{"report_id":"ad8916a3-74f6-4c9f-acb7-55256bb197fc","version":6,"status":"done","tags":[],"date":"2026-05-17T18:23:49Z","url":{"schema":"http","addr":"web160526-a1.xyz","fqdn":"web160526-a1.xyz","domain":"web160526-a1.xyz","tld":"xyz"},"ip":{"addr":"35.168.40.172","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"web160526-a1.xyz/","fqdn":"web160526-a1.xyz","domain":"web160526-a1.xyz","tld":"xyz"},"title":"Sign in to Coinbase","dom":{"size":24717,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (12604)","md5":"d7fd8cde88b5f19a79860147d4b5a132","sha1":"aa65572ad2997579e060b5de721dc3a594e9ec56","sha256":"cccd8c3863790192527dade54b2d2caece73d7bfe0fb2a77d55a36bafec5de82","sha512":"5d61c7c5855f129b3c834f156d07153aa12469dcfabc40ffe215001396e94f9cca1bba8384e965cfe84d545243ea5c6a4ba0577540f4fe4992240f279c51ba42","ssdeep":"384:C5hL7MC8q20cw/W+WbQ+UULd/5M9/QDxBRvhf12I4U:C5hnf8qlG+WbQZUh5M9/QDxnrMU","tlshash":"31b2f81a6570047a1c6381e9e3e5ba5cb52da1c3de3fda68b68d0110bfc6ef60c87718","dom_hash":"domhash3b85ae4a5ce0466ca4ad70e9f4f3bf2c","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"web160526-a1.xyz","fqdn":"web160526-a1.xyz","domain":"web160526-a1.xyz","tld":"xyz"},"ip":{"addr":"35.168.40.172","port":0,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-21T18:23:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"web160526-a1.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"app.ardalio.com","ip":{"addr":"104.26.0.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-11-29","domain_rank":669012,"first_seen":"2021-11-30T16:05:32Z","last_seen":"2026-05-16T20:52:16.769924Z","alert_count":0,"request_count":2,"received_data":30899,"sent_data":923,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"web160526-a1.xyz","ip":{"addr":"35.168.40.172","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2026-05-16","domain_rank":0,"first_seen":"2026-05-17T18:21:37.325947Z","last_seen":"2026-05-17T18:21:37.325948Z","alert_count":1,"request_count":1,"received_data":12666,"sent_data":485,"comment":"","tags":null,"fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"OpenSSL:3.5.5","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Apache HTTP Server:2.4.66","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-05-11T06:49:28.089446Z","alert_count":0,"request_count":2,"received_data":815994,"sent_data":824,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"encrypted-tbn0.gstatic.com","ip":{"addr":"142.251.143.142","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2013-05-31T02:32:18Z","last_seen":"2026-05-13T20:19:20.275002Z","alert_count":0,"request_count":1,"received_data":2903,"sent_data":515,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"web160526-a1.xyz/","fqdn":"web160526-a1.xyz","domain":"web160526-a1.xyz","tld":"xyz"},"ip":{"addr":"35.168.40.172","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"da3a733d39c80697cbde9bbe74ee14d1","sha1":"d4d90a6e579abef1f1a64a485d2a8834b6b06adb","sha256":"a9bf318569ef204aded44e5eefab87b905794704c548ae8caf88e15e6ad6f904","sha512":"63188acee0fe8e3d9ccdc4b9db8f7b0f93bd8227d386a7e99caeece4907c59106fbac01ab8b41cfd2b932af1dc16325c0a6905893b33ffa292cc0ba412ebd14d","ssdeep":"","tlshash":"47c0c03c24215e344083210f603bc1681122311f4d101d80b08fcc0c7c10d81800cc0f","size":177,"data":"","first_seen":"2026-05-17T18:21:40.393427Z","last_seen":"2026-05-17T18:23:50.24693Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.ardalio.com/wts7.js","fqdn":"app.ardalio.com","domain":"ardalio.com","tld":"com"},"ip":{"addr":"104.26.0.