{"report_id":"b3b85a95-363e-4a58-a4e0-982b82f58d1f","version":6,"status":"done","tags":[],"date":"2026-04-21T03:52:10Z","url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":0,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"final":{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"title":"Home | Swap","dom":{"size":27251,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (673)","md5":"c7d8a95decb39505648a56259c2bd437","sha1":"897e175431098d184eb3f2c1948eb75cdc75eeaa","sha256":"de61e4d889633b8c65da03983e528fc0376590b9e3fd0b32f0c84af60e848826","sha512":"cb5a5be0c8f22e8136e60b772bce602bc421d918051992e996badc54722438b6b331bf036ecd11426ca5db73404b819106dbaf9ea40da32a03f933b3a53fbb2c","ssdeep":"768:G0Ri8iPHwAv5gJ6s6s6sAs6s6hQ09U7QABCzbde8LQgOlONDZ:2wEWUXXLXXhQ09U7QAGe8LelwZ","tlshash":"6ac2722050f1163b02a3a0c479662b1f7e82e607e60b5a1477fc4bda5fdbd4adc37289","dom_hash":"domhash3d2d545a7f550181ccfce33657871bb0","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":0,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-26T03:52:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-04-21T03:51:47Z","timestamp":1776743507,"ip_dst":{"addr":"Client IP","port":49764,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 8","source":"{\"timestamp\":\"2026-04-21T03:51:47.121207+0000\",\"flow_id\":1148130461710573,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"62.60.226.89\",\"src_port\":443,\"dest_ip\":\"172.18.0.23\",\"dest_port\":49764,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400007,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 8\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2026-04-21T03:51:47.096493+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"api.binance.com","ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2017-04-01","domain_rank":543119,"first_seen":"2017-12-19T18:31:49Z","last_seen":"2026-04-16T14:12:22.315715Z","alert_count":0,"request_count":14,"received_data":53558,"sent_data":7148,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-04-19T22:33:42.593215Z","alert_count":0,"request_count":11,"received_data":716652,"sent_data":5228,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-19T22:16:46.237507Z","alert_count":0,"request_count":4,"received_data":45181,"sent_data":2275,"comment":"","tags":null,"fingerprints":null},{"fqdn":"referral-link-it32gkmz3i1dm26.com","ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"domain_registered":"2026-03-02","domain_rank":0,"first_seen":"2026-03-03T05:03:32.139408Z","last_seen":"2026-03-03T05:03:32.139408Z","alert_count":33,"request_count":33,"received_data":8032810,"sent_data":17224,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"decimal.js:10.4.3","description":"","website":"https://mikemcl.github.io/decimal.js/","common_platform_enumeration":"","icon":"decimal.js.png","categories":["JavaScript libraries"]},{"name":"Bootstrap:5.2.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Chart.js:4.2.1","description":"Chart.js is an open-source JavaScript library that allows you to draw different types of charts by using the HTML5 canvas element.","website":"https://www.chartjs.org","common_platform_enumeration":"","icon":"Chart.js.svg","categories":["JavaScript graphics"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/dayjs/1.11.7/dayjs.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc50c4b32f73acd0ca4a31e0b94418b6","sha1":"4cd4b7159ca9e1de084a7d1ede12ad51a5d4651f","sha256":"11f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f","sha512":"85c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00","ssdeep":"192:+85zla0PpG7zCEttDgtXoeG7yag4roHGq:+85zla8MzCEzDgtXoXhfrYt","tlshash":"c5d1418ab282f5161793a174442f410af26f59aa7c5f85acf53ac8c36c7884ed13bf74","size":6670,"data":"","first_seen":"2023-03-10T08:34:01Z","last_seen":"2026-04-21T04:54:46.230664Z","times_seen":312,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/js/deposits.js?v=1776743507201","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"1aed1e282723bc7b4400d008812b061e","sha1":"c578099253b862879ac1e5e4438b985f59de6224","sha256":"dd96159d0b2019435cc4b28deea1ae4a2722ee29818802fda0b19a025ae458b3","sha512":"2666657fb28a7defe5007863545a86942a6c54612357bdc875759fe984274b7dd741f1dc4b05a0c7e63c9bc814a5cbfdfb60d863aba1f8a96505dff85db7332e","ssdeep":"96:Hh+RVyU5amgsV4ViWz91/iJ/MZt/xnugHiXVP6yZ1zg4GkwUiMcLZQi1inBOgVzP:HhQf5a0mVrz9Ni1MZHkL64fu4BOwP","tlshash":"5cf1dc6103626262ca313ba48e2f411ef62653e7f646418f3b7cc5910fb44b1c5f6eae","size":7823,"data":"","first_seen":"2024-12-05T13:56:54.254357Z","last_seen":"2026-04-21T04:54:46.234951Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"cf2fbbf84281d9ecbffb4993203d543b","sha1":"832a6a4e86daf38b1975d705c5de5d9e5f5844bc","sha256":"a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575","sha512":"493a1fe319b5c2091f9bb85e5aa149567e7c1e6dc4b52df55c569a81a6bc54c45e097024427259fa3132f0f082fe24f5f1d172f7959c131347153a8bca9ef679","ssdeep":"1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL","tlshash":"4c9318ddb2c6b06247a770ba407f610ff236199d684d4400f169d8e9bc78a4a827bf7d","size":89947,"data":"","first_seen":"2023-03-10T04:24:46Z","last_seen":"2026-04-21T09:32:24.516972Z","times_seen":23924,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d2b0d31f74e62440ea1a557f126d0c64","sha1":"5c8f6cb983397deb65673b961a8657cfd6113ad9","sha256":"c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00","sha512":"04eb2f29b2dbd1d075215a6538bf69b54d44600f8bb8228496e656454606ef7871a8d054f3924120184f1b085097b3badf72ad92332ff25bf165c58ff8ddd5df","ssdeep":"1536:84lMTGR2t4n+3ifBHJR9WbUHk3j8YY+PwRM3CjcI4BqQM6kF:X4Fj8GPwRM3CAI4Bt8","tlshash":"2773c6593254b4770ade45b68037420bf2265d98b24b802cb5bcadde2a7dc863277f7c","size":80496,"data":"","first_seen":"2023-03-08T14:58:09Z","last_seen":"2026-04-21T04:54:46.265656Z","times_seen":2321,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/noty/3.1.4/noty.