"58a69d12eceb8bd5c2b9f44b0435d4cc","sha1":"8eee516cc1c98aaf4928a5e07aa1f3b7a9d7fce1","sha256":"6803373d06bf6992e785b4d82b23e5c10e43233ca82a7bb9932abe276afb4da8","sha512":"fd0b35d43f8b39c4c680b656182580a3a8e2f60056e4515ee058c270f6d4169163137d83c6ba4cb9c16181ae57810d2cbb8cfea1c7af26b715938f68fb6645b0","ssdeep":"24576:eoNzfoCDQq75A4WktEzBX7ssVGtIg/Ig4DAuSjTRgbEKB2v:euACR7sZzBX7zGtIC4jbE6g","tlshash":"1b2523552bc68d04ce742a7398f46b18b325f5f8859b03dfc05da47cbed23a61dda242","first_seen":"2026-04-17T17:57:05.303002Z","last_seen":"2026-04-21T09:41:48.067785Z","times_seen":15,"resource_available":false,"data":null}},"time_used":749,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":727,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/secureproxy?e=jscdn/getFile","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:01.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://saturn-credit.com/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://saturn-credit.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"svlxx3h7lc5htno2ykk6\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ac4mZIvgKkSUCI2YTsB5lr49eglb2LvcjO9wpoWJyIW8pJvSfOuDzREuGmFXvebw7k6zWCOJNAhXRKaACWEbvnC%2F9A2GWfcP7U9OBpJlGdrL1y2wZefKUQALGXfrBa1KLO7nLF0%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e39ceab8deb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4697742,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"145cfef52f4ed36dca863488341b969d","sha1":"2867a9ea747ce20389c3dc21858af96211b11c26","sha256":"ded16c2aa79d92b84c190d956c36e0401c17e769c5296309e8247b5d8308afdf","sha512":"6fb3fb58e11e5fe4e5df3a600a2f969f4631f88addf6257e6f1edb5f9896d15101f598574101b5a18ae7042a3190ec45ac846813521c2464743701f8b9ee8d2f","ssdeep":"24576:Dpb/YWmLkwsOukzMSPbg+lsVo5/Cr0OSzcfUjeQ6SI51Y:DlGkwdNZngkvGC","tlshash":"042523d2bf5b643ccf2c09e8816b1d0e2c854c121489e6fee655d84732d9bb052eba7d","first_seen":"2026-04-21T09:27:00.255919Z","last_seen":"2026-04-21T09:41:48.06035Z","times_seen":6,"resource_available":false,"data":null}},"time_used":862,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":320,"receive":542,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/0b0342bb2976dba0c999d5729242d0cc00e2574b.svg","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /0b0342bb2976dba0c999d5729242d0cc00e2574b.svg HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\nage: 2673\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\netag: W/\"69de7010-1a1\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ld70XRryi7qPKqy2YAyGWlBeEilKHHT9PabVev%2FyNsFhBhCYSoa3T6uKhYbkKg%2FHds6wMsg7qOoZ83i0jkpV0xh4NLJGyklaAC7ZDzzMZQXI5be8n79oHjcN0GaOb7OamOnA7Q%3D%3D\"}]}\r\ncf-ray: 9efb6e380e5e8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":417,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b50148dc910a26ff8925d94e391d2c80","sha1":"0b0342bb2976dba0c999d5729242d0cc00e2574b","sha256":"99f2204c4e0bf2724932ccee9cd8dd45a12dd60bbf7e7a75288a43fb5ce34794","sha512":"dfde0029a22f293b128f8e53d66992716da2ddb35973436b21cb6966c63c3fb51976ce7070494e5f18f31d3ce2505ad6581075eaafbfc7da179d23f6a27b3fe7","ssdeep":"","tlshash":"8be0abe3cfac1863ff05242be6189603820a54c7040942d546893b12f0394b97e75286","first_seen":"2026-04-17T17:57:05.300842Z","last_seen":"2026-04-21T09:41:48.04949Z","times_seen":15,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/834fc1ac717e763eeb15fdf19d4d8fdcc6b8b1f0.svg","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.803Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /834fc1ac717e763eeb15fdf19d4d8fdcc6b8b1f0.svg HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\nage: 2673\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\netag: W/\"69de7010-48e\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6rRVFJsxBePeosm78LqCtJHa1pTJNyrupIUcSXrG5c98M4ZmwdPeh%2BsM7VAE%2FeEwm1H5d%2BUq7jazJmE79ZTIRlkI%2FXXo4Y30gQza7s16DBFYGLg9jQYjeIMF5gsVP9avUy6ZVQ%3D%3D\"}]}\r\ncf-ray: 9efb6e380e5f8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1166,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"38459bc29ae7cc048681231e13a57778","sha1":"834fc1ac717e763eeb15fdf19d4d8fdcc6b8b1f0","sha256":"56bcedbb0ebe3d3076ba70b22db2268079c1e01868849e75f32c6cf45f56f5d0","sha512":"19a00715f63690c6dcb230cb8be2a5fca169ee4271de40f42b7a5184b70bce1deef0c0a52d0aac2ec4a1adc8ef1f6ecfaa4b08c231d8b84f9922734428ab84a1","ssdeep":"","tlshash":"542198fe4b3a52b1604b5f46ff7720aa906f50b28fe489c9c06d5e8480b6ddada55840","first_seen":"2026-04-17T17:57:05.288015Z","last_seen":"2026-04-21T09:41:48.057117Z","times_seen":15,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/css2.css","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: W/\"69de7010-233c\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2674\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pQ1H7YLrhbJwo3gezoQDWS0E1kBQCZyH2Khb2ohmSOvDr%2FKcs9tKMGEEGbFES3YllbYVsr12EstK3rKhNsDux%2BSMiHelAKFnqlOEBq79no9nf5P%2Bhh%2FZrLELNdS3D5f37dSwWw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9efb6e35fdec8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9020,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"abf82b7f8fc0d5e236064235fbc20530","sha1":"ff166ae132e22e6bbeb4452d84e9847067db83c5","sha256":"d382587a383da70e1d78e7e728cd03e754fcfeb941c0d010a964a2d7155847a1","sha512":"fc0b47fcbd06e5538927422781f87021afc0b31c932d3d5eab361690270fae12507832bdb51201b914ce38ec3faeb3df998d87f0a8d63dd00185aaf42888b442","ssdeep":"192:9ENb+D34nQDw6EO09D3/AQ8wXEr90D3i5QlwwEE+bD3RKQGwj:aaQdZxU8a7TTj","tlshash":"0d12cc91002b6400d7a71cd227cf3f3a6fdc60586449da782ffd0d8a6ceada953a1b5d","first_seen":"2025-04-28T11:30:39.890168Z","last_seen":"2026-04-21T09:41:48.086224Z","times_seen":41,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/9APrTzSMm8U5vR6UzzbpSQFCk4-3.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /9APrTzSMm8U5vR6UzzbpSQFCk4-3.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 556\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-22c\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8WWtadqw4lQcBpmgFj8py0EyyjqPFIGpsFHLBu%2Bvl59BZjRcrcoBNAjJ67Vuxb4JwaIHTQakdb2LXzM4uthV1FNj8ugqf8wyIU11XMN8vFEByLc%2BL5r%2BJGo1KFv%2B%2B5mzo5gzGA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360def8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":556,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2048 x 23, 8-bit colormap, non-interlaced","md5":"488b8b9c95f20d17e86ed4ccad64c253","sha1":"91e422b2bb2c20b717ba44e0e95102116f684a12","sha256":"9fc3cd32b209c8f1ea97faae313554e24436128aa11408d75c81307b6b8ee596","sha512":"8946ee976a49d3a476c530b06e651fbd68c93631929721655d12453693ec189736ba7e3d639d259e05efb2c8f243221cb9479d2003306324376c44bde88b80ee","ssdeep":"","tlshash":"8af02be303425cb5dc58147508374771663aad37a541d10b6232f6295f727d0561b142","first_seen":"2026-04-17T17:57:05.304884Z","last_seen":"2026-04-21T09:41:48.04691Z","times_seen":15,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/main-7f8b9c1d2e5a3f6b.min.js","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.490Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /main-7f8b9c1d2e5a3f6b.min.js HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: W/\"69de7010-11340\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 2673\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6AQIgcqHrikU0%2BE6snjn2cji%2BFSi6qtPDoLueEg%2B5X9DgV1hwWsKgYF8%2BZ8PM3%2BWLv6Edu7whI7UqhepP%2FG79MUeWHTiGdKpxNVVXC6bw8TM9WPibXrjLxzEUNGJs0PN4dMp8w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9efb6e35fded8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70464,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"59e7408e947111bc63fe7354d37035a6","sha1":"a18c27f69aaa69ca059026257f3b3f8d2e7f98c8","sha256":"d12317a02bf0dc0ad7d8b86bf587ec9a475eb21f4041506e3884bd8bc32593ec","sha512":"6d1cb03d90c0609e9ac46dc448052fef7a78ea5a7b7a7143f61d899f18a4c30be27df59fbfcf698b1f5bb8bbeca065e594939c7711589784c22250f7a03fe18d","ssdeep":"768:PAbVYcdqfggXs3EPIHtucNbjW4Pv6MnTZh3bBVgPj82W3cq7cKch50sbWcWFwcfV:xfN83EPIH9GC6S1pbBiP/qouPGyfr","tlshash":"8f63a8d6680ad4e68d5524cdd437fc09e0688963ccadf053e62cedc5b81ef69a44b23b","first_seen":"2026-03-24T12:03:34.920424Z","last_seen":"2026-04-22T12:27:18.093563Z","times_seen":44,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/5XjA1WEOMYUiLo9jcRSm3LuOL0A-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /5XjA1WEOMYUiLo9jcRSm3LuOL0A-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4102\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-1006\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gjiza6l0He%2Fbj2ytsAZR5kQ3DpS1kDTQohbOISh8sBSNAeLWdkVLe0%2F0IAuiT5VZg3abiQ53okNxiGxhzZxN46EB2PzXg8bjeFQVqtkFrxscukbhTIrdLqWG08FEtaY7RKQQTA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360df18deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4102,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 89, 8-bit colormap, non-interlaced","md5":"0110d744bbfc60612865af70776c56bd","sha1":"f3d9bb8fcae3f6cddac4ab4f2a3db567b978da98","sha256":"0716d7cd4ec8dfb2242bc28551a5107b3473478066c64a477f2143aa4bd62257","sha512":"892b82ef767e29cf52e8fdd52bb970dcc7a78469cc25949a6aaef7f8fd861e38a9205c0a29ad3170d5c3bf9e5b46de987e473e1b0602ba392006bda621656b55","ssdeep":"96:6A/uDyM2KH9biqNCvt6JyU/V+m2AXI3QpWyWPb4/5Iv3keKhEz:udtdi16JyUtl2AXIApRCMh4","tlshash":"8c817de0b93606da435d437281700ad0caf4aa1fc1ade8bd5ae3c164fa91366267c81d","first_seen":"2026-04-17T17:57:05.306079Z","last_seen":"2026-04-21T09:41:48.082125Z","times_seen":15,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/CMO3KP1YB8FtzFN4wWI6PX6gX0-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /CMO3KP1YB8FtzFN4wWI6PX6gX0-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 2815\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-aff\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BM1mNL%2FH%2FuAcUv%2Bfq%2BS0lxmO86w1TBML%2Bax2EGnYCnlNbrKtBMpwViwZU18MumMKNEZ2r31Ks3s6pTCR3C7nH2jv65IJFC05PMnRaNWL85XNxcGctf%2BwASzIYMl4SdY8ZY2lVQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360df28deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2815,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 63, 8-bit colormap, non-interlaced","md5":"669b18b920034bfabb665d96a6e25b34","sha1":"6f0c9e27e5246382f53d9121ca953c1545a9eedf","sha256":"b064c35f652ca2a257f7941d3a2e4cd1a1a4dd6992a4589309142094f0c7f329","sha512":"3836866b366951ba154aaea2769046aee9f26d52c847bcdd834cdf301040d4ac31320ef2849a8e30d5fe27ba16a43ae3752a612e0fb8b10330851c5050d3f479","ssdeep":"","tlshash":"38515b4945de2dd1800a92425a4e9087673d6ffe05bd8076a043b3eac3a20526bd4fe6","first_seen":"2026-04-17T17:57:05.278293Z","last_seen":"2026-04-21T09:41:48.093414Z","times_seen":15,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/ipT9kXz6kUFUshTOfowQHlK2HKU.