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"adae5ef4b149712625f0c18701e6798b","sha1":"fcba72b5be62a925812dc80cfb38adf12a16eafb","sha256":"f68fe8c6426ffd223b1bc8d7936dc72a2c82b581288251ea9d3c51d663896576","sha512":"ac1e2aba51b3f3ce067bcff995f67ad264014cf02033d9cb836c627068ca68d64dbc95c0e4b6cfdf901eff9853355b8ca3b9852aeabeb9c5bc055ba8abd398dd","ssdeep":"768:kDth+7fCj00m/BQcO45tdDYIBVpV20Y4FNrtdFsx3DQxNFY0P:JClqNrtdFi8","tlshash":"a3c2f76e719a9c3645e62662711f238061f6678d715e8088db34edc02f24ea6d337f3e","size":27303,"data":"","first_seen":"2026-05-08T15:28:18.561709Z","last_seen":"2026-05-17T20:33:38.722449Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","size":407279,"data":"","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-05-17T21:15:21.030492Z","times_seen":36859,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web160526-a1.xyz/","fqdn":"web160526-a1.xyz","domain":"web160526-a1.xyz","tld":"xyz"},"ip":{"addr":"35.168.40.172","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f38fb6b23bd16408ea219164f559046","sha1":"9c9074871388bd838f90ed6ad68d119d4e038f9c","sha256":"3b83b8d3a53fc3bfa41728c54459411c7c5c256960ecd8655a2b56bd9702ba42","sha512":"d42b8492996979e23fb0562279cb2a9b7029efecbf17d37f3e9fdfc9c86cda8580bc27c7a297a9b340e61aea89c4581decf310bf8ed312347796a40360fb1d18","ssdeep":"","tlshash":"7d51adaf74a38d701eebb07e37ab820c70a615434c85d8153d5c45908f60f5a14767f6","size":2573,"data":"","first_seen":"2026-05-17T18:21:40.395454Z","last_seen":"2026-05-17T18:23:50.247585Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web160526-a1.xyz/","date":"2026-05-17T18:23:28.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 09:41:26 GMT","end":"Fri, 19 Jun 2026 10:41:19 GMT"},"fingerprint":{"sha1":"1C:D9:C0:8C:4D:FA:FF:5A:2C:CC:48:EB:7B:35:CF:FA:AB:7F:C0:61","sha256":"1E:81:97:52:8B:47:37:54:3B:62:1E:0B:E5:1D:D6:F7:F2:6D:CD:F7:D3:1F:8C:0E:78:14:26:9F:B9:87:EA:5C"}}},"request":{"raw":"GET /3.4.17 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://web160526-a1.xyz/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 17 May 2026 18:23:28 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::vhhlv-1778775055415-ee1be01c049f\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 267150\r\nlast-modified: Thu, 14 May 2026 16:10:57 GMT\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Kf106TITOU0ljsUs4nH9ZLCGKa1mAv1DRlqF4ju%2FEq39I3MoOaDkfuRS12YBYU5d5Cr8DfjJutRHVp2MlqQL%2F5VjAw%2F1ipmkGVROwnSgO2dbG62KUh0WjtMv7%2BQV8ITTysL7hZU%3D\"}]}\r\ncf-ray: 9fd4a7495fea3181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52853)","md5":"7a614b9a197e532c00d09a23b0996b5f","sha1":"1ff1738a40f3716e30e9031b181b0955ae578955","sha256":"176e894661aa9cdc9a5cba6c720044cbbf7b8bd80d1c9a142a7c24b1b6c50d15","sha512":"a67bc26f52d938358471be5671ff4b79e11af4e68b486aaf73a35a4c9bf3777aab51101af81563b4e5b7ba4b04dd8971fcfa9ee2c41fb10a0c1ee5604a99abd6","ssdeep":"12288:fpgrZxSAoNbJb0Wie75aUXGuyQZhK4O0s:RCVoNB0Wie75aUWmnO0s","tlshash":"e8844aa57396702647eb51e850ea1042f2beaa38840c44bcf7edd4da39e5e4440fbf79","first_seen":"2025-07-28T16:58:08.903462Z","last_seen":"2026-05-17T21:15:21.030492Z","times_seen":36859,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcQ5K6Zd15dfqVFfbFYoB4-CmseC37ICrYlaQvtOhKgw-A\u0026s\u0026ec=121657068","fqdn":"encrypted-tbn0.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.143.142","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://web160526-a1.xyz/","date":"2026-05-17T18:23:28.