{"report_id":"b1acbc4a-8ea7-4a65-a896-c18e7d3e135c","version":6,"status":"done","tags":[],"date":"2026-04-09T02:29:35Z","url":{"schema":"http","addr":"alignelayer.xyz","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"104.21.30.237","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"alignelayer.xyz/","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"title":"ALIGN Airdrop Eligibility","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"alignelayer.xyz","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"104.21.30.237","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-14T02:29:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"alignelayer.xyz","ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-04-01","domain_rank":0,"first_seen":"2026-04-09T02:29:36.57387Z","last_seen":"2026-04-09T02:29:36.57387Z","alert_count":12,"request_count":12,"received_data":6347118,"sent_data":5465,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"alignelayer.xyz/222b2609-601a-4c8a-b9ac-2c3cbe69b7d6","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f11bcdc7b7757c117a8de0db3a4c25b8","sha1":"962e4d08a960106c829d0f9d492d7b891927adab","sha256":"b60b89c0c92cf57329c8590a2c5540cece4def64e4e7bf04f2d39b8ffa3b2748","sha512":"7461553dadb09db423bda8c47a58f8cdade82aa710a0f4415cde912e7a88cd4471ea86aa58a2e5097c90e2cb45ac410104019c56a04c35955e827f0bb0796040","ssdeep":"6144:vkWGL6BSn5NGCk3zi0mCw8wLPNU2HZjGfty3:cjkSnv1k20mCwFnHRGfty3","tlshash":"1044810609ac4f7986ec22e015f72cc401794e0ad9dc3cbfb9ada1579e25bd6e0c279d","size":259964,"data":"","first_seen":"2025-07-13T03:04:16.940864Z","last_seen":"2026-04-09T04:14:44.390596Z","times_seen":4936,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"ff335aa29a75b36cdab6a914f244241b","sha1":"ab01b96b3603bfe1aca857333dda8eb0d67c8bf8","sha256":"584211f0dd0c217fd150fbbb8ac91d13cc8e665e00a6529cc3da805f6620f588","sha512":"149a652d03cdd7a8a1f55e031018aa4f7ad6eb619b1fca840936026aa7e55b3c5311dfb2c3723c1abd18d20fa0d128741685971a169cad8b7c2f82c638947241","ssdeep":"","tlshash":"c3c0121d7474a666048f7d6e0c8f08c9bf268c1262094ec59decd8547fb1f6942b588c","size":194,"data":"","first_seen":"2026-04-09T02:29:39.847303Z","last_seen":"2026-04-09T02:31:40.972556Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"297a907d4e5b4c2198915e66274d9c9a","sha1":"e0f98af49ab0f7a270e2d739436181f924449098","sha256":"0fdbc26d9d5bd7f6a4bc38acfb91fc663c57463d43a08447f1386b3354cd84de","sha512":"48487cbd59e60a259a5836fc0315243da500d617e94e06b3073f79bb834bd141c9e5cfb59c42a3c2086c920c21be5996e589d4658513cf31d95bfc5757a4a44e","ssdeep":"","tlshash":"1371bc3beb00173bdc8fb9fdced5b4c02e62497262496560691ce102b16cd7087bed88","size":3741,"data":"","first_seen":"2025-08-14T22:39:51.132287Z","last_seen":"2026-04-09T02:31:40.973666Z","times_seen":3010,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3c641939d34a2940b1d29fc01fa91537","sha1":"e7a393ec8367c27de61f84a17bb8857be9a3cfd3","sha256":"ea59aa6fa266347558d24c89c7be3f3ce49eed39df52504cf4479cdbcf71d5b6","sha512":"104911e5ee739fdf13db690e1056f1bdf5c9be3e4f52d0f42444c5303e42d1a6e6f0c9e9a8fed98e3ca70fc67c7829cea7e93c91f3adbd022a0201c3f2db4a38","ssdeep":"768:Rdq91caFBkPBkPFWWZ0MIos2jERtBnNoccnlrJdXJcEa2H9pyY7W90Fi5c6Cc1fO:yA41Ds4SG5JdXtAFEp","tlshash":"478351d9591be4e28e5121ded433e949e4284a23cdadf1a3b92cddc1b49df22c44723b","size":86024,"data":"","first_seen":"2026-04-09T02:29:39.849882Z","last_seen":"2026-04-09T02:31:40.