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"44551b35d233855f76a793174b8119bf","sha1":"cd108177fb0e149c6983423810e523e52d474571","sha256":"213c0bb47e6e1785255a367499d1ce84fc03a4ba2ac737c50995e7d70139e8fb","sha512":"94eae6f45813d4b28e251517177b69e9068ca2b25fb548e8c0e5a20dc1b918567fabbba4a1fd7d5741cac7f196cd709db7dcd88eedff2a104d7422f32bc6fdd1","ssdeep":"384:kcZ4t7IxkVYfpD41F7B5PawjvhiBBML8uSjNQRM7K8RdcvWi11HGRCPHX/xke9m:A7Amq4H7BIwj5YH4LMCb9m","tlshash":"82d2e78db2a172f203e79076507f620fb131b930144a4494b27eebd17d749aea263f79","size":30991,"data":"","first_seen":"2023-03-08T08:52:42Z","last_seen":"2026-04-21T05:00:52.038105Z","times_seen":305,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"623e86c043816d677da005514d619abe","sha1":"e04049d253da3e1e913c93a74b2491ff13be6bf7","sha256":"0f5bb69dd48478a0686c959677dda5881d8247509e331c92f1c96659fddde7e5","sha512":"2765e0818b40bb4965889c88fa699081b478724c0a065c57dcaa12a86f6046e19e0f05eecf84e23a350e5cda514c811ed41e94159083c3b51768e426968e3bdb","ssdeep":"","tlshash":"be01f9a959a20f72059f6631375682883930c0072344ed093b7d44656fedf6ab8f7966","size":722,"data":"","first_seen":"2024-12-05T13:56:54.250505Z","last_seen":"2026-04-21T04:54:46.274225Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"e239fab7674e40527767f2ad175e5df6","sha1":"9a6ebb1c326a10f74d2451a34063d84e3db89cb7","sha256":"99ef71b5d506c0da6754f480586227aebea521e1b7fae087fa731c6a401f54df","sha512":"a37765747fc61aa85dc2a92720200bd0a13f9b4f294190adfd06bda443bd4b3eb939b9edaf0e2b8386de5a0abcdbaf9d8f39d4496da8aeb73a27dc6bef309b1a","ssdeep":"","tlshash":"cd31bdc7703017258d9f34485d8f31392104b24f9765d9e8b90caead9f16a1c76b5bca","size":1683,"data":"","first_seen":"2025-09-22T11:43:04.267942Z","last_seen":"2026-04-21T04:54:46.274856Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f416f9031fef25ae25ba9756e3eb6978","sha1":"e2a600e433df72b4cfde93d7880e3114917a3cbe","sha256":"a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d","sha512":"6cfb3b01eea956f84e4a221cc940a547bfead8e02c462a2fc38bc0917fb325bc374a101e7aa7b3ab9d11208708511abb39adb4ad6da7daaf9fc9704d714f65af","ssdeep":"768:UCI7dmuMFAAJG4dlQKNORpnXGAtep2lcwJeL+wr2RSGc7UuHjRUQuFBt33:PITMFC4dbMVRSGcgRDV","tlshash":"e7137346b3202d2a869b61a0663f160bb23a241ce414547d7d79e6de6d7dc8c213ffbc","size":44342,"data":"","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-21T09:32:24.520727Z","times_seen":50704,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/js/common.js?v=1776743507201","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":false,"md5":"cc8db1f56ca6eebe8e29717c7ddd8e17","sha1":"68b47d175ebbefe907364b2b8dab0d3ad5fc1e3b","sha256":"047801fa1b412e031f88038ab341766471c184e5a3fb3ff2477b57034901df05","sha512":"4851ace7fa553b12d749ec17c587a53bef7d3249da46a27ec1d14371f76031088239e9d8136ed271231b853947ebe69002586ad0a08e58e657acad1433478f59","ssdeep":"","tlshash":"9ff0527b600e3272a233bfb8d6959482eb96323711822a05789d61122fb082527f4fdc","size":603,"data":"","first_seen":"2024-12-05T13:56:54.252429Z","last_seen":"2026-04-21T04:54:46.261593Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/decimal.js/10.4.3/decimal.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"277304477526834eaf918ca7d9d9e049","sha1":"85f9e74dd02132f079aa24ebbe6d6617e0fbfc9b","sha256":"efbb6ddf6344490bf0ff9e5a80d784a4afec43934b120f6989e17876a7ece475","sha512":"596cc2643419db71ae3d528fa30046085e8c8680356b3f22264fc68e1d9ae52de379e344bca2478063ccc83a1f794b5c39e1de23701bb0f15420b5877e844ff3","ssdeep":"768:4DL32yF2iFFGBUb6cLgs5M4kSzIevAABUOnwu6uJ10oN9P/CvLf:4DL3qqGC6onJkkvAnEp9+","tlshash":"52e2e8e532b2f0c663e328f140ff4487a23a6d55994d11b4e2089af57cb16c9b23af75","size":31896,"data":"","first_seen":"2024-08-19T13:20:56.622688Z","last_seen":"2026-04-21T04:54:46.23443Z","times_seen":20,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/Chart.js/4.2.1/chart.umd.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"623f1081a8fa5cd9b0f5045967440d7a","sha1":"ed4bb46ade5b56bbbd57264da5883b21bd93ea97","sha256":"90957a40588ebd829b4567617cd13007638a276c35cbef1a1fb9811921f2f266","sha512":"bc251b7a3b52f8771662d0c7445d93e41d012b0546fc22deb9ec39b93d80897e1227659f7f9dbe91f80e36fb5d013aa4a90302f587b92be4ddd0e4dacfe3fb73","ssdeep":"6144:OyxLOWFKRwOtibhQGveXE2FjPi9DReTRYsTUm6W0Vk0jAKyjqNI:pHKRwOUbhQGveXE2FjKreTRYsTUmp0WR","tlshash":"7b14f5d53342b12282d256d6583a050ae3366648354789acf2bc5ddf3c6a98b71fff38","size":203190,"data":"","first_seen":"2023-10-20T12:18:54Z","last_seen":"2026-04-21T04:54:46.256129Z","times_seen":21,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"introduction_type":"scriptElement","is_inline":true,"md5":"39de155e42baa88445d42cfb177a6d7d","sha1":"03861011387360b5b30fa806b4470fa38a5cc5f1","sha256":"949ba98a7b01d41c3a886904a7390a0081065b672f5df0f4c6163ba8e779fd47","sha512":"d5fa22b1a09453c19c149a4f41d06bf3446d03e463b98da5b3af74afafde8ed9583d76d166246d189222a0dc3442fa803e03ab05ce7c621e1d59cdecc98a46ce","ssdeep":"","tlshash":"e1318019a971003a6427b0ef851f434aa1b1524b3ca9fd243d4c44485f5e93db5fd7d5","size":1636,"data":"","first_seen":"2025-09-22T11:43:04.269816Z","last_seen":"2026-04-21T04:54:46.275416Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/world.