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 20 Apr 2026 08:36:34 GMT","end":"Mon, 13 Jul 2026 08:36:33 GMT"},"fingerprint":{"sha1":"99:99:69:B2:FC:B4:4F:EA:18:FB:04:4C:0F:8D:3E:40:61:B5:31:00","sha256":"55:6F:9F:9F:5C:FF:31:03:79:C7:88:2B:89:0C:1A:2F:DE:0B:7B:1A:91:6E:BD:C8:7D:60:EF:5A:D9:C7:51:26"}}},"request":{"raw":"GET /images?q=tbn:ANd9GcQ5K6Zd15dfqVFfbFYoB4-CmseC37ICrYlaQvtOhKgw-A\u0026s\u0026ec=121657068 HTTP/1.1\r\nHost: encrypted-tbn0.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web160526-a1.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"images-tbn\"\r\nreport-to: {\"group\":\"images-tbn\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/images-tbn\"}]}\r\ncontent-length: 2089\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 17 May 2026 18:21:15 GMT\r\nexpires: Mon, 17 May 2027 18:21:15 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 27 Nov 2023 20:01:21 GMT\r\ncontent-type: image/png\r\nage: 133\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2089,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 225 x 225, 8-bit colormap, non-interlaced","md5":"77a64183f581141b9986d4f036c8fb7a","sha1":"a5db8131480d9edba053f198f98d19bab5678cd2","sha256":"6db8324223e6c5c8dae02a8fac970586931792dce8f3938446b1940a42c9d763","sha512":"6e0c70f297ee92ace87f2a818fceeabbd1cc48a5b147f0039551dacab67e4b343d7f1fdd43ad32c4da5ae346cd82efa57a0d860578a6b09de7eac049a6f29496","ssdeep":"","tlshash":"89411864b52ffd6d0d483d184763d7a7884db02029e0d652dcc3711ec2588a02bbf0ba","first_seen":"2026-05-17T18:21:40.39082Z","last_seen":"2026-05-17T18:23:50.243654Z","times_seen":4,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":72,"dns":8,"connect":8,"send":0,"wait":10,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.ardalio.com/submit/2208880","fqdn":"app.ardalio.com","domain":"ardalio.com","tld":"com"},"ip":{"addr":"104.26.0.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://web160526-a1.xyz/","date":"2026-05-17T18:23:28.776Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ardalio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 30 Apr 2026 13:48:21 GMT","end":"Wed, 29 Jul 2026 14:48:19 GMT"},"fingerprint":{"sha1":"11:83:D3:DC:BB:6A:5B:18:25:23:61:3C:85:FF:E0:27:FA:36:9C:38","sha256":"E9:21:6A:C3:18:50:2B:E4:77:33:91:63:54:C2:95:B0:15:40:BB:B8:D2:7A:9F:E3:E3:A7:5F:E9:2F:4F:72:D1"}}},"request":{"raw":"POST /submit/2208880 HTTP/1.1\r\nHost: app.ardalio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://web160526-a1.xyz/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 867\r\nOrigin: https://web160526-a1.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":867,"data":"{\"package_name\":\"web_stat\",\"alias\":\"2208880\",\"db\":\"2\",\"invisible\":\"\",\"exclusion_type\":\"\",\"session_id\":null,\"visitor_id\":null,\"is_owner\":0,\"has_exclusion_code\":0,\"user_id\":null,\"user_info\":null,\"update_user_id\":null,\"time_last_visit_server\":null,\"n_visits\":0,\"original_ref\":\"\",\"url\":\"https://web160526-a1.xyz\",\"title\":\"Sign in to Coinbase\",\"page_name\":\"\",\"group_name\":\"\",\"conversion_number\":\"\",\"version_number\":\"8.409\",\"origin\":\"log7\",\"scrW\":1280,\"scrH\":1024,\"referer\":\"\",\"human_probe\":{\"score\":5,\"details\":{\"cookieOK\":true,\"localStorageOK\":true,\"ua\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"webdriver\":false,\"workMs\":0},\"reasons\":[],\"ready\":true,\"baseScore\":5},\"browser_fp\":{\"webdriver\":0,\"hardwareConcurrency\":48,\"plugins\":5,\"languages\":{\"status\":\"valid\",\"count\":2},\"cookieOK\":1,\"localStorageOK\":1,\"scrW\":1280,\"scrH\":1024}}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 