{"report_id":"aff4211c-83ae-42e6-80e4-51c1b90726e8","version":6,"status":"done","tags":[],"date":"2026-02-07T14:06:32Z","url":{"schema":"https","addr":"in-cryptomus.com/","fqdn":"in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"www.in-cryptomus.com/","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"title":"Cryptomus Pay","dom":{"size":67814,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4271)","md5":"31f6f43b2bbd957e40ff9f741809acec","sha1":"27cd6ba1433603f1fd91460cc9cf3bafd89e56cb","sha256":"136ce05a1e1ee9c2e9bbe87c22f0568d0b1adfec0bd8dbaa394b62d5e5b271a8","sha512":"e5665e9776cccc2f3e65dc041eb60c94975d573326888f6f21bdf34ad6b3e2d9e630108229821bfd83bfda4c7499bcb9231495c9a753ef8ee6d6c825f206c84e","ssdeep":"1536:8iNNFwmnqrGPrPyuS/ntOiW6i3EjYeJvYWGtSXynttGuG8Gvn+2:tRyB+2","tlshash":"6463fa666ab720709907e3795ba723093272412b6509ce783fec47dc5fc6548cca2bed","dom_hash":"domhash3eece2d5ede25ffee39e9479f0e1a4cd","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"in-cryptomus.com/","fqdn":"in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":0,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-14T14:06:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":4}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-02-07T14:06:12Z","timestamp":1770473172,"ip_dst":{"addr":"104.26.12.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44916,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI","source":"{\"timestamp\":\"2026-02-07T14:06:12.033779+0000\",\"flow_id\":937841657147588,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":44916,\"dest_ip\":\"104.26.12.205\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2047703,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_and_Server\"],\"confidence\":[\"High\"],\"created_at\":[\"2023_08_22\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_08_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"External_IP_Lookup\"],\"updated_at\":[\"2023_08_22\"]}},\"tls\":{\"sni\":\"api.ipify.org\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3436,\"start\":\"2026-02-07T14:06:12.028868+0000\"}}"}],"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-07","alert":"PHP webshell obfuscated by encoding of mixed hex and dec","trigger":"www.in-cryptomus.com/assets/secure.php?req=ping","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/04/18","description":"PHP webshell obfuscated by encoding of mixed hex and dec","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_obfuscated_encoding_mixed_dec_and_hex"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-07","alert":"Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.","trigger":"www.in-cryptomus.com/assets/secure.php?req=ping","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/01/09","description":"Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.","hash":"7b6471774d14510cf6fa312a496eed72b614f6fc","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_by_string_known_webshell"}},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"public-bsc.nownodes.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"fbsfoewlknwkpew111.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"in-cryptomus.com","ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":65985,"sent_data":485,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"api.ipify.org","ip":{"addr":"104.26.12.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-01-05","domain_rank":8166,"first_seen":"2014-10-06T12:38:43Z","last_seen":"2026-02-02T08:38:00.779001Z","alert_count":0,"request_count":1,"received_data":271,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-01T22:14:44.580478Z","alert_count":0,"request_count":1,"received_data":73799,"sent_data":543,"comment":"","tags":null,"fingerprints":null},{"fqdn":"public-bsc.nownodes.io","ip":{"addr":"104.20.35.2","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-05-20","domain_rank":0,"first_seen":"2025-10-14T19:44:58.496919Z","last_seen":"2026-02-04T23:59:51.275842Z","alert_count":2,"request_count":2,"received_data":1592,"sent_data":1041,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fbsfoewlknwkpew111.live","ip":{"addr":"104.21.