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/world.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 133899\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:11 GMT\r\netag: W/\"20b0b-19d2f861be8\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":133899,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"4b54bd4445866ff462204373b5d9333f","sha1":"2a487dc71038ca13f0dea7beffeeb498826a093f","sha256":"0813dd0dfd5a3fdd39d11a8159d9bbfa18f0e998653c9118e54e88e99be01f7b","sha512":"54ae268e284164318d4b5c08186e233a1669417da507c7bf1f6062a18231971bb81fc1c64303585b7456f8cd543e4821116b9770dcca0469536d9dda1fd733ca","ssdeep":"3072:Au0UVpK0dDJ0ySflJBVIOHcYnhBFKkfWgOzpq7g5uVt3UE:Au0UdDJ0ySf3rIJenQGWgOzX5i","tlshash":"7cd312c5bcbfece93d5932532ad0cff2e5407eee685020d4f884d8697ea14e855029d8","first_seen":"2025-09-22T11:43:04.240287Z","last_seen":"2026-04-21T04:54:46.271046Z","times_seen":12,"resource_available":false,"data":null}},"time_used":235,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/ltc.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.516Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/ltc.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 489\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 13 Jan 2023 10:03:24 GMT\r\netag: W/\"1e9-185aa9585e0\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":489,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6046cca14ef5741d48469675250f8d1a","sha1":"e5d3cb531aa29112387e94a9d68a1ea583576c8b","sha256":"20dd004b22b76d98151807b3ca99196f84edf24cc5d66c33e3aaabfd9ada6d19","sha512":"e4153f5893945f12cf4bcb8b0a66e1b360fcbdd62be00058ec3e6d32452e3aaed2913e3328ca99a3067acb5ed5964df60796b7e56199dfb316790bc413877b31","ssdeep":"","tlshash":"f6f0d47bdb50ce2ddb50472cc0c2b50210704542f1c24294ef97012cf80b8b3747c9c2","first_seen":"2023-07-06T20:31:16Z","last_seen":"2026-04-21T09:14:59.26337Z","times_seen":714,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=MATICUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=MATICUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 272\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: e34e0c6c-3b10-4405-a661-a8c05a02b5eb\r\nx-mbx-used-weight: 24\r\nx-mbx-used-weight-1m: 24\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: YBU_Yx7unREio0zQFmaGDgd8Vb4PMqZFIOjpWo55Fj2qKNCLDSK1DQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":522,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"0d88ffea12d913c8ae3c68482bb62c4f","sha1":"e0fc20f35b24891d8a8ce55f80f87b83173aae9d","sha256":"7e6adcabe99d0580fa5e310fc830e5defcc66ca63b2e26cee03f780e2219c4cd","sha512":"8162f31c1e1d730afc3f9083e2b21421a1250b57aa20386f296e9e2e529b50c0c762a69e9dab14168dac8040a4b38963510004e679ff589bcb6060d38bd6d4bb","ssdeep":"","tlshash":"1cf0e5e2875c5d84d1bd9f89c749753150c9f19b87e88f2526fd9eb401b973fa005304","first_seen":"2026-04-21T03:52:29.69079Z","last_seen":"2026-04-21T03:52:29.69079Z","times_seen":1,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":156,"connect":12,"send":0,"wait":240,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/log-balance-error","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:49.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"POST /log-balance-error HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nContent-Type: text/plain\r\nContent-Length: 324\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":324,"data":"findDeposits@https://referral-link-it32gkmz3i1dm26.com/default/js/deposits.js?v=1776743507201:109:31\nasync*@https://referral-link-it32gkmz3i1dm26.com/default/js/deposits.js?v=1776743507201:215:5\nEventListener.handleEvent*@https://referral-link-it32gkmz3i1dm26.com/default/js/deposits.js?v=1776743507201:214:8\n\nCurrency: data"}},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:49 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 63\r\nx-powered-by: Express\r\netag: W/\"3f-LhX6B4QvXHerUks6uf3oEe2K/pg\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":63,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fcdf5e66ca7c6a2a9323f32bdbd2fa9f","sha1":"2e15fa07842f5c77ab524b3ab9fde811ed8afe98","sha256":"dab3a762fc87b626377248b86f985a84715ac8de3ffc0780259d05a8793e69f3","sha512":"cf69b9becb0d1d587d533d8b8882c881322bfad549284537e7b4ba06a13353cf84d90946ab201113710369bc3024706c70bf5fed0cccc05b082d224a8202e8e5","ssdeep":"","tlshash":"80a0025d770669791a1112c561546684778414869584a519c04bb61c96a24a470bb519","first_seen":"2024-12-05T13:56:54.226135Z","last_seen":"2026-04-21T04:54:46.238578Z","times_seen":13,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/noty/3.1.4/noty.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/noty/3.1.4/noty.