17 May 2026 18:23:28 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nreferrer-policy: no-referrer-when-downgrade\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncross-origin-resource-policy: cross-origin\r\ncontent-length: 863\r\npriority: u=4,i=?0\r\ncontent-type: application/json\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nset-cookie: __cflb=02DiuDzAYncLjXb9GsMkaYYmasAL3ptPP1FefN9FCYGhJ; HttpOnly; SameSite=None; Secure; Path=/; Expires=Mon, 18 May 2026 17:23:28 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SOGX2HC9ZELz1Inhn8Ax9YTKZzYM0qAFcKffCTDzyAu9PIPQKtEuUiK91aaUzq%2BrL387pn9u7oIarpPFSd7TTPle%2FzWryWtVNbhgD1P9PKsyvhEJPPw1gLdP%2B%2Fz3hV1k%2Bg%3D%3D\"}]}\r\ncf-ray: 9fd4a74cf93e75ab-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1667,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5403c9b8d34d40485566e07d9733984a","sha1":"b9f40781dcc232ac7c4727306f4d5d1901a330e4","sha256":"20b486dc18e18b9613404797b9e2a78ad70749f5472eaebc0503f57e2eedb1e9","sha512":"b205627defb81bd85ae15ff5e977527d70168f9f2d91a36f3d6972667c5b31191d01f3e858d913224835e2cb97bec9022baa3df8eeb0c9ab68962adf84aa46d8","ssdeep":"","tlshash":"5c311439653c8c7a46be01544107bf4257ee1037d7edad95e2bacd0407d43b8239618a","first_seen":"2026-05-17T18:23:50.244392Z","last_seen":"2026-05-17T18:23:50.244392Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":14,"dns":1,"connect":0,"send":0,"wait":127,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"web160526-a1.xyz/","fqdn":"web160526-a1.xyz","domain":"web160526-a1.xyz","tld":"xyz"},"ip":{"addr":"35.168.40.172","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-17T18:23:27.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"web160526-a1.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Sat, 16 May 2026 17:08:29 GMT","end":"Fri, 14 Aug 2026 17:08:28 GMT"},"fingerprint":{"sha1":"DF:69:65:D8:B4:B2:9B:8A:F0:22:FB:8A:87:81:E8:18:77:02:74:94","sha256":"57:2C:B4:4D:28:07:26:2F:A7:B2:80:FE:1F:B7:EB:0B:C1:76:3E:63:96:5F:BC:01:DD:9D:51:0A:51:8B:0B:28"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: web160526-a1.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Sun, 17 May 2026 18:23:27 GMT\r\nServer: Apache/2.4.66 (Amazon Linux) OpenSSL/3.5.5\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nTransfer-Encoding: chunked\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"OpenSSL:3.5.5","description":"OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.","website":"https://openssl.org","common_platform_enumeration":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","icon":"OpenSSL.png","categories":["Web server extensions"]},{"name":"Apache HTTP Server:2.4.66","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":12434,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (710)","md5":"4b7e89ee7dff19e60561447108af02f0","sha1":"78530bb0944d833eaa5d0288c61fcf2626f1d0fd","sha256":"f1da0ae8138c7fdbc8cc43d42e2fd0a79a5272be22f166771fbc270bc89e39e2","sha512":"b3e39368526c9798b99d664f8ff188b8ada2047c0460131c0ca5fcd0117eaf33759ea7613a63a48a3dee39f5b2064a1f23c375b5bb45dda8b479ddea7d4275c8","ssdeep":"192:u0UChRqfKmTgQJjeFWBNE5MJhiFIanfshYdMwCZp1f1PuHMZBjKmnb4CW4yc:uuQZBNE5MJ8IQxdMvhf12I4i","tlshash":"5142f95b20f11db505d786f873a66b1dbcadd217dd9bc40832ac02a06fc6c965c477b8","first_seen":"2026-05-17T18:21:40.386683Z","last_seen":"2026-05-17T18:23:50.245264Z","times_seen":4,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":198,"dns":1,"connect":93,"send":0,"wait":94,"receive":93,"ssl":102},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-17","alert":"Sinkholed","trigger":"web160526-a1.