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.518Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /ipT9kXz6kUFUshTOfowQHlK2HKU.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 13302\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-33f6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3IzBa8j%2BcfmazTnVsw5ymte64ti3IHIlkBzV6wtQ9GWCmSGjr4hGZ4f%2BwbABMIfxtE6obH46I2uTIW8Am8z%2Fy5K15CJYyrctSB0wQYmT83doVVsyO%2FeUbSQNRxLYI0AiNtOLrw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e361df88deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13302,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1911 x 1565, 8-bit colormap, non-interlaced","md5":"d5aaa18cf6c75ab714f054af1a768b86","sha1":"5d59dff1b641c5d60e8e952dc3ca1c10d782df29","sha256":"894221d9d6ffd89c20a5d765d28b745ea64e13a9e137b381b6d4b852d8097439","sha512":"0382d150152ca26304515c462836782c623a9911e6ecf0d6f232ad8ad588855dd05af896b7529cd8d4b58fd457739585211b8d93e8dfdee7344b2952e70e9909","ssdeep":"384:z9U80qBjefD3ptBPPn3KYd2Qxnur3SsSrC7no:zBjkD3VPPcwM3GQo","tlshash":"c1523a3d7f98ab468a6cdb09338ac13753aa39fa4a10c54c56311b95982718e4c8f7df","first_seen":"2026-04-17T17:57:05.277156Z","last_seen":"2026-04-21T09:41:48.041853Z","times_seen":15,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/9c4qQgEgdG6T0Cw2DZUnsfcjxU-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /9c4qQgEgdG6T0Cw2DZUnsfcjxU-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4735\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-127f\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2673\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1MLzp2T0F9Ro%2FnwHINBAVicljebh%2FGTrqmX3zw93TqBL5OWWhwpHxdrP2q9HgY7bRWPpaIubQpJvLxqV%2BRTl6ho%2FSJpxuPewBFpzLilEGczn8YEkCdgjTYnyAJHa8CU%2Bdh7Hkw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360df78deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4735,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 105, 8-bit colormap, non-interlaced","md5":"85ef72020fe454d93171068127e65cd6","sha1":"4bdb1f407cf11a66e4f9e285be85965ae8768c17","sha256":"c0d65d754dae59e682391d563617ddac3c9d9576c1ec30cc32cc871f599ecc9c","sha512":"25e1af47e25b6a9453e54b3909c8c87c72df16948a0603f1d11e2bd4aa64930e809b7ee3e04a9406573f46c7a6cf74bca4457f1cfc26970a346dd1fb4a79fddc","ssdeep":"96:lkGgstlkjfKjsMirO7kytjzXpviy3qgDDTaVWQauSeJkApI0O988yMJvS0HLh2KN:CtzjfKQ1W3pXX6w1QakJkAh8yMJqO9dN","tlshash":"0fa15d85b224c96f1b7642ecd91c0fed6e9b905d0a073f88e764e234cb8b24657eac45","first_seen":"2026-04-17T17:57:05.276118Z","last_seen":"2026-04-21T09:41:48.083271Z","times_seen":14,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/24a16cebd7e30f6458aabc37a83b37cceeeabd4e.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.539Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /24a16cebd7e30f6458aabc37a83b37cceeeabd4e.