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 8333\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03f2b-790f\"\r\nlast-modified: Mon, 04 May 2020 16:13:31 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 71634\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MluaucdPQoixR4ESmAJItc7h450WGI6WT0oF7N3938R4GsxBDqw%2FaYAVkpYnRRezqRvBKrOH95ylE3u683L%2FRO9x6Uu%2FkC4rUMQevndUt7aeDB2xMEb3QVWjy00AethyqtU2gCRr\"}]}\r\ncf-ray: 9ef96eaa1b97c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":30991,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15477), with CRLF, LF line terminators","md5":"44551b35d233855f76a793174b8119bf","sha1":"cd108177fb0e149c6983423810e523e52d474571","sha256":"213c0bb47e6e1785255a367499d1ce84fc03a4ba2ac737c50995e7d70139e8fb","sha512":"94eae6f45813d4b28e251517177b69e9068ca2b25fb548e8c0e5a20dc1b918567fabbba4a1fd7d5741cac7f196cd709db7dcd88eedff2a104d7422f32bc6fdd1","ssdeep":"384:kcZ4t7IxkVYfpD41F7B5PawjvhiBBML8uSjNQRM7K8RdcvWi11HGRCPHX/xke9m:A7Amq4H7BIwj5YH4LMCb9m","tlshash":"82d2e78db2a172f203e79076507f620fb131b930144a4494b27eebd17d749aea263f79","first_seen":"2023-03-08T08:52:42Z","last_seen":"2026-04-21T05:00:52.038105Z","times_seen":305,"resource_available":true,"data":null}},"time_used":113,"timings":{"blocked":43,"dns":1,"connect":4,"send":0,"wait":11,"receive":1,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/fontawesome/css/all.css","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /fontawesome/css/all.css HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 633150\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 15 Mar 2022 11:09:46 GMT\r\netag: W/\"9a93e-17f8d450890\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":633150,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"troff or preprocessor input, ASCII text","md5":"1ff63499185dedb5429301823e008e3f","sha1":"8f518c61f9eec21f8926b74f12d931c475ff8167","sha256":"7391e8a2054fe1326d745c473e3ffa1bd5934538b3b439acf5bef0ef7f5dd40d","sha512":"37073bf7155a436a9ba758b0f1786748fd4ea6c486c6fd82d5f7e8fffa9581f9b05d6a103b23668e197f94e8dcf82aa395bce0a4a4ce7d602a406d025d2a71d4","ssdeep":"3072:ImB7WmeFmGXkavME2KUPQl+P2jqw7OyQ8+YoinX3pjXiZ2xNn+FVPuuqHYGmZyPM:9kmqFIVhqHYGTPEh","tlshash":"d0d497ea50fd31988342b19e1503f1a0f375b32e9c474d5991e52ddea9f2b0ca092bde","first_seen":"2023-04-09T10:20:30Z","last_seen":"2026-04-21T04:54:46.239646Z","times_seen":23,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":212,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/eth.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/eth.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 940\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 17 Mar 2023 13:39:00 GMT\r\netag: W/\"3ac-186efcb8d20\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":940,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a7267a2910cae4c1494d2eca7568b74d","sha1":"45905647a40bf1c8c30b8bcac1aa594c41bc6897","sha256":"5d92f1d69ccfd2f636d606953cbb59c62fcdfcab22ea196ab9261e8421d8d21c","sha512":"72524fbc50b373a8a51075b61d2fa91d074a1fb350b896feccee44c788babe84198af7243827771d4bf56db1a3328d0bd18280931c9a85eda947ec2d204a7c08","ssdeep":"","tlshash":"4711b14c0b982cab53a187e0973c8fd3abf1a0d6ea3544f881f73c3fd21d8451584a96","first_seen":"2025-06-30T11:56:11.874318Z","last_seen":"2026-04-21T04:54:46.265113Z","times_seen":19,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/trx.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/trx.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1145\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 28 Sep 2023 11:43:28 GMT\r\netag: W/\"479-18adb99db00\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1145,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3706d41d4254ba7f6cbfc7e1c061fdd4","sha1":"2f4be0bb2b907c48a3c5271a6b57451737d7cc10","sha256":"e6e66b7cc8927754f97f1e97b632ab54a5394541707b86a291cd62ddb5057550","sha512":"90ced6e61e6a90f5303d298365dd27c96bdae91296c33ccfd78f3aeacc4caa7b226a2c7b028fdc6b2476dba6d312ed86c6201513a9a9b29d1770193b80438109","ssdeep":"","tlshash":"5f21ee6d4604dfbeed00869d4a786a86737245d7d691e8e8cdea583fe82c8c25248b4c","first_seen":"2025-06-30T11:56:11.90153Z","last_seen":"2026-04-21T04:54:46.225749Z","times_seen":19,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=BTCUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=BTCUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1946\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: 5dfdb6a3-3731-413b-8b3b-0655d4bf410d\r\nx-mbx-used-weight: 10\r\nx-mbx-used-weight-1m: 10\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: C_5kIn1BzDTy-rovEZOaRz7UFbHAzt60GXNd4cQpMjyu42rUwClIkw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5576,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"a99012c54c6b08fef63c4bb8525db28d","sha1":"27d25fb5e3b947add2ba53b19ac90d67d431bd2b","sha256":"5fa4b8a75b118a6d3d96d9defa7be70089946ffa81c47a0590c0e1ac92d57430","sha512":"1f36893c66a97ce4160d9aa4dd891e347ebdcfe2f5798749d524a00b4add113dda30f4b81bd98e49467934819f9f404bb17316d221e0835cd5ec4fbbecd4baac","ssdeep":"96:RZbRqM4MtLwxZ2hT99ukZLM5Z5n0zEA3mx3ys6WNyl:RIMtWG910PisVM","tlshash":"e5b1cb9107e4d760ff3a4a192be6f8912a6a706faeca0dc099d1263718e12b3570c745","first_seen":"2026-04-21T03:52:29.703438Z","last_seen":"2026-04-21T03:52:29.703438Z","times_seen":1,"resource_available":false,"data":null}},"time_used":418,"timings":{"blocked":175,"dns":0,"connect":0,"send":0,"wait":243,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/matic.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/matic.