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web160526-a1.xyz/","date":"2026-05-17T18:23:28.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 21 Mar 2026 09:41:26 GMT","end":"Fri, 19 Jun 2026 10:41:19 GMT"},"fingerprint":{"sha1":"1C:D9:C0:8C:4D:FA:FF:5A:2C:CC:48:EB:7B:35:CF:FA:AB:7F:C0:61","sha256":"1E:81:97:52:8B:47:37:54:3B:62:1E:0B:E5:1D:D6:F7:F2:6D:CD:F7:D3:1F:8C:0E:78:14:26:9F:B9:87:EA:5C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web160526-a1.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Sun, 17 May 2026 18:23:28 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::9hnv7-1779041498295-0766b96a9c51\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 709\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O8A2LTGwJ60wfR7gmq%2BPLvWx1F%2BYS6migO%2Beor2VEiYl7NlJIJpWYr8GpXok6LNtLnkDV6dz2yAhA1MENY2Lvc%2BfZorMmD8IZczh8viUoZcCHZZ4vG5ZBcJRxPEKKq48rU%2FVD%2Bk%3D\"}]}\r\ncf-ray: 9fd4a7494fa93181-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":407279,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-17T21:14:57.286906Z","times_seen":15351111,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":12,"dns":1,"connect":1,"send":0,"wait":6,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"app.ardalio.com/wts7.js","fqdn":"app.ardalio.com","domain":"ardalio.com","tld":"com"},"ip":{"addr":"104.26.0.30","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://web160526-a1.xyz/","date":"2026-05-17T18:23:28.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ardalio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 30 Apr 2026 13:48:21 GMT","end":"Wed, 29 Jul 2026 14:48:19 GMT"},"fingerprint":{"sha1":"11:83:D3:DC:BB:6A:5B:18:25:23:61:3C:85:FF:E0:27:FA:36:9C:38","sha256":"E9:21:6A:C3:18:50:2B:E4:77:33:91:63:54:C2:95:B0:15:40:BB:B8:D2:7A:9F:E3:E3:A7:5F:E9:2F:4F:72:D1"}}},"request":{"raw":"GET /wts7.js HTTP/1.1\r\nHost: app.ardalio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://web160526-a1.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 17 May 2026 18:23:28 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 7341\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000; includeSubDomains\r\nreferrer-policy: no-referrer-when-downgrade\r\nlast-modified: Fri, 08 May 2026 13:29:11 GMT\r\netag: \"6aa7-6514e61de33e0-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncache-control: max-age=300, must-revalidate, public\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 180\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4vOFBU0dgRJq1VNpGt6Bv72jJRo%2FuozoJ0zmFm67OM7l2GSLF2PgBpS7FsJP8rrPbwTLxfdevFS8i0X8Ft22pf2c2cI7mZEe9C0kajxfxR3wQQFbMbaCKC5EMYAgBc8j9A%3D%3D\"}]}\r\ncf-ray: 9fd4a749595b56ae-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27303,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1277)","md5":"adae5ef4b149712625f0c18701e6798b","sha1":"fcba72b5be62a925812dc80cfb38adf12a16eafb","sha256":"f68fe8c6426ffd223b1bc8d7936dc72a2c82b581288251ea9d3c51d663896576","sha512":"ac1e2aba51b3f3ce067bcff995f67ad264014cf02033d9cb836c627068ca68d64dbc95c0e4b6cfdf901eff9853355b8ca3b9852aeabeb9c5bc055ba8abd398dd","ssdeep":"768:kDth+7fCj00m/BQcO45tdDYIBVpV20Y4FNrtdFsx3DQxNFY0P:JClqNrtdFi8","tlshash":"a3c2f76e719a9c3645e62662711f238061f6678d715e8088db34edc02f24ea6d337f3e","first_seen":"2026-05-08T15:28:18.561709Z","last_seen":"2026-05-17T20:33:38.722449Z","times_seen":39,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":19,"receive":1,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}