45.86","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-30T01:31:05.094993Z","last_seen":"2026-01-31T03:13:43.489866Z","alert_count":1,"request_count":1,"received_data":629,"sent_data":459,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-01T22:17:46.954894Z","alert_count":0,"request_count":4,"received_data":14996,"sent_data":1954,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.in-cryptomus.com","ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":2,"request_count":6,"received_data":3639986,"sent_data":2614,"comment":"","tags":null,"fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"rpc.walletconnect.org","ip":{"addr":"18.195.189.203","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2018-03-26","domain_rank":891779,"first_seen":"2023-02-11T03:06:43Z","last_seen":"2026-02-06T06:26:57.146824Z","alert_count":0,"request_count":1,"received_data":1653,"sent_data":542,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.in-cryptomus.com/","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"79b52b84c4b1dfa10e6be612bdec2b7a","sha1":"f6283e25144756cc8d9e6649c8f95d4fc46adaa9","sha256":"124da43db04a99e316b820d10498e2780a613207b08c04d64358cebd724b4119","sha512":"81e7422961b07d1de79f5c09e6c9e31e3a827f1bc8435c9ac37e7b093b5d218be24ec18061703c954912290f2ed653dca68c4bba20a6c60090c4fd4843a4c6c4","ssdeep":"768:PoCvzuS/ntOiW6i3EjYeJvYWGtSXynttGuG8Gvny1ZN:gyuS/ntOiW6i3EjYeJvYWGtSXynttGut","tlshash":"8ce285156d7b21704a67a17e475b22093532022f3445cbb43ebd8bdc2fd2914d9b2bfa","size":32674,"data":"","first_seen":"2026-02-07T13:54:02.524846Z","last_seen":"2026-02-07T14:06:38.4828Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/assets/eleven.js","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0731dc266a43636b0e166275728b329f","sha1":"10ab55c566941fe6319681ccaa36e6313c7336e6","sha256":"c8a7922f93eb75f4329d4576efd7cba8a84cd888cf80856fa42dd171a4efe22f","sha512":"01ad04b1d570264819d09409aa94fec0af2f32c2b00dd96d76d8ed616b8293dbbe912e60cbb42a144ee4c665be0039f0f6036ee1ba7c3e682e0fa22066c7a744","ssdeep":"98304:dml/voXqyL4cDRxWyeI4vWSuyZXJPcrnE:dq/gXqyL4cDRxWyeI4vWSuyZXJPcrnE","tlshash":"3ef57c8073b1a079439741e4947b1501f238a85a7408c0acfbecd9f7af999c9897bf79","size":3556158,"data":"","first_seen":"2025-12-02T13:22:34.804996Z","last_seen":"2026-06-04T04:08:18.209746Z","times_seen":518,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"public-bsc.nownodes.io/","fqdn":"public-bsc.nownodes.io","domain":"nownodes.io","tld":"io"},"ip":{"addr":"104.20.35.2","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nownodes.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 11 Jan 2026 23:24:15 GMT","end":"Sun, 12 Apr 2026 00:24:07 GMT"},"fingerprint":{"sha1":"EC:BA:9B:AB:CB:AC:F0:50:15:55:17:89:D4:5F:52:04:A6:2E:C8:1F","sha256":"43:C6:97:66:EC:F0:C7:EB:3D:64:36:C1:2D:53:6A:54:A0:BC:D0:0A:21:A3:CD:D9:75:A0:F7:5E:15:04:A5:18"}}},"request":{"raw":"POST / HTTP/1.1\r\nHost: public-bsc.nownodes.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nContent-Type: application/json\r\nContent-Length: 136\r\nOrigin: https://www.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":136,"data":"{\"jsonrpc\":\"2.0\",\"method\":\"eth_call\",\"params\":[{\"to\":\"0x6981E9EA7023a8407E4B08ad97f186A5CBDaFCf5\",\"data\":\"0x3bc5de30\"},\"latest\"],\"id\":1}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncontent-type: application/json\r\ncontent-length: 194\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvary: Origin, accept-encoding\r\nstrict-transport-security: max-age=15768000\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9ca3724e3ee14c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":807,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d2d64c5f9293eb3ef064b089af272cf3","sha1":"9087ac99c5049ae550deb6681558d2b36c367d36","sha256":"1298242b7d0d06fa652c31118aca2012644308584d15fd18ddf0acac54153be3","sha512":"85f143037c6f65aa56187e7181381ce7a2d6f528f01af6f4ef61383c977e2d4600bcf204dbcc0add7b68945fb6c8f61523a3d8f0b1ce8cbc52916dc24a8462be","ssdeep":"","tlshash":"40018cf006978e60d0f89c8ab116be8562107c87f8cb2e430d084dc02af9485f734463","first_seen":"2025-11-30T01:31:11.661996Z","last_seen":"2026-02-07T14:06:38.452246Z","times_seen":39,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"public-bsc.nownodes.