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 2388\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-954\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1OwvjKDEjm%2FUB8O%2BHUWF48N0hJEnEesh2gJQcQMuUlhn5vrmhjJ3kwrJNUdZ1et5ZRubODwf4xuMJJUIiTYOQQaQiAaYGxF0HMBD2ht%2BXKc9sE6Et7mTIfI6Ew0jc%2B5uc1JiDw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e361dfb8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2388,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 78 x 68, 8-bit/color RGBA, non-interlaced","md5":"a2baae138966c94954ebc32cb9e8e0a1","sha1":"24a16cebd7e30f6458aabc37a83b37cceeeabd4e","sha256":"a9b23000d64c8f88f3b58854ab92bfc3e1bd01c3972b75f6f22b98d9a356584e","sha512":"3dfa8b76995d907be13b0091cf2093d2ebb54ac9fb67aa828d3f5638610c77ac3d04e54c01093830738d9d9ea3e4349af52462399fdc447410a1ffa03d7ebca6","ssdeep":"","tlshash":"be41ea991ef1a5b2e1d426b14dc6424609b38a876c0eb0c37bdd1d532fcec2421ab7cd","first_seen":"2026-04-17T17:57:05.279222Z","last_seen":"2026-04-21T09:41:48.052714Z","times_seen":15,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/06819da46a119a541dbda36e9a9eb47a68ee89a4.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /06819da46a119a541dbda36e9a9eb47a68ee89a4.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 142171\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-22b5b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CF8OF7BhHpWDVv2faD2eZR8%2Fi80cH8GTBJVoIuK1UEXo8bjn1lJ%2FHVrekplLurvZMirOPpxHYXZzBaTBAvorOb3TCCUP%2F%2BXV27nbfvQKWXdkbB5g644E46PsgUByIx7zF2NdvQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e361dfc8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":142171,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 776, 8-bit/color RGBA, non-interlaced","md5":"22b70ab1a57849b2d9229ea5f20e55c7","sha1":"06819da46a119a541dbda36e9a9eb47a68ee89a4","sha256":"b66c86f3a8fc126a563f582f85ec7e2bc36a4608d33b81e0777401114eed2818","sha512":"925f53ac647440f879a67709f1611dbc4e1b4173be31cee7014417417ed6225bba69c61862d6cd2a48ef04a2bf6abb6c723cfd387af6a975c681c512aab80c85","ssdeep":"3072:UOrY2fP7LgFIvLtU3JffWuVpnLQhvqTjv+6i++iJWUnhJIJ/d0RuYAS:UOrTHgoK38uVVLDn+nwnnIddrS","tlshash":"9dd3132ee8c062716d0d1b7e84c97c73050aedd7636aef3d4e3054eab9348923ba5547","first_seen":"2026-04-17T17:57:05.28014Z","last_seen":"2026-04-21T09:41:48.053686Z","times_seen":15,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/XA2jRx4yl3Tiagfd8HGdR0q2do-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /XA2jRx4yl3Tiagfd8HGdR0q2do-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 3320\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-cf8\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6HLUAMaomo1JncbpBtRO1nYqiR8l%2Fiqg12kEcGf81UuLhr7WWTdUE%2Fte25HWmEqlE7JUfNLFTKu9aGgANkx%2BF3gMG7xyKaa1xiw6sPPIT9mnl5WF%2BMuPmjPysUB5lMDzZ9a7Eg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e360dee8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3320,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 116, 8-bit colormap, non-interlaced","md5":"eef55db54ebd4db679f14bc4ea14aacb","sha1":"b382422f4332121abe1a870e1a51001018d0cca3","sha256":"3e76edd87ba977f7ebf1ca1e7d4c6e048a0447ebbc0efd0b47252fe29bac81c4","sha512":"24c5b83716a195a0b79c99fce62de67a18e1b792f08ab70515328ce57de6596778f8606a686598b8ec9410bfa510e5dd90c39f620fbcb01768eaa702c635cfe9","ssdeep":"","tlshash":"24615cbe684d283e8c2913976322855793a38e8175e3b9093699b3214c397ef118df17","first_seen":"2026-04-17T17:57:05.294774Z","last_seen":"2026-04-21T09:41:48.087222Z","times_seen":15,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/vxgFDXd0r8gMnE88UllpGOBzQI-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /vxgFDXd0r8gMnE88UllpGOBzQI-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 