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 2233\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Sat, 21 Jan 2023 15:13:10 GMT\r\netag: W/\"8b9-185d4e3ff70\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2233,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"959df4dc7f590de065543ca9cf1ecb47","sha1":"0100b02b15d747ccae80f7eb6307894e2c19144a","sha256":"d43a1f8978ce00d6d42add81f197e016b1c7bd601122323803794f839c2d747a","sha512":"340e507c10a3d7281a692d28b4a5df3fbbfe1fb4978ed4e34103c61b6d8496e098903fd514103bec59b986b03879b5506c30f470c81c3c95372c6fb033e7e807","ssdeep":"","tlshash":"21411368d1cc1a76d4231264c1b6bce41177fa93d1f0d7ac54fb6a2fe60d8c0206d69b","first_seen":"2025-09-22T11:43:04.247068Z","last_seen":"2026-04-21T04:54:46.271543Z","times_seen":12,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/register.webp","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/register.webp HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 81120\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:09 GMT\r\netag: W/\"13ce0-19d2f861424\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81120,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"999312343795530f6be9e54e8f0d7b15","sha1":"46fde336ce5c14a0b44261b0bfbdd4fa05a2a794","sha256":"875342a155f7ace6b21a46f31b3d0ce2832f3928ef99093fe0a8c0ae58359ae4","sha512":"65f0fc90cae195b2d22668da1830dde52aaedb7212b7adbc88fb0e4d6983e9597468e54b56c221e9b6f9016ea82440d2f4f9d2b7d3e3c3eb6a1e04db6e90f2c1","ssdeep":"1536:UFNWrhMrqyHCu62fjWIw6NUC12YVMn2Vn6fO/YgH+dqjL18q+kid1H30VSbSyQ:UFaUqxuZfjzNPSAmmYJqv2q8dp3jSh","tlshash":"6f830281a99ec34cc7c56c42f5bb7ed5055ecdae13e4630068c291b58c236badf64acd","first_seen":"2025-09-22T11:43:04.199348Z","last_seen":"2026-04-21T04:54:46.226356Z","times_seen":12,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":92,"receive":111,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.6.3/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 28112\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"63a24ddb-6dd0\"\r\nlast-modified: Wed, 21 Dec 2022 00:05:47 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1031253\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=76HhtbYSIvL5rmDMsl4MkY3Bf21F4lrdwrm7KWikh79HFWZh3GWJu9X8QPvc3YnkmvNU65ckfMiaEIrWPQt8JS5gebzaGc1PxajE%2BLpMlUl4BGo532Y42nN8jsNo1DOLzP%2FFYwqw\"}]}\r\ncf-ray: 9ef96ea9fb6ac272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":89947,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"cf2fbbf84281d9ecbffb4993203d543b","sha1":"832a6a4e86daf38b1975d705c5de5d9e5f5844bc","sha256":"a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575","sha512":"493a1fe319b5c2091f9bb85e5aa149567e7c1e6dc4b52df55c569a81a6bc54c45e097024427259fa3132f0f082fe24f5f1d172f7959c131347153a8bca9ef679","ssdeep":"1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL","tlshash":"4c9318ddb2c6b06247a770ba407f610ff236199d684d4400f169d8e9bc78a4a827bf7d","first_seen":"2023-03-10T04:24:46Z","last_seen":"2026-04-21T09:32:24.516972Z","times_seen":23924,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":26,"dns":0,"connect":1,"send":0,"wait":9,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/noty/3.1.4/noty.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/noty/3.1.4/noty.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 2252\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03f2b-495e\"\r\nlast-modified: Mon, 04 May 2020 16:13:31 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 4119160\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bbcf2nQ3OEXEp79PUaxbIyEKTGoHHPrb%2BMhkH0RJQhNRk%2FCydfvymluIM63S7u6LGcvBF5hHucWvUWfGvsgoQgf%2FaMTApOGjY%2FVfZ4crccYEQQMs3vIyMFQlUx2bz6msmpqs1E8G\"}]}\r\ncf-ray: 9ef96eaa0b78c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18782,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"22b505e925dc4d46f5c928d5a461334e","sha1":"8198d74a38864ddc276222f8235854c25da09a91","sha256":"a7e3e1289103a8df5fe67d381fec0db46a27576a535c6981e19afb3d9de527fc","sha512":"357521c6190381960e32368881df3dcc5db0e7532e6f9dd1bb7cc2369e4b4e513331b34d0234e30dba54458192e4ca29d9c5386fbaded67388b9cb1596bc7d7c","ssdeep":"384:dmFb0bRM2KBUy6aw6+FdTHd4L7n4PysIETluevw7Cuu2dtNH8ZLaX:dmx0bRMtB76h6+Fd7d07KL4u2dtl8ZLq","tlshash":"e482c1ae96511077b097970c66dac280336e3042401acf6bbb755329ff74491bea7f8a","first_seen":"2023-06-01T06:33:59Z","last_seen":"2026-04-21T04:54:46.262471Z","times_seen":102,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":7,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=BTCUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=BTCUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 300\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: 1cc5415e-a1da-42fb-bec1-9e882b84965a\r\nx-mbx-used-weight: 4\r\nx-mbx-used-weight-1m: 4\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 4XPoHIj0qge-XDsK_-LoZWTeb0dF1JuXmV5P3F-BzN1JH-Wvx6rcnw==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":557,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"95f32334def64690a53a849405420a6b","sha1":"4a821f8fdb90f8d2c708c2adb01c8c5e6ba54a43","sha256":"65c07c4b77c5b43094c15b668809bbcac4808ba87cca69ae5ebe60eb74171770","sha512":"ee755834b0eea50e20ab4645469ed25ed0a27c5980004e298c1701d2204fc71eeba0877d3657d5a7824211db0ae1f40cc7e3db8c92f6e19486fc2798893cbd52","ssdeep":"","tlshash":"06f052b27a882c04c93c8ea543d67035c1d1b0888ad48f60ebeccaa10cf3b3f5519340","first_seen":"2026-04-21T03:52:29.710014Z","last_seen":"2026-04-21T03:52:29.710014Z","times_seen":1,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":206,"dns":85,"connect":1,"send":0,"wait":245,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7748\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 18 Apr 2026 01:54:48 GMT\r\nexpires: Sun, 18 Apr 2027 01:54:48 GMT\r\ncache-control: public, max-age=31536000\r\nage: 266220\r\nlast-modified: Wed, 27 Apr 2022 16:21:30 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7748, version 1.0","md5":"a09f2fccfee35b7247b08a1a266f0328","sha1":"0da2d17e738f46d2a09e6fb7969da451719a9820","sha256":"cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446","sha512":"5e3f9a298003b84250ec6801e08ad2a4ff8845d4c3e13ea61bec37da24d26ede13b436257882124cc0c27e9a323ba92e7d23c6ad3f48a7b75535f5ed98813a0e","ssdeep":"96:0g6vAF/FXh6MmoI56TEwosGU/DbVF/QBT1gaHEYT6u/w3hXLbJPAS772+6haAftj:zp6x6TYpoDYBJg8TRkbJPAS/2+CzQa7","tlshash":"f3f19de65d1e5e8980f0102f6f6efce767950d88141dadf9a9e72f884c6ba1b04c90cd","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-04-21T09:33:48.956908Z","times_seen":204183,"resource_available":false,"data":null}},"time_used":599,"timings":{"blocked":286,"dns":3,"connect":20,"send":0,"wait":21,"receive":6,"ssl":259},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/support.