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fbsfoewlknwkpew111.live/api/ping","fqdn":"fbsfoewlknwkpew111.live","domain":"fbsfoewlknwkpew111.live","tld":"live"},"ip":{"addr":"104.21.45.86","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fbsfoewlknwkpew111.live","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 24 Jan 2026 22:55:32 GMT","end":"Fri, 24 Apr 2026 23:52:04 GMT"},"fingerprint":{"sha1":"D3:F2:75:B7:2A:F1:2A:F9:9C:76:E2:03:5B:61:3C:39:C7:58:E8:0D","sha256":"D7:47:0C:1D:BA:A7:EA:DD:AF:C6:0D:11:B3:A5:C0:27:30:9A:70:93:A2:92:40:45:26:5F:1A:98:CE:12:74:C0"}}},"request":{"raw":"GET /api/ping HTTP/1.1\r\nHost: fbsfoewlknwkpew111.live\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nOrigin: https://www.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncontent-type: application/json; charset=utf-8\r\naccess-control-allow-origin: *\r\nvary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=cFl2S7NZL6bqXmweg8IAQq6mij%2Bwi8vG4NGZHo3KpxDkBmzPBe%2F22FG%2Bu9xoq1tDb9%2FFSPcBMh37G2frP%2FBSsiR0irhUgAPGHfYyY%2BMX112JFheMun3W\"}]}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9ca3724f083a76ef-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"594d96ea0628a6a87187b8e17a7fa4b0","sha1":"5fbf4e5362196240e62d4e192bd93777898755b2","sha256":"cb100e693b55b36a08dc2b04eb312835069a4f2fc406ff374b21313b1f56b5cd","sha512":"c92fac11849dbd07dd610982d2d2e49f7aa59ec6048782145992bed639b1a518c539d9603bea6b79e4f29aa745e301923edaa9d96e1dec3ce27a8a2f4c2f2f4c","ssdeep":"","tlshash":"d96000330c0c0330030c0cc0300fcf030cc0c0c00000fcc000000300c300c000c00300","first_seen":"2025-10-03T14:25:47.505502Z","last_seen":"2026-06-07T04:19:09.845807Z","times_seen":796,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":37,"dns":21,"connect":1,"send":0,"wait":197,"receive":0,"ssl":13},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"fbsfoewlknwkpew111.live","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Pixelify+Sans:wght@400..700\u0026family=Press+Start+2P\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:11.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:56 GMT","end":"Mon, 06 Apr 2026 08:37:55 GMT"},"fingerprint":{"sha1":"DE:3B:B4:94:98:33:3A:CB:2A:A9:96:A1:CB:19:8C:84:B5:8D:23:E9","sha256":"D0:A1:5A:83:80:77:19:74:AA:CB:27:69:4A:C7:2C:F0:DA:06:9C:79:1E:07:77:9A:4D:7B:5D:AA:A2:D2:D4:E9"}}},"request":{"raw":"GET /css2?family=Pixelify+Sans:wght@400..700\u0026family=Press+Start+2P\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.in-cryptomus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 07 Feb 2026 14:06:12 GMT\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3080,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"d4e6d79c776bf8fc41c61de47e83d957","sha1":"8bc1ade7d4f4e91f3caa6d459dc1c6e3c0b05528","sha256":"fdaed61fd01a57851820b356beb641c643c8b4e699faddae0b72fa64c5d20bad","sha512":"7044230275f8f8d2e4725a69add094387aea08d50c588f7026b9c1aa00f4e576abae59e8bc05b3eb58f8601bcdee55a9ca9508200e51f6121b8a577bac04c82b","ssdeep":"","tlshash":"1851ddd5052bd040eb931cc233cf7e36ee0f21266495d8699efe18d4acbad664351b4e","first_seen":"2025-09-17T03:18:47.287526Z","last_seen":"2026-06-04T04:08:18.169859Z","times_seen":745,"resource_available":false,"data":null}},"time_used":497,"timings":{"blocked":237,"dns":1,"connect":23,"send":0,"wait":20,"receive":0,"ssl":211},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Fira+Code:wght@300..700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:11.