4749\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-128d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6BwNIQ4IJ9%2FVM8OhPbYrinvYJzJckZENOYg1o%2F%2BVaMzn5Mn4y%2B0plFoy8zuQwEwWlRHLiAIkGAUvDF%2FrXOkM7o7N9eoC4miovwRithn06baBY4TpXtEoLTl71r37%2F30zZpRB3w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e361dfa8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4749,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 228, 8-bit colormap, non-interlaced","md5":"17217f3d0d6b5e4e945c7e3e6e1680b4","sha1":"dd0a132fca275df2a8e41bd9a159ff96a52a26df","sha256":"a32bf11494867d5365a0c9659657f36d305be213f4ddf031fc5bc2bbc29f7a1f","sha512":"eade1a623575eb0f4684866e276156b3f62991cbec0b9017ac1e80ff46f7891cfbe5da667cf3f83e4348d8ed092c93f11f089072608197da49c4909de383f3cb","ssdeep":"96:Y4o8ryQVEBgv+rXj9IYQXRwUhj5od8ltQbfjlEbM:Y58hEBgKj9tgwyj5w8zQ74M","tlshash":"55a18ea6f0d493c61765985c579f2e785b8bd3a03a533f81b1210532f543581cfaf25c","first_seen":"2026-04-17T17:57:05.299305Z","last_seen":"2026-04-21T09:41:48.055768Z","times_seen":15,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/61fdd268a7b95706c26ba67b0e7831366cf665c4.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /61fdd268a7b95706c26ba67b0e7831366cf665c4.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: image/png\r\ncontent-length: 2297\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-8f9\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\naccept-ranges: bytes\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nlwBHJsyuFmRX4uo2MhyZvgDO6qdgS3vYd2Rce4MoaJEtiI6xdI9TM6hQzcjMb4qKREn8TF4BgybFSCsNXzH1GST59linUX6MMnrbyqhcBa4jM0vTVLnceTz%2F%2BEZ79qEUDPATA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e361dfd8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2297,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 82 x 78, 8-bit/color RGBA, non-interlaced","md5":"cfc3f805b1b7bfef518b54617dbdca36","sha1":"61fdd268a7b95706c26ba67b0e7831366cf665c4","sha256":"39f32bc8d98f625908b59a56f97fed24ccead48af0466cfa3be6da0de022ada3","sha512":"be675cdcd973541025d053feeaaef97580f8f65d7eb45a703b887cccfc06c128ff01b1276c5d4a6166d47efdddbf54ae2d8a997c3e75849800148a6ec5fe93a6","ssdeep":"","tlshash":"ee41c6952df079e1d0d529b10dc2420a49bb8d87388de58bb3ec1d932f9d950925a7cd","first_seen":"2026-04-17T17:57:05.286395Z","last_seen":"2026-04-21T09:41:48.089139Z","times_seen":15,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/VGDTcTUGxaXIH3I5XdH90hxChQw.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.878Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /VGDTcTUGxaXIH3I5XdH90hxChQw.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 2639318\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-2845d6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-2639317/2639318\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FKsaZxrl%2F4TRPBJftAf06Q03XSLJgEuWMpQ2WkxzeZxjfROnZBily5%2Fdl5Sk6D2zBjdNISKZjns%2FczWc7BvGLtnJ7uWSX1QadFO0q9YLwo%2BS9ThRyt1VTBQsEm4DQpPuLO2B%2Bw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e728deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2639318,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"e682ce8842f8484f18a01881185feb13","sha1":"a22b923234be3b9129655c31e891f7de1e56fb06","sha256":"b72271485d4c50717ad93e7769e49e251b142c3195f9e8d710e0a2ff4e1c653d","sha512":"486fafc9e34ddaf054bf5cb5000862493e33cacb6930387896c58bee630dca0375d52662e0e66816ab575da41e874cfd9cf7f8bf6f1453cfceb1cdc5feefcc82","ssdeep":"24576:r1jyi1Vuula68hLq09QT5OrGfa7Y5XNTeZ0Y:r1RV9la6QQ9iGy+dTeZD","tlshash":"2d25233a9bd0d95becf095309cfa57002671cabae18063d7a99e25393ce67bc6dc4c44","first_seen":"2026-04-17T17:57:05.283465Z","last_seen":"2026-04-21T09:41:48.044459Z","times_seen":15,"resource_available":false,"data":null}},"time_used":534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":511,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T09:41:00.