975142Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/bundle-i2pzz0pbdh.min.js","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f43da52e3162b82124f8235f24db50ef","sha1":"d3cab3231986645d9ba9f04c219ea7bde22a4065","sha256":"0757b7384812cdd336ad4e19a77822e3925cb0ba7d99133095393e6963084174","sha512":"b959fe3c52ad20688786ed0138f1c9ec6e28314f0f2b1bb4851651084fe943e46cf84c2e0698939b2240aeb9637d58acaa23c20c0cf4c40680dfb3a5039643e5","ssdeep":"768:uhC9Fc4FBkDBkvdEJmh9suS5QnG5Oq2fhcoa2xT9p8AFW90Fi5LQ6icfrFW9Sbiw:PA4Pau8qG5F2fL7oBbOwEi","tlshash":"a9934eda590ae4d68e1124ddc437f848e0684963cdadf1a3ba2cddc6b45ef62c44723b","size":89645,"data":"","first_seen":"2026-04-09T02:29:39.844554Z","last_seen":"2026-04-09T02:31:40.966775Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"48e42c2c5da4aaf12c9bba824c44a697","sha1":"d406389931e0e1d09938ea6788fcc1261a555fb7","sha256":"9bbd684c8ab024bd9f04add92a2ea1efefbbb394f32fe1edca227973178ca5f9","sha512":"da50f2b9399731713f3a6d7c3f12e3d64b1953e663f2c8d748bf3b51e5cda6aaa775591fc83d7758c5b75c0fb4ab7d0d592d646141eff2cebc8f1c4175f80833","ssdeep":"","tlshash":"a6f0593970b1227606b7549acb0b9385fe1000776085e806bd0dc58b4fc1f9428a6bc7","size":543,"data":"","first_seen":"2026-02-04T16:58:09.258572Z","last_seen":"2026-04-09T02:31:40.974335Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"alignelayer.xyz/discord.svg","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.009Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /discord.svg HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69cd304b-49d\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L%2B89o3nq4Sf7rB65jGbfKASVc01IRPBTRaQAUDyRyZQJbRgoba3NDG%2FG61L0hu6fUYbtx0V3JJcw9eQgzfddyr2qLtlIYlJ4j%2Fu7WhpkrfDZWVP2Fxn64h4l%2BOPtSwV3zgU%3D\"}]}\r\ncf-ray: 9e96152e0f4c56c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1181,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"362f2ef73ae40161d32350ee13c25cdd","sha1":"bb906799b95813b58d172af11d0a78fb9a42bc5d","sha256":"2bb8bfcb7aa2436923f03653d86becf2ca14e021c32685ec7ade1c9ef7b1d8a7","sha512":"6fbd997a88375a0726ad07f2ef406fe84dcc930975e099eb43a7e00788c4b4bf864ba13f3aea4ffdffd909228d11249dc154fbd55c8eb2b18c1d70c0322fd961","ssdeep":"","tlshash":"832167d6069c409c18aeab0c6f2fda4d331f74bb7094eac9ee4e57647483a51da0b800","first_seen":"2026-04-01T15:54:30.821087Z","last_seen":"2026-04-09T02:31:40.965559Z","times_seen":3,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/github.svg","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /github.svg HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69cd304b-2fa\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VABUFO4CjVk%2BAEP2EnvdHPShsBOTGr6aJl%2ByM0%2Ff83i36yM4Gudq7tBtVEYIIVeuHXPaQEOZHKggxfjsXijspX1oLv87jMQXbpktXBcjFDdj%2B26Oo%2ByKF2W1R1ApgOz84rM%3D\"}]}\r\ncf-ray: 9e96152e0f4a56c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":762,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c6ea042a10d7e93b1df3598446fd31a0","sha1":"03f0f085fc71f49417c59d5880a7c6053348c0b8","sha256":"b7da03dd0e50594b0146225f2b1e25e191f02daed2374e29af75b503cde4d30e","sha512":"59337d9368726041519ca2ce60e2da5312bda4e1315f540ce6e5b269321a38c165f2418f7fa9ab3957ff045d8268c719ea62171413834714f2fbdb75375b4e25","ssdeep":"","tlshash":"5901bdf77a71fb8cf316ce0a9c19a6a8401f21fa7262440094ec83d870668c5bb42c18","first_seen":"2026-04-01T15:54:30.825557Z","last_seen":"2026-04-09T02:31:40.963117Z","times_seen":3,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/css2.css","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/app-997d7e3f8d8c4667862915bc56a5d1dd.