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:56 GMT","end":"Mon, 06 Apr 2026 08:37:55 GMT"},"fingerprint":{"sha1":"DE:3B:B4:94:98:33:3A:CB:2A:A9:96:A1:CB:19:8C:84:B5:8D:23:E9","sha256":"D0:A1:5A:83:80:77:19:74:AA:CB:27:69:4A:C7:2C:F0:DA:06:9C:79:1E:07:77:9A:4D:7B:5D:AA:A2:D2:D4:E9"}}},"request":{"raw":"GET /css2?family=Fira+Code:wght@300..700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.in-cryptomus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 07 Feb 2026 14:06:11 GMT\r\ndate: Sat, 07 Feb 2026 14:06:11 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2425,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"364d80757a1c7c81dccbf8d6caeb7ae7","sha1":"abf8e3b38eb2295c6378231fb2ecabae5ecd4b2f","sha256":"17babf90f4bae4a92ef7f4f24552b88b41c391b89328f46faa49286f5c2c2c6a","sha512":"6a0c6519a03917cedd40ecfe91e6cb8d30a42a61c005244bf8c09934a12132ba0fe963dd6e5c77a9baa19944cadb274ecf81e1780697acc5f3e22ae85b02c131","ssdeep":"","tlshash":"1c41aaa601a79400afa30cc177cebe779e1e2198b041c6b95efd08989ce7d32435472e","first_seen":"2025-09-17T03:18:47.282954Z","last_seen":"2026-06-05T09:23:27.363467Z","times_seen":820,"resource_available":false,"data":null}},"time_used":475,"timings":{"blocked":226,"dns":0,"connect":22,"send":0,"wait":20,"receive":0,"ssl":200},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Press+Start+2P\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:11.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:56 GMT","end":"Mon, 06 Apr 2026 08:37:55 GMT"},"fingerprint":{"sha1":"DE:3B:B4:94:98:33:3A:CB:2A:A9:96:A1:CB:19:8C:84:B5:8D:23:E9","sha256":"D0:A1:5A:83:80:77:19:74:AA:CB:27:69:4A:C7:2C:F0:DA:06:9C:79:1E:07:77:9A:4D:7B:5D:AA:A2:D2:D4:E9"}}},"request":{"raw":"GET /css2?family=Press+Start+2P\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.in-cryptomus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 07 Feb 2026 14:06:12 GMT\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1860,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"b7cad844ac5ba76f2eaa0a5f19927973","sha1":"0f619ace2a91abd4ba25e81b02b34e50708501aa","sha256":"c432858c887f02896894b1e44507b18fa1d22287d3bac0c1da9883849c63a118","sha512":"1056d64979f32cc0013a2564c64a6142439088d81b298c3da42cbd73ac308a5e0622cb5fee52c560d6e993e35eaaaea05d10226b42c65379b22a5c4252d1e632","ssdeep":"","tlshash":"043167e6052b94409b931cd373cf7e36de0e2125649184699efe1c84acbaca60391b5e","first_seen":"2025-09-17T02:54:26.564123Z","last_seen":"2026-06-07T23:14:13.130193Z","times_seen":1302,"resource_available":false,"data":null}},"time_used":495,"timings":{"blocked":236,"dns":0,"connect":21,"send":0,"wait":20,"receive":0,"ssl":215},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"rpc.walletconnect.org/v1/supported-chains?st=appkit\u0026sv=html-ethers-1.6.9\u0026projectId=870a23e95edee01c6a5943b4f50aa9bd","fqdn":"rpc.walletconnect.org","domain":"walletconnect.org","tld":"org"},"ip":{"addr":"18.195.189.203","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rpc.walletconnect.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 16 Oct 2025 00:00:00 GMT","end":"Sat, 14 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"38:E6:43:A0:F8:F2:8D:21:9C:36:21:F5:DB:3B:F9:93:F7:7B:C4:8B","sha256":"09:1F:96:1E:4B:E3:8B:06:C3:8F:0A:2E:0F:79:E7:43:9C:B4:45:CC:26:0C:77:C5:50:CD:15:A8:7D:1D:83:DB"}}},"request":{"raw":"GET /v1/supported-chains?st=appkit\u0026sv=html-ethers-1.6.9\u0026projectId=870a23e95edee01c6a5943b4f50aa9bd HTTP/1.1\r\nHost: rpc.walletconnect.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nOrigin: https://www.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncontent-type: application/json\r\ncontent-length: 1310\r\ncache-control: public, max-age=86400, s-maxage=86400\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: *\r\nx-request-id: 91753c07-e484-491b-ae4d-787e085a3f2b\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1310,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"67d8a8e61b265c371c66c64c70f5ca96","sha1":"55ad0094809965688f7cedc8433fb7f1fd61b0e5","sha256":"7a8dc12bb7a8d034ff9dab3693fefbfba26033f5bbd632c0670ff96a768e8c94","sha512":"ebab45d66605ea1ef4d153691ab990f82977cc88104257094ee938d7694470982e1c07773f1eba210f949f0480f078cb333d70689de6ca2c185cf58ac891f2f5","ssdeep":"","tlshash":"8421368c84801c40dcb4d398dbbce8cb955ef01399cd28a999f82cb155fd6b3355276e","first_seen":"2026-01-30T18:35:05.69266Z","last_seen":"2026-02-07T14:06:38.470419Z","times_seen":120,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":105,"dns":4,"connect":21,"send":0,"wait":22,"receive":0,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/settings.json","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.039Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:52:11 GMT","end":"Wed, 25 Mar 2026 23:52:10 GMT"},"fingerprint":{"sha1":"CF:2B:D2:E5:A1:BD:2A:48:F4:67:23:A9:66:22:F0:3B:E4:25:A6:52","sha256":"CF:16:3B:D3:48:8E:1C:AD:2A:39:CD:ED:1B:40:EF:5C:51:3B:1C:DB:39:73:C0:4B:F8:01:03:9E:B0:63:9B:90"}}},"request":{"raw":"GET /settings.json HTTP/1.1\r\nHost: www.