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gu9fJ2Wwl7tx4ApRF1RlU5ADMSQa4RsPlXj3VA5xF%2BEnnN8bQ3sg24d%2BykD4%2F4EEzjL%2FifbQNTfqmjSEi9aFXuhMwKgbZE7qHnU9b%2FvUzHH3UcEzEv%2FsAm6%2F8k6vUP1hF2SHOg%3D%3D\"}]}\r\nage: 2674\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9efb6e34bec44c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Framer Sites","description":"Framer is a no-code web design platform for designing and publishing responsive websites.","website":"https://www.framer.com","common_platform_enumeration":"","icon":"Framer Sites.svg","categories":["CMS","Page builders"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]}],"data":{"size":343296,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (48286)","md5":"92b62c7bcfa702204964ff0f15a055d4","sha1":"acbfa7bd3e8ac73ced10647ed4f3fb464e467171","sha256":"4c4821e49a2f32e17d5f72cb6efbd869606544f0dcf80599fe0886e84e3647d0","sha512":"396cac3cfbe14d4527220347b6540659c66481c01ece872e532a7ce23a92b646a0782f2cd5dc1007e3c9f68b34d7ae82ec311c705faf8708df8ac7906feb74cd","ssdeep":"1536:0iKpzVJVXL3eHCe+8VtedkVmVPaU9VgaTVhVk9VCw0GPFid77xWccsRzqnj1AMN/:hKT1WdcxJN9bS1+VK","tlshash":"8d74c723a155e1256cd354bee7c8e60c28245202ff33c6deb2ed516f97ce9e4266239c","first_seen":"2026-04-17T17:57:05.273604Z","last_seen":"2026-04-21T09:41:48.046256Z","times_seen":15,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":57,"dns":41,"connect":1,"send":0,"wait":17,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/TAY4XXS4KsscW344DWs5a9mBc-1.png","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /TAY4XXS4KsscW344DWs5a9mBc-1.png HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-24T08:19:35.062326Z","times_seen":14136356,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/j1dZEUcDfpOyHPUaobX2a7y3KM.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.872Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /j1dZEUcDfpOyHPUaobX2a7y3KM.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 9518169\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-913c59\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-9518168/9518169\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h3IwQKN%2BZm7Scry%2FLvps7vF4ipuuS7IaZAVDCscorWUCvB53TFiY3%2BOYP8q8S9sG2YfVq%2FMMULNOOx7K08k%2FJnG2CmbP7qDlnMh0TkjS%2F4dhDqTIy5%2B8y5P5qpgJujq5oudcIw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e6e8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9518169,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"f5d557f41275dac3ff5fbc6ae7bfd815","sha1":"bbc758e9e7d86d6fab9569745e9e3c1a23eac336","sha256":"6c0e1a158a1cbacc2e65991ff2ad51488b92d8e6e185400988dc2f16a0f730e6","sha512":"c10f341ecae935b573c7211f20315c1bcae349407751ea14645d5c8636260206927806f4afad0d48b8776be12b297a9913f92ce28912130b13c2aa7e35ce79a8","ssdeep":"24576:7tnffEejTg9CILjbL1SpUSc3ScHg3rfnTgnJppC9V:7RseXMHjn1n7Cv7T2ppC9V","tlshash":"0025231ecea34e46f761f8bc91d6d526c4d16999c8e9c62b309d0401af7e0941fef83a","first_seen":"2026-04-17T17:57:05.308617Z","last_seen":"2026-04-21T09:41:48.066154Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2290,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2273,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/1DkfyAUkM2t7NpT8Xo0fkLmCgs.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /1DkfyAUkM2t7NpT8Xo0fkLmCgs.