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\netag: W/\"69cd304b-d7e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gPc6nqFDIQVlfPtGI7l8cHvpWQ5ScWgxDxiykmtmeZhwwv1%2B0if9vMyeGuGjKwjhgXEME6bQPcgiiPWwQ%2BvqmnyQWvQWZC9e0qabS%2BZd1JTGJ06Xzsc%2BGQhqcctU0tFGJOA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9e96152f2f5056c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3454,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"0073ce0e62dd5879bcc6393e3d161ba4","sha1":"e7ffd2f9a633324945f10e455b744569362c9cac","sha256":"d195acadaf5bc2da4143dff83b31808baf1590aa2d2d4c6993ac51cc318a2c8b","sha512":"7581ee6ed87678360cf4a5ffd7adb5e0ccf5265ecdb73fd53ef164f98c3a913f5e8279ffbfdc91eba8356ce99a9abd6dc64b325a75dba9ae86a249ba47ff2ef5","ssdeep":"","tlshash":"9b61c88440ab6400e7471cc92bcf7f266d9cb590b005ca396fff1868acabc256365b5d","first_seen":"2026-04-09T02:29:39.828443Z","last_seen":"2026-04-09T02:31:40.96895Z","times_seen":2,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":234,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-09T02:29:11.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 09 Apr 2026 02:29:11 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZEX%2BfgfT9zUPlriLACvVm%2FqPv%2FYsHpyEzdUEcVGlY9lA1%2Fnamo4sxDxBiR%2F3%2BH%2BY0%2FLQeBieUfOa7RjGPANnz00bKNg1KVwIXMnBkfa7nnkb3avwskE2pUXSopHniinHAEw%3D\"}]}\r\nage: 455273\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9e96152d1f64c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26851,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (10806)","md5":"fa6ba800470fc77cca1d2719617828d9","sha1":"dcf87529c07b66268d45d169e3662a46a6660a26","sha256":"5f1041684c92bbcd76a79ec96a2042bfa48728187807e6473857332fc350c64b","sha512":"587c1cf795e894ee301f9ebe0f84d8dca2e5efe3b8d40ef46904503e6931a274f2590ffe4765126bdaa8f2008fafbd44cd4f18791f153f61a4964e5b9064ef6c","ssdeep":"384:RvMmaeJExiUSZXEP8kICoy/Lsrwcc3fCMkAozoCm7ZLC:5weJExLoy/Ls8cc3fC9vzoCkZLC","tlshash":"2dc2a5a4ebc304375a0bf93a1d85a7f86714cc1361975cdeba1c13e97f48fa8c19aa44","first_seen":"2026-04-09T02:29:39.831252Z","last_seen":"2026-04-09T02:31:40.958204Z","times_seen":2,"resource_available":true,"data":null}},"time_used":124,"timings":{"blocked":57,"dns":43,"connect":1,"send":0,"wait":9,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/favicon.ico","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: image/x-icon\r\npriority: u=6,i=?0\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\nage: 0\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\netag: W/\"69cd304b-a8d72\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UAC0%2FgP7jIR7WhGGT%2F5dLCNlHXA23be36%2BHfKVzQDqAPfyOVTkGABLuCwy%2FBlnJyC07Yz5vqize5Pn9l%2FC5Mv7xZZRCM2HjJWalIfVmUJvc0fkg4MAhhgf3WVZZDj7FCHn8%3D\"}]}\r\ncf-ray: 9e9615339f5d56c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":691570,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"212fa81dc54dfae6f322e0b07ee753ac","sha1":"5634621a8d7b7ea3e169bb5c542a7f3a1e76245b","sha256":"80fb776361953fd459523ffcb54e1bc39c6597716d45aab379431b2cd01c0924","sha512":"a9733c42a168866785d9f8be5dd21a4ca8ad18f69bc36b4c6d90dd7dda5483b9267286f406c33c33dc7995edd9d2e2135e334056cc0735d7dfc9de03203cf1e8","ssdeep":"12288:84TYbO9MFnu6+Mg6Yowmef0HniPwFNKfsdtXbv+cr/T6R4AqgjwOJ2:FS+Onu6+h6YowmU0C2w0dVbr/T6R4AqJ","tlshash":"02e4239fefcb75553689a38cad4884e2f1edc93a330012bc14617d24ccd649bdb26769","first_seen":"2026-04-01T15:54:30.793302Z","last_seen":"2026-04-09T02:31:40.951567Z","times_seen":3,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/app-997d7e3f8d8c4667862915bc56a5d1dd.css","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /app-997d7e3f8d8c4667862915bc56a5d1dd.css HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: text/css\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\netag: W/\"69cd304b-2ffe\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=posrQz8LkREKgh%2Bp5Tl8s5zycqdM87oCfBEPc7O3UnexxRr4qeGW7CQTSggRZGClmTRajMDvn3YANyaYm9%2BBk9D7bE6s5lAn4bKAKI2NG9NDQhtcwQ8FXyf4dwhKHayNp%2F0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9e96152dff4456c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12286,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (12261)","md5":"29f6d1ea50aed379e00550fb8bea4098","sha1":"709d57aa8263b37838155b62e57cc6fd5304c52e","sha256":"0f2a94f23e047f44334c2b3b08bd1c72a05f3e810dd820265fbb315630784abe","sha512":"fd7155bd13d984325278900f82c469e57e323a4c42bf615766b03e5fa207974281186f8d030d0ad49ee380604ab660501a8b1036887929643078dbd4a018092a","ssdeep":"192:jifTA+vE/UpOBhPeQOD7JXSckMXPL/VSM:WfMWLn5/jV","tlshash":"7b42971f6b00002e7c53ccfba5a4f9d8711571c2de69e7f6e8536920dbca2e21da3248","first_seen":"2026-04-01T15:54:30.781323Z","last_seen":"2026-04-09T02:31:40.970875Z","times_seen":3,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":179,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/wallet.svg","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /wallet.svg HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69cd304b-111\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qXRrJNsd%2Ff2i4EA9T97NUbeOeR91CoEgJvWjzcb6r2psMIXIRwVYw%2BISmgy4re3epaxos4kU%2Be6mA9Ztq0rcRVZvF5kWA42U5AqnyTGLY5wEU60kcQ2YqgmrvPwT7zU8WOM%3D\"}]}\r\ncf-ray: 9e96152dff4756c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":273,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5bf0bf189d98f2dbc348dcbfa3d21fe0","sha1":"2756eac57b9254c5f0a085a35a1bd9b03e338e4d","sha256":"2b832a05e97355df95cea4b60128928c23db431025b1e9ce5f3673606f23a081","sha512":"c5ef681e45f8be2ec2847595e17fa35460e533c962760ee9fa37e231e0989b9a75a42879b56959a4eba27507c518030f6d3aab015f984ab48caf5bf848279733","ssdeep":"","tlshash":"90d05e39db9c95ed5917c9146a6f9226936ff0a5307902b8dcad9168280a866e017314","first_seen":"2026-04-01T15:54:30.787268Z","last_seen":"2026-04-09T02:31:40.967969Z","times_seen":3,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":234,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/x.svg","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /x.svg HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69cd304b-fe\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s3P5CAdzIEWwfU3YcwZKVtnZ2by8XbU1fsIa53YkbbYxjNv8cpM7UI1tJBHs75HU9DhFYsmmXSLJwSe6vZn12Lohj154kJuTyrlOdzLjlfANeZNSmX0q20jh0fNck5%2B3Lts%3D\"}]}\r\ncf-ray: 9e96152dff4856c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":254,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"991ba7e058e526aa3c484c09e0cdb02b","sha1":"ea1ce86c8ed9e639fbbb046182dae0814d639d04","sha256":"a778e19000c34ef30f5b313f84f258bc0a77424c03188b5e1bc3d8ca36ec79a2","sha512":"989debbd382b7f60af766210baafc1c3a6f3925fd7f39442fe1922c8deced34a63f5c2443c71df30f2b9929fb817754d37ff79c7c6e987f144f80ceb21731dcf","ssdeep":"","tlshash":"72d095c1574c59508807cf10ed547745127b30d000cd41cbeffcf77e955048d5904934","first_seen":"2026-01-09T21:58:50.330389Z","last_seen":"2026-04-09T02:31:40.955986Z","times_seen":5,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.593Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /-F63fjptAgt5VM-kVkqdyU8n1i8q1w.woff2 HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/css2.