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 757\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"settings.json\"\r\ncontent-type: application/json; charset=utf-8\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\netag: \"8550a1fcc66ea92d2e4bd1a5d149c6da\"\r\nlast-modified: Sat, 07 Feb 2026 13:53:34 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::7lm64-1770473172033-acfc993c09ce\r\ncontent-length: 833\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":833,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8550a1fcc66ea92d2e4bd1a5d149c6da","sha1":"e07fdde512531ea31462441b534cf40714097afb","sha256":"9dc5e59a089e712d2ba4d6c96a375e59c275d17ce1705a68ec89f189d0555307","sha512":"512f096575d3a47d967bd65baa77ae0b2098ac9113055d0c8a4047b2949ece360dd733c75eed8b4c92423b8421708b6f6085a6be8dd3b9e92a55a2dd9107de13","ssdeep":"","tlshash":"3c011948ec51082bd2cd0628b68e42050e16ad2783183c506f1b5028ab2d36f5f72ace","first_seen":"2026-02-07T13:54:02.507568Z","last_seen":"2026-02-07T14:06:38.471352Z","times_seen":2,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"public-bsc.nownodes.io/","fqdn":"public-bsc.nownodes.io","domain":"nownodes.io","tld":"io"},"ip":{"addr":"104.20.35.2","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nownodes.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 11 Jan 2026 23:24:15 GMT","end":"Sun, 12 Apr 2026 00:24:07 GMT"},"fingerprint":{"sha1":"EC:BA:9B:AB:CB:AC:F0:50:15:55:17:89:D4:5F:52:04:A6:2E:C8:1F","sha256":"43:C6:97:66:EC:F0:C7:EB:3D:64:36:C1:2D:53:6A:54:A0:BC:D0:0A:21:A3:CD:D9:75:A0:F7:5E:15:04:A5:18"}}},"request":{"raw":"OPTIONS / HTTP/1.1\r\nHost: public-bsc.nownodes.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.in-cryptomus.com/\r\nOrigin: https://www.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,api-key\r\naccess-control-max-age: 1728000\r\ncf-cache-status: DYNAMIC\r\ncf-ray: 9ca3724d9d5c4c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T00:34:24.756694Z","times_seen":16225709,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":33,"dns":14,"connect":1,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-07","alert":"Sinkholed","trigger":"public-bsc.nownodes.io","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"in-cryptomus.com/","fqdn":"in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-07T14:06:10.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:51:42 GMT","end":"Wed, 25 Mar 2026 23:51:41 GMT"},"fingerprint":{"sha1":"EC:5F:01:30:2D:97:6E:54:35:90:BE:4A:03:97:4A:B7:44:18:2C:F0","sha256":"9D:30:7E:FC:93:B5:F9:F7:10:97:0C:3E:79:F0:F6:8D:B2:4D:F8:3F:DA:7D:9D:C6:57:57:44:ED:D3:7E:78:DF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-type: text/html\r\ndate: Sat, 07 Feb 2026 14:06:10 GMT\r\nlocation: https://www.in-cryptomus.com/\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-id: arn1::wbwhv-1770473170724-7a1bff72f45e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65664,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T00:34:24.756694Z","times_seen":16225709,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":27,"dns":1,"connect":1,"send":0,"wait":10,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-07T14:06:10.740Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:52:11 GMT","end":"Wed, 25 Mar 2026 23:52:10 GMT"},"fingerprint":{"sha1":"CF:2B:D2:E5:A1:BD:2A:48:F4:67:23:A9:66:22:F0:3B:E4:25:A6:52","sha256":"CF:16:3B:D3:48:8E:1C:AD:2A:39:CD:ED:1B:40:EF:5C:51:3B:1C:DB:39:73:C0:4B:F8:01:03:9E:B0:63:9B:90"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 21340\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 07 Feb 2026 14:06:10 GMT\r\netag: \"29a37d740ba99f71218505d6b2607b61\"\r\nlast-modified: Sat, 07 Feb 2026 08:10:30 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::spcr6-1770473170783-2de1dc3d7bfd\r\ncontent-length: 