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 9554540\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-91ca6c\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-9554539/9554540\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yipHU1Qa1sX8ox6s%2B7VKWl4jSm5Ym0rRQ6nXwYmHauEoAP0hore18B1v%2BhNq8Jk26Y0sVxFaKBFp1ZYnuPytPNIw4dw3OA5bZT4xMiwncKvjY8H8bsHryzxMRwJ%2BCsW04HV4Zw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e6f8deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9554540,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"5f2f661d0356f1f62544f6028fbf4bf8","sha1":"528ca995eb95b9f3a51171510b2dcd4b21b152bf","sha256":"3a03cd06061dde0beaf33ea77b2f5e9270f34b9d79e60d919032ec7b41f453d2","sha512":"36afcecaa1a1f5590436b6767454a9342e7e533b3910452090fe3671deb17ac2148da9c0e9fdd426fe135526a8a653046a30882f8e11c0023e06c520dbc319ef","ssdeep":"24576:v2Lj9rkxjr7NoEP3M4+3ItUXX4bDeoIqU:ojKxjf3M32Bm","tlshash":"3e2523e89fa45e95fb85f27e446ac805e0e1e540c96ac82f395d06909f38bd00fef935","first_seen":"2026-04-17T17:57:05.282269Z","last_seen":"2026-04-21T09:41:48.043753Z","times_seen":15,"resource_available":false,"data":null}},"time_used":4296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":4275,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"saturn-credit.com/XHgjlIFd79btn0bYgjaekTMF2a0.mp4","fqdn":"saturn-credit.com","domain":"saturn-credit.com","tld":"com"},"ip":{"addr":"172.67.223.22","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://saturn-credit.com/","date":"2026-04-21T09:41:00.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"saturn-credit.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 14 Apr 2026 15:53:32 GMT","end":"Mon, 13 Jul 2026 15:53:31 GMT"},"fingerprint":{"sha1":"95:43:14:E0:83:F7:C7:5A:36:ED:4A:7F:A9:AE:C8:00:EC:B1:B0:4E","sha256":"77:58:C3:BA:6A:2F:65:F0:CC:EB:28:84:AC:F7:B4:9A:AD:68:F7:C6:2B:44:30:38:48:20:FE:3B:FC:63:02:F3"}}},"request":{"raw":"GET /XHgjlIFd79btn0bYgjaekTMF2a0.mp4 HTTP/1.1\r\nHost: saturn-credit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://saturn-credit.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 21 Apr 2026 09:41:00 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 511362\r\ncast-mode: default\r\nlast-modified: Tue, 14 Apr 2026 16:49:20 GMT\r\netag: \"69de7010-7cd82\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 2673\r\ncontent-range: bytes 0-511361/511362\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SNu0pfRYY%2FjtAB%2B1ByHqwFPrzR%2BlQYRyqAtmrPZokANlHbytD1bnFYkvD%2B9ruOOIqcCWlsjUrdF3z71dcwM%2Fk%2F7Jmr2mi5L56GEZVsgLHXLG4pIr84YZe31p9ZdZD7BCxy7ZPQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9efb6e386e718deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":511362,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"dffee8c546e0bb84425671d35df11fe3","sha1":"5c782394815defd6ed9f46d882369e913305d9ad","sha256":"deb3dab18e57f8f69b364e333e0bcb676992630ac5bfe85d568c47ed49a8f97f","sha512":"98d48a6927197b7097560dde5bd326e083759a1ad3918ac84311d98f6a14794240b5fa72691214b0cc31458c915a129a0c808956085e950ee254d9f2e3bf5a66","ssdeep":"12288:MB8uN22I+HP+xm1kIs9SQPo2fXz/bcXUorcI:Mua5gI2fDvogI","tlshash":"43b4126745dfda5cd3244872922ed531baf423e2c7284b52b9f3c64c226d1f69b84d8c","first_seen":"2026-04-17T17:57:05.289223Z","last_seen":"2026-04-21T09:41:48.058686Z","times_seen":15,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":150,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"saturn-credit.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}