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/support.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 428453\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:10 GMT\r\netag: W/\"689a5-19d2f8617b1\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":428453,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"7e589f03fcbb7830aa2f8506e877b0bd","sha1":"720155c000a5d7b5c1e241e1a41b0a38f25bcdfc","sha256":"00748b6aad458d32baf2c90805629eb15e605b75918bbc0b0366dc846d95dc1a","sha512":"4e96dcec139d7fe9b05526d59c989adcf0c3dec078ed1803974ab8e5b29dac7ea85fb4c16a98ce4912fb47d176f9875724467a26072dd2ef7cf440c4e833f98b","ssdeep":"12288:V5c9A+IMKf7cl0PTCj5/K7Zczyeyf5rk+cbcwK/:VyY7clcJ1su5rUcR","tlshash":"d7942364627cd2f32e477236a1e68f7b09c3c624eec4eb35c2943c2de455d1284e5ae6","first_seen":"2025-09-22T11:43:04.190051Z","last_seen":"2026-04-21T04:54:46.27049Z","times_seen":11,"resource_available":false,"data":null}},"time_used":338,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":228,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/how-it-works.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/how-it-works.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 363271\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:07 GMT\r\netag: W/\"58b07-19d2f860e05\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":363271,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 4480 x 384, 8-bit/color RGBA, non-interlaced","md5":"99ee327761ff83505d22c3019b39883f","sha1":"fdf7222c606096b62ab8f0493af0437a0eda9712","sha256":"cfa8ff401c915baa56b59a5df116fa9f64d1842115e7d1010e0ecaa1f9601a52","sha512":"63a889cee3fb8338e4127603d679f2d89d07a8681bb2b363659fbe98250b76b218b8d77f8d3412275dfb449fe71adb0cea9afc92609a637d5932d924ed772236","ssdeep":"6144:3F/4Dw8M3S10C2vVIygSKOCkpPqJ+nQhcEyOp1bn7LwCZN/gW3KUn9Up:VwDw8MiqdvujS93RTnAtp9cCZNN3KUnK","tlshash":"4374010020f8e748ce9b3634eaca7f876743c9b366f72c6df455d09ee109e989941ad1","first_seen":"2025-09-22T11:43:04.218657Z","last_seen":"2026-04-21T04:54:46.27217Z","times_seen":11,"resource_available":false,"data":null}},"time_used":290,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":192,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 845\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03cf0-d17\"\r\nlast-modified: Mon, 04 May 2020 16:04:00 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1129504\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=c6qBnzXJmgZti4si4Lj5AL%2Fv71ijFIE1ehaeIt4xqG8UoZRtuqWGDjIzQZByILxBLBokuoBDYSicDPD3aOYE5pV2s4qyzOF8VqcGEklL0Okgu9gnKFVLCwekl9yHJKGDFNWV2YMI\"}]}\r\ncf-ray: 9ef96eaa0b7bc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3351,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (3184)","md5":"b2752a850d44f50036628eeaef3bfcfa","sha1":"fba46353cf90450ef3d362a123f1e7af3e8c561e","sha256":"521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc","sha512":"b52dd2e6a1b40658674113b2257bcd8de10ce14a4c5c7ad07d31a66d0d602a67a50b195210151ac614418ff1054f3a5b3f84554aba448a46e6749a1b0af844de","ssdeep":"","tlshash":"9161bbe5314a225f480f83121dd81e86393dcc52d8660a5a92bbd71447dae6d213ffcf","first_seen":"2023-04-05T13:49:19Z","last_seen":"2026-04-21T09:32:24.525684Z","times_seen":32014,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=DOGEUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.159Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=DOGEUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1640\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: 72c08c48-36a4-4c3d-adc9-e261b64ded90\r\nx-mbx-used-weight: 18\r\nx-mbx-used-weight-1m: 18\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: kTpRzrsGkoKyQZjlN0RCTIj7rYRr-DVEENrxiwa5wZU9EtRxH2XTKg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5256,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"0b727a2b0bd368230a5d23fd8ce620a8","sha1":"91cf763deea7c85fac3f3245021dfae8e26174e6","sha256":"0f23cc434e69ab1d7a8c8f2e75ef2a82166a9fec99e0951c8b91a2f06e63727e","sha512":"0d6fc9bad90fe043edf10a64561197d74cb15880defd47723adc1e43a249bdc01806608d577d7c92c0851a4aed4d5f42c87c23f3500eba0ab632b221b3aa5860","ssdeep":"96:bctOyEYVQF5FYHJBXJim0WKunZfWXtnfJnAJsdn2MHQyxrnCPhteHD:w9EqQF5Fhm04ndctBBn2MwQrnCPHM","tlshash":"c0b104901fa48661f9f60e09e7a5f9a52a6a346fdecd0fc189e2252f1ce1772571cf00","first_seen":"2026-04-21T03:52:29.715765Z","last_seen":"2026-04-21T03:52:29.715765Z","times_seen":1,"resource_available":false,"data":null}},"time_used":419,"timings":{"blocked":171,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/undefined/api/v2/address/undefined","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:49.116Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /undefined/api/v2/address/undefined HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nContent-Type: application/json\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:49 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 