15920\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65664,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4271), with CRLF line terminators","md5":"29a37d740ba99f71218505d6b2607b61","sha1":"dd2f31edefa590d70ae6e5fac679f54eda405de3","sha256":"0c6d30399158551da416101b9d564695a8e01827cc4334ada6635fc5e0608024","sha512":"306db18472b6f1bbb3b5cbc388607b019f242c4b3463b2060907acd301ff16064999200ff13c44248294a561bbd5fee309e1937c649027d65567fc343d9f9f6e","ssdeep":"1536:/pm0TLP2OS/5mCUdhNRZKLCXVkqDO9UZVlCUZ9K9I9iKtG:jSktG","tlshash":"6853a619a65410718537e379db626709fa77013b634282b93aec579c1ff2808c962fed","first_seen":"2026-02-07T13:54:02.515947Z","last_seen":"2026-02-07T14:06:38.474489Z","times_seen":2,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":36,"dns":7,"connect":1,"send":0,"wait":10,"receive":11,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/assets/eleven.js","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:11.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:52:11 GMT","end":"Wed, 25 Mar 2026 23:52:10 GMT"},"fingerprint":{"sha1":"CF:2B:D2:E5:A1:BD:2A:48:F4:67:23:A9:66:22:F0:3B:E4:25:A6:52","sha256":"CF:16:3B:D3:48:8E:1C:AD:2A:39:CD:ED:1B:40:EF:5C:51:3B:1C:DB:39:73:C0:4B:F8:01:03:9E:B0:63:9B:90"}}},"request":{"raw":"GET /assets/eleven.js HTTP/1.1\r\nHost: www.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.in-cryptomus.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 757\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"eleven.js\"\r\ncontent-encoding: br\r\ncontent-type: application/javascript; charset=utf-8\r\ndate: Sat, 07 Feb 2026 14:06:11 GMT\r\netag: \"585012ffc7f6cacbe300bdf8ac038adb\"\r\nlast-modified: Sat, 07 Feb 2026 13:53:33 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::2mfw9-1770473171016-05806126cf27\r\ncontent-length: 923820\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":3556158,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"e60d780300a74c70dc6418ea19873295","sha1":"74001d33824730e25d3d840e0c642f9f986015d7","sha256":"dcb99cd44bfd05f2cfc3c04527f35accfdd3df490666015cbafc125c4b368250","sha512":"617f21408d485ed842373a7c935208431b033f279973a23752599f44a0f4b4f1b125068a3ad244650a5c24d9859d2b9702998c1d415b43eb801bfd6d9b5b2ade","ssdeep":"24576:dmNHxkmMEWI2xMrvZKhch+k+ub6BqyxRz:dmNHKmME32xohKhcoGGBqyLz","tlshash":"a1254c9073a5b06243da14e4187b1006f279bc68744d80acf69cecfb7da9d84963bf79","first_seen":"2025-12-02T13:22:34.735267Z","last_seen":"2026-06-04T04:08:18.205676Z","times_seen":514,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:11.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:56 GMT","end":"Mon, 06 Apr 2026 08:37:55 GMT"},"fingerprint":{"sha1":"DE:3B:B4:94:98:33:3A:CB:2A:A9:96:A1:CB:19:8C:84:B5:8D:23:E9","sha256":"D0:A1:5A:83:80:77:19:74:AA:CB:27:69:4A:C7:2C:F0:DA:06:9C:79:1E:07:77:9A:4D:7B:5D:AA:A2:D2:D4:E9"}}},"request":{"raw":"GET /css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.in-cryptomus.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 07 Feb 2026 14:06:11 GMT\r\ndate: Sat, 07 Feb 2026 14:06:11 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4887,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"3fd96ba77783845730c343cf00ac7a93","sha1":"bc4f7f4f71aeae387232155c55c4f031c5f3f769","sha256":"27b95b2fcbc857ba25f7e5a707c5c4c06c5cf93415519b7669c19f4045edca37","sha512":"20b137cf9c61842c7bad62dd6c36125833022552379ad97324dbee2c2e9cb0303b17a9aee813ea2bcdbb68541c8c6edbfecfcfb2858cf27c2cff480d756d80cd","ssdeep":"96:aYg4aMzqYg4aybFZHYg4agkYg4aUJ3vYg4aERYg4aYGJc+uTYg4aR6NDO4a3qO4L:vywfydyGy63gy/yFVyR73xpmj3U8fHN","tlshash":"37a1ed91006f9104ea431dd627cf7e32ad8e51956082e27d6ffd2dca6cdbd23122874c","first_seen":"2025-09-10T21:50:06.177565Z","last_seen":"2026-06-07T23:52:28.596148Z","times_seen":16404,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":88,"dns":0,"connect":7,"send":0,"wait":17,"receive":0,"ssl":77},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.ipify.org/?format=json","fqdn":"api.ipify.org","domain":"ipify.org","tld":"org"},"ip":{"addr":"104.26.12.205","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ipify.