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: text/html\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FlUFohGD4B0mcjuQC8LoPyQS7AJT7lGMuoMDqsFPEPtRblU3ZYxtGfNCdYAj7lW84wgyYM3VgzO7kPjLq15TNBpY8%2BsXtHulLUjbfRutMzQmg85NEvAd5QY4UYRnvlHpZOg%3D\"}]}\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\ncf-ray: 9e961531bf5656c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26851,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (10806)","md5":"fa6ba800470fc77cca1d2719617828d9","sha1":"dcf87529c07b66268d45d169e3662a46a6660a26","sha256":"5f1041684c92bbcd76a79ec96a2042bfa48728187807e6473857332fc350c64b","sha512":"587c1cf795e894ee301f9ebe0f84d8dca2e5efe3b8d40ef46904503e6931a274f2590ffe4765126bdaa8f2008fafbd44cd4f18791f153f61a4964e5b9064ef6c","ssdeep":"384:RvMmaeJExiUSZXEP8kICoy/Lsrwcc3fCMkAozoCm7ZLC:5weJExLoy/Ls8cc3fC9vzoCkZLC","tlshash":"2dc2a5a4ebc304375a0bf93a1d85a7f86714cc1361975cdeba1c13e97f48fa8c19aa44","first_seen":"2026-04-09T02:29:39.831252Z","last_seen":"2026-04-09T02:31:40.958204Z","times_seen":2,"resource_available":true,"data":null}},"time_used":192,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":192,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/secureproxy?e=jscdn/getFile","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://alignelayer.xyz/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://alignelayer.xyz\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"5krfatanlqisclqx3ul3\"}"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:, frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RBeSVLxZlRc8%2FU4xBFs50U8H8V6auKHh9M8m3%2F3lqdMtptVH2E47OY4tSvl%2BAGfNlHM7QN449lzMOATIiDSHu8pcmOx6NgikPo2noA98hdY5DgaCef1lnbLbn%2FtxxaOKd%2BtK7tc%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\npriority: u=4,i=?0\r\ncf-ray: 9e961531ef5756c6-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4791132,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"7fe05e76434162c55defc67d618cf307","sha1":"8083cc5f2ac3b3a0d20e5ebe5cdebbd78621c768","sha256":"1ff71f2b7a31ac3ab71ea4eb3f81c678acca8b54282364f650e517ed448e046c","sha512":"0826ab51c37cfc2a4662b364366964379144112e0dd29a7641ba65f7a016ff9e02eab48ae01146cae3e742f144fefa569eca1f4ae06f1f567a8b1e71543f1807","ssdeep":"24576:V03b/YWmLkwsOukzMSPbg+lsVo5/Cr0OSzcfUjel7M0RjUIq:+GkwdNZngkO5ji","tlshash":"562523e35f67942c8f5c0eed705b2c0f68411d421444eaf6eaa5e4c73aacbb041eb979","first_seen":"2026-04-09T02:29:39.84251Z","last_seen":"2026-04-09T02:31:40.961212Z","times_seen":2,"resource_available":false,"data":null}},"time_used":817,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":330,"receive":486,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/bundle-i2pzz0pbdh.min.js","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /bundle-i2pzz0pbdh.min.js HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: application/javascript\r\ncast-mode: default\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\netag: W/\"69cd304b-15e2d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\npriority: u=2,i=?0\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t3RD6RZGto5NFI8N3eJ8kD3BvLKfZMG9dy7kqLgdyvvO2DEoxKHYhS65CsRJxJgZ5hSWj5WM2EXqj5Rj7W2Ly9b9HtqTcp47OOw1O%2FRETkJcd1yeN4aqEcrYMmDQQjY%2FazA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9e96152dff4556c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89645,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f43da52e3162b82124f8235f24db50ef","sha1":"d3cab3231986645d9ba9f04c219ea7bde22a4065","sha256":"0757b7384812cdd336ad4e19a77822e3925cb0ba7d99133095393e6963084174","sha512":"b959fe3c52ad20688786ed0138f1c9ec6e28314f0f2b1bb4851651084fe943e46cf84c2e0698939b2240aeb9637d58acaa23c20c0cf4c40680dfb3a5039643e5","ssdeep":"768:uhC9Fc4FBkDBkvdEJmh9suS5QnG5Oq2fhcoa2xT9p8AFW90Fi5LQ6icfrFW9Sbiw:PA4Pau8qG5F2fL7oBbOwEi","tlshash":"a9934eda590ae4d68e1124ddc437f848e0684963cdadf1a3ba2cddc6b45ef62c44723b","first_seen":"2026-04-09T02:29:39.844554Z","last_seen":"2026-04-09T02:31:40.966775Z","times_seen":2,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":235,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"alignelayer.xyz/favicon.ico","fqdn":"alignelayer.xyz","domain":"alignelayer.xyz","tld":"xyz"},"ip":{"addr":"172.67.174.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://alignelayer.xyz/","date":"2026-04-09T02:29:12.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alignelayer.xyz","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 01 Apr 2026 14:09:05 GMT","end":"Tue, 30 Jun 2026 14:09:04 GMT"},"fingerprint":{"sha1":"8B:3B:B0:EA:3C:82:F2:E4:F1:CA:DF:BE:58:DD:6B:9D:43:0D:44:E5","sha256":"87:1B:B7:14:40:2D:1B:D2:80:FE:87:DA:E2:07:80:4D:98:3A:77:07:C2:B9:11:CE:18:AF:96:D9:BC:9B:29:2D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: alignelayer.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://alignelayer.xyz/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Thu, 09 Apr 2026 02:29:12 GMT\r\ncontent-type: image/x-icon\r\npriority: u=4,i=?0\r\nlast-modified: Wed, 01 Apr 2026 14:48:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\ncontent-security-policy: frame-ancestors http: https:\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\netag: W/\"69cd304b-a8d72\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zFK0xzwSuOBMHfZ2zhfa1hZUq529jZ2HyOKE9Yhgd1hDcMywkIiDUG2f8T0GLB0hcLQjb1PpgkmMk23vJ8c93XtEiqIcR9EKfQk4Mp7PWDkvOSMEBtgweNdwHuTCjsiBPQY%3D\"}]}\r\ncf-ray: 9e96152dff4656c6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":691570,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1200 x 1200, 8-bit/color RGBA, non-interlaced","md5":"212fa81dc54dfae6f322e0b07ee753ac","sha1":"5634621a8d7b7ea3e169bb5c542a7f3a1e76245b","sha256":"80fb776361953fd459523ffcb54e1bc39c6597716d45aab379431b2cd01c0924","sha512":"a9733c42a168866785d9f8be5dd21a4ca8ad18f69bc36b4c6d90dd7dda5483b9267286f406c33c33dc7995edd9d2e2135e334056cc0735d7dfc9de03203cf1e8","ssdeep":"12288:84TYbO9MFnu6+Mg6Yowmef0HniPwFNKfsdtXbv+cr/T6R4AqgjwOJ2:FS+Onu6+h6YowmU0C2w0dVbr/T6R4AqJ","tlshash":"02e4239fefcb75553689a38cad4884e2f1edc93a330012bc14617d24ccd649bdb26769","first_seen":"2026-04-01T15:54:30.793302Z","last_seen":"2026-04-09T02:31:40.951567Z","times_seen":3,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":166,"receive":161,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-09","alert":"Sinkholed","trigger":"alignelayer.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}