23\r\nx-powered-by: Express\r\nlocation: /\r\nvary: Accept\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":21640,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-21T09:33:31.894507Z","times_seen":14009670,"resource_available":true,"data":null}},"time_used":73,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 10158\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03cf0-ad36\"\r\nlast-modified: Mon, 04 May 2020 16:04:00 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 952880\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xd0BA69So1bPJJyIP4a9CqsziaXGGl9jHNEChCjKwj2eHkU%2BNWK9rmNClgfkgH3oOQD6jth7mkcTS%2BBnSJZ5dR0PIh6MLJMqnZEWxfvULGFp%2F2zCf0A8ylxmvcqLQ06BrZX4w%2Be9\"}]}\r\ncf-ray: 9ef96eaa0b7ac272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44342,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31997)","md5":"f416f9031fef25ae25ba9756e3eb6978","sha1":"e2a600e433df72b4cfde93d7880e3114917a3cbe","sha256":"a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d","sha512":"6cfb3b01eea956f84e4a221cc940a547bfead8e02c462a2fc38bc0917fb325bc374a101e7aa7b3ab9d11208708511abb39adb4ad6da7daaf9fc9704d714f65af","ssdeep":"768:UCI7dmuMFAAJG4dlQKNORpnXGAtep2lcwJeL+wr2RSGc7UuHjRUQuFBt33:PITMFC4dbMVRSGcgRDV","tlshash":"e7137346b3202d2a869b61a0663f160bb23a241ce414547d7d79e6de6d7dc8c213ffbc","first_seen":"2023-03-07T01:02:37Z","last_seen":"2026-04-21T09:32:24.520727Z","times_seen":50704,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/dmsans/v11/rP2Cp2ywxg089UriASitCBimCw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18212\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 19 Apr 2026 04:55:35 GMT\r\nexpires: Mon, 19 Apr 2027 04:55:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 168973\r\nlast-modified: Thu, 21 Apr 2022 16:54:14 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18212,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18212, version 1.0","md5":"ca72fb4e277e59be50b8850190822581","sha1":"159b97b22006fe2a483da0a13d33cfb3cc5aa031","sha256":"f3c0fa2cd71bb91d0e3acf5d77b93c49a184e9ad941532ca8c07c82eb0bd6a6c","sha512":"6b7cbd0a333fb6626ec25a087517f732f92eb263a1d145142303501e4ba0ff2016c5746eb5bd2a1444ee388e637b40ba7d15591e1698f9a32c26011786f90bb6","ssdeep":"384:OTQZ3hh/gTIPA/GINfOzLnyAMKZif+66duA/5LGD4O2:GsTgTI43NsL1F4fmxLwa","tlshash":"1f82d08667087ad0d009f4c5d1bfd2224e30a37c576abe66fe7f54deb898d215807909","first_seen":"2023-04-19T20:24:59Z","last_seen":"2026-04-21T04:54:46.230149Z","times_seen":409,"resource_available":false,"data":null}},"time_used":382,"timings":{"blocked":127,"dns":0,"connect":23,"send":0,"wait":115,"receive":2,"ssl":112},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 8000\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 18 Apr 2026 23:51:51 GMT\r\nexpires: Sun, 18 Apr 2027 23:51:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 187197\r\nlast-modified: Wed, 27 Apr 2022 16:59:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8000,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8000, version 1.0","md5":"72993dddf88a63e8f226656f7de88e57","sha1":"179f97ec0275f09603a8db94d4380eb584d81cd5","sha256":"f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149","sha512":"7c20165f9d22a86341e841fd58526209017dcde2afe2d0d2a89fe853d95dc69f658d25cf798c71f452dab09843fc808c1ae87a60b1284134163abf5a1d93e50a","ssdeep":"192:GDonmfrEdXT8WrxzRXwyQo3zGEOM7Y2hOMgWnsfYSjv4ENFGwrlKJ:8onPxTzjgyQSzLPXOTIYHJAJ","tlshash":"08f1b0ffa92456c4df692475a5044f27623652b4dd35cb2f496f3e12d2d74224bcc4c1","first_seen":"2023-04-05T18:53:14Z","last_seen":"2026-04-21T09:33:48.897395Z","times_seen":214943,"resource_available":false,"data":null}},"time_used":539,"timings":{"blocked":252,"dns":0,"connect":21,"send":0,"wait":25,"receive":1,"ssl":237},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=MATICUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=MATICUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1644\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: c8900f7e-24bb-4d50-8830-4feda97f3b35\r\nx-mbx-used-weight: 20\r\nx-mbx-used-weight-1m: 20\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: NocBO6BJ4SFt_b89xqWe6TK5xoc7I9hE7tISG5PepFAxjbaiiXdkPA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5171,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"292b386381f999e01d7ad2d1631b3164","sha1":"5e9e84ddbc74e31d9ae9346b3d1f8c419036f079","sha256":"c22969941883901a8571dfe5f824d5fea8f2fea113ff0af72ba429c13cec5aee","sha512":"e177d7ab8f77bc2ace53a2079478702b95288b1a83d671b2b9202ca2bf35020ce815692d3cd6f99bca08354f989381709d1be0c8f0ba6626de9bd94e75d97238","ssdeep":"96:/n8qnWDYOMesR4Ay8YG2rgYtzIWFjwbJ0AY9ruY65HIdLaft:/nYkeIly8YGSzDFjwtXV3mdWF","tlshash":"ceb1595203984250faba8c59a3e2fda11a6a705ffdce2fd085e4356719f35b24738f50","first_seen":"2025-09-22T11:43:04.242925Z","last_seen":"2026-04-21T04:54:46.224584Z","times_seen":12,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":169,"dns":0,"connect":0,"send":0,"wait":247,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/wallet.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/wallet.