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 01 Jan 2026 12:15:50 GMT","end":"Wed, 01 Apr 2026 13:15:39 GMT"},"fingerprint":{"sha1":"E8:04:3F:4D:91:E2:52:D3:E0:EA:F7:1A:C8:8C:94:50:7C:2E:FF:FF","sha256":"A1:8E:F1:BF:52:25:E4:EE:2D:91:8B:1E:0B:E7:A1:C3:B9:7D:DF:7D:D1:57:11:6A:14:CF:F2:A6:DF:D1:B0:18"}}},"request":{"raw":"GET /?format=json HTTP/1.1\r\nHost: api.ipify.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nOrigin: https://www.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\ncontent-type: application/json\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9ca3724d5c9e4c11-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7d69c71af0f191e9a72db6153f8018d1","sha1":"f67c5f2887bc05654b47f76e9621e53a4091aed1","sha256":"5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65","sha512":"fdf43a8f3d843fe9008949d6709c8e2a5cd640f6101522319745f0a829f21dc8f4bd4d70ff3e2f6e1fd53ca0d2dd872bf3588c593a403071102ab28763cbdba5","ssdeep":"","tlshash":"b8700022000000208c80800eca0a032223a0000ac20a00088e800b2288a0b380282032","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-06-07T07:51:18.251001Z","times_seen":93313,"resource_available":false,"data":null}},"time_used":198,"timings":{"blocked":15,"dns":5,"connect":1,"send":0,"wait":154,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:52:11 GMT","end":"Wed, 25 Mar 2026 23:52:10 GMT"},"fingerprint":{"sha1":"CF:2B:D2:E5:A1:BD:2A:48:F4:67:23:A9:66:22:F0:3B:E4:25:A6:52","sha256":"CF:16:3B:D3:48:8E:1C:AD:2A:39:CD:ED:1B:40:EF:5C:51:3B:1C:DB:39:73:C0:4B:F8:01:03:9E:B0:63:9B:90"}}},"request":{"raw":"HEAD / HTTP/1.1\r\nHost: www.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 21341\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\netag: \"29a37d740ba99f71218505d6b2607b61\"\r\nlast-modified: Sat, 07 Feb 2026 08:10:30 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::flj65-1770473172033-b3363679deac\r\ncontent-length: 15920\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-08T00:34:24.756694Z","times_seen":16225709,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcCo3FwrK3iLTcviYwYZ90A2N58.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.045Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 12 Jan 2026 08:37:55 GMT","end":"Mon, 06 Apr 2026 08:37:54 GMT"},"fingerprint":{"sha1":"C9:11:F3:8A:1F:95:BA:78:F0:71:09:AC:AA:E5:AC:D1:ED:83:E4:04","sha256":"61:45:36:53:9C:8E:E6:E3:72:93:D5:B6:2E:25:31:08:2F:70:5B:C8:FA:43:EA:70:B8:CE:11:BF:74:C7:92:98"}}},"request":{"raw":"GET /s/inter/v20/UcCo3FwrK3iLTcviYwYZ90A2N58.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.in-cryptomus.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 72964\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 02 Feb 2026 18:20:39 GMT\r\nexpires: Tue, 02 Feb 2027 18:20:39 GMT\r\ncache-control: public, max-age=31536000\r\nage: 416733\r\nlast-modified: Tue, 09 Sep 2025 18:33:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":72964,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 72964, version 1.0","md5":"91247c94dcda6ff52b445d71d6bbfb81","sha1":"ad2f62363ed047b430b91f32afa31df51fcd7c5e","sha256":"6a3c3e024b31eeacbf1f19c3c7be78612d91c623186f64035a50038241dad4f9","sha512":"a12dcac84e9f9ae02df3aabe29d76994281cd1005edca471194605cfcd6a0456eec872fd28c63c72ae124804d0b47d8377048caae49c40b0a18b5d6be4d6213f","ssdeep":"768:zbw+rLBkMxbCkupj4Y69/Yr71+j9pWiKahMM6+AWEqXB0oGuNGku+QCcIKE205C7:zbw+iwuS/iZWeaO1zP1/9Esvf8fXnm1","tlshash":"8f6302244e3c50c2a54d33aa286940f6f6e79c75b2b79ba4a69c589cd410f329cdfdc4","first_seen":"2025-05-29T18:51:13.223047Z","last_seen":"2026-06-07T23:30:59.25786Z","times_seen":25804,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":51,"dns":2,"connect":8,"send":0,"wait":9,"receive":14,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/settings.json","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:11.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:52:11 GMT","end":"Wed, 25 Mar 2026 23:52:10 GMT"},"fingerprint":{"sha1":"CF:2B:D2:E5:A1:BD:2A:48:F4:67:23:A9:66:22:F0:3B:E4:25:A6:52","sha256":"CF:16:3B:D3:48:8E:1C:AD:2A:39:CD:ED:1B:40:EF:5C:51:3B:1C:DB:39:73:C0:4B:F8:01:03:9E:B0:63:9B:90"}}},"request":{"raw":"GET /settings.json HTTP/1.1\r\nHost: www.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 757\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"settings.json\"\r\ncontent-type: application/json; charset=utf-8\r\ndate: Sat, 07 Feb 2026 14:06:11 GMT\r\netag: \"8550a1fcc66ea92d2e4bd1a5d149c6da\"\r\nlast-modified: Sat, 07 Feb 2026 13:53:34 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::5zhl9-1770473171756-2f607ad16f14\r\ncontent-length: 833\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":833,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"8550a1fcc66ea92d2e4bd1a5d149c6da","sha1":"e07fdde512531ea31462441b534cf40714097afb","sha256":"9dc5e59a089e712d2ba4d6c96a375e59c275d17ce1705a68ec89f189d0555307","sha512":"512f096575d3a47d967bd65baa77ae0b2098ac9113055d0c8a4047b2949ece360dd733c75eed8b4c92423b8421708b6f6085a6be8dd3b9e92a55a2dd9107de13","ssdeep":"","tlshash":"3c011948ec51082bd2cd0628b68e42050e16ad2783183c506f1b5028ab2d36f5f72ace","first_seen":"2026-02-07T13:54:02.507568Z","last_seen":"2026-02-07T14:06:38.471352Z","times_seen":2,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.in-cryptomus.com/assets/secure.php?req=ping","fqdn":"www.in-cryptomus.com","domain":"in-cryptomus.com","tld":"com"},"ip":{"addr":"216.198.79.1","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.in-cryptomus.com/","date":"2026-02-07T14:06:12.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.in-cryptomus.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 23:52:11 GMT","end":"Wed, 25 Mar 2026 23:52:10 GMT"},"fingerprint":{"sha1":"CF:2B:D2:E5:A1:BD:2A:48:F4:67:23:A9:66:22:F0:3B:E4:25:A6:52","sha256":"CF:16:3B:D3:48:8E:1C:AD:2A:39:CD:ED:1B:40:EF:5C:51:3B:1C:DB:39:73:C0:4B:F8:01:03:9E:B0:63:9B:90"}}},"request":{"raw":"GET /assets/secure.php?req=ping HTTP/1.1\r\nHost: www.in-cryptomus.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.in-cryptomus.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nage: 756\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-disposition: inline; filename=\"secure.php\"\r\ncontent-encoding: br\r\ncontent-type: application/x-httpd-php\r\ndate: Sat, 07 Feb 2026 14:06:12 GMT\r\netag: \"1c925167dc939ba7920a7b978a42b65d\"\r\nlast-modified: Sat, 07 Feb 2026 13:53:35 GMT\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: HIT\r\nx-vercel-id: arn1::p7nkx-1770473172030-275f0ec07570\r\ncontent-length: 5669\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13263,"size_decoded":0,"mime_type":"application/x-httpd-php","magic":"PHP script, ASCII text, with very long lines (13257)","md5":"1c925167dc939ba7920a7b978a42b65d","sha1":"9b4d27462d3d897552a996e85fde3fbf24283df2","sha256":"0da07b458e6aeb7e396730ce0272d86319a458189810252b1a99ca689f765dac","sha512":"f09322f748a40ff5aa579399a7a7fef8eeca5c81c193eab15cea18d0c3ae30ad34719cd9aad64674575ef05cb185087dd43ab9a9a38340ce1295255a34188101","ssdeep":"384:CLpx+D3MQZuRAxe+0A0C2A6VR0NBfAqRq:CLpxQMnRQt0C2A6VR0NdAqRq","tlshash":"735230702582559b789e0dc7afd32a8e71b042e74e0f7a8f8e3839d9249c259c14dfe4","first_seen":"2025-11-08T08:53:34.56198Z","last_seen":"2026-06-04T04:08:18.148098Z","times_seen":108,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-07","alert":"PHP webshell obfuscated by encoding of mixed hex and dec","trigger":"www.in-cryptomus.com/assets/secure.php?req=ping","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/04/18","description":"PHP webshell obfuscated by encoding of mixed hex and dec","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_obfuscated_encoding_mixed_dec_and_hex"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-02-07","alert":"Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.","trigger":"www.in-cryptomus.com/assets/secure.php?req=ping","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp","date":"2021/01/09","description":"Known PHP Webshells which contain unique strings, lousy rule for low hanging fruits. Most are catched by other rules in here but maybe these catch different versions.","hash":"7b6471774d14510cf6fa312a496eed72b614f6fc","license":"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE","rule":"webshell_php_by_string_known_webshell"}}],"urlquery":null}}]}