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 390325\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:11 GMT\r\netag: W/\"5f4b5-19d2f861cee\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":390325,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"b42a3eb84bc2bdd0845a7a61a852c87b","sha1":"454bde8cc3a6e95a148dca2d4eac326f8f247f2e","sha256":"4a6830351d75b476a1ef9169854de0fc85b434c4117a162a04342417c741a800","sha512":"40a3b4a73a8fd9b1edd851631707d435e08d9eee09009f5bb75e1383eea58480f2d6b00bf137aeb28198030f55e53f61ea128fe79e511944706294bbc9a23d22","ssdeep":"6144:2bOSHG6eR9zssBuZU9BlN7JZk2koIw0Iap3urvXhCEJBuOpEm/jcF/wD0eX:uMR9ZBuZUtjZ301pqYyDgFs0eX","tlshash":"bc84239fa13ce5454e6f12b582a13f2b217b8ef4e1d1094de8b356ad636cd8f0acb114","first_seen":"2025-12-24T04:14:24.021232Z","last_seen":"2026-04-21T04:54:46.225159Z","times_seen":10,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-21T03:51:47.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\netag: W/\"5488-CfVix7p60DmROIZiWqEP3SG7Tf0\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"decimal.js:10.4.3","description":"","website":"https://mikemcl.github.io/decimal.js/","common_platform_enumeration":"","icon":"decimal.js.png","categories":["JavaScript libraries"]},{"name":"Bootstrap:5.2.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Chart.js:4.2.1","description":"Chart.js is an open-source JavaScript library that allows you to draw different types of charts by using the HTML5 canvas element.","website":"https://www.chartjs.org","common_platform_enumeration":"","icon":"Chart.js.svg","categories":["JavaScript graphics"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":21640,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (394), with CRLF line terminators","md5":"d2469d92a1cf99edf5eb376d1c4cce4c","sha1":"09f562c7ba7ad039913886625aa10fdd21bb4dfd","sha256":"ae2cb625c27f91420ce649c0d56f173505aa801d0362281064816eb7ad93cc85","sha512":"c093f951034233c22fc4baa6c9db7d26ca92e767b679c906441799959fa8c2c174cee7526378736d751a933688901122c50bdf9de80a70c537b4899f2e177987","ssdeep":"384:CZqzByjORBwjZR5PSBXH1KdrnnMW83R+V2zOINI+J:CZqzByjDz5aBFK1nnMW83R+waINvJ","tlshash":"05a22b2160c0163b427391885e226baefd929207d30b9a6173fd1bdb5ff3d14dc67a89","first_seen":"2026-04-21T03:52:29.728258Z","last_seen":"2026-04-21T03:52:29.728258Z","times_seen":1,"resource_available":true,"data":null}},"time_used":302,"timings":{"blocked":101,"dns":40,"connect":25,"send":0,"wait":95,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/btc.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.514Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/btc.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 2069\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 13 Jan 2023 09:58:38 GMT\r\netag: W/\"815-185aa9128b0\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":2069,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f92890de8d6512e2597d378f00254e71","sha1":"ae4f3414bffd2594adedb794d4f9eefb2a86c382","sha256":"51a4362311aab24ca9f1b68d3ff5faf423385db8ffdade0894bd6acb799e53d3","sha512":"6ab7b81fef67d104a6fdf5c9523efc3d03d6039913a3cd3dac6d22fd4975d2449be7043953c840ff0ee8fdc7226894b07c287790381b0fb653579d8dd55f140f","ssdeep":"","tlshash":"cc41a5fcca1a8952ca9e4b6ceafc4c5e2f23604f016d01fcc58296f57c125f58645a9d","first_seen":"2023-07-06T20:31:23Z","last_seen":"2026-04-21T09:14:59.270527Z","times_seen":733,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=ETHUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=ETHUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 294\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: e49bd0cd-fa1b-43e3-9c5e-4237266a2871\r\nx-mbx-used-weight: 8\r\nx-mbx-used-weight-1m: 8\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: WRKvI9x08nTLCuQ7GvXbg9y5XuWRWszZtsGZMyrKZ7DuuIWNfHj47w==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":548,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"a992fd91b03a3debe991cd5958d515d8","sha1":"ab019da6b81336436c0c4f9f7c4faa5d092399d7","sha256":"87f05d787ed6dbfe476f0c72087ee44f95009d8649866a9116e596cb22f8d2c1","sha512":"9ce2acd40a701f0ccae51f11d907585d061185152873ee9faa82e598d6f1a496f350c8daa67bd91c444b6865bb91b4ecda30a49cbc23cbead007dadfc00e514a","ssdeep":"","tlshash":"a8f0e2a1d228dec8c63d5e580785ba355198700a93dd8f919afe96d047b0b7f2414720","first_seen":"2026-04-21T03:52:29.731539Z","last_seen":"2026-04-21T03:52:29.731539Z","times_seen":1,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":209,"dns":83,"connect":1,"send":0,"wait":242,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=SHIBUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=SHIBUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1689\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: 30ab988f-c525-4130-8c8f-344aa9356f55\r\nx-mbx-used-weight: 6\r\nx-mbx-used-weight-1m: 6\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: BSrMiY1EVuP3ePxGO9BxRNz7jI3OaOEQXFbe-BLQyZGaCdBSNHFhDg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":5012,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f73ae2f6eb01fcf8e3139511229a6859","sha1":"a01e91f8d6716b34bb72196d0b068fccaaddc5a2","sha256":"0e7d434a502f5477d95905948a3c64f4aa6baed071e2d7f868131c050bd18110","sha512":"405ebeaa7be2de70e7306f720d7fe2a5f0ba1bb2ab638ca9c9802f25c8aebeaab522956bed8caa310b6f05b09df0a71a35f59bddc80aa01fbc7b512cb232abd1","ssdeep":"96:tfXrN25slXri7/ArnFoqYPLODZBQSuLgWLh0Rmek8H:tjCswDADXYPLgZm/czke","tlshash":"24a178d20b8c9a91f9f64d09ebc5f9b1096af19f2fc9bfc185c1636f84890b26311e01","first_seen":"2026-04-21T03:52:29.733551Z","last_seen":"2026-04-21T03:52:46.803067Z","times_seen":2,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/undefined/api/v2/address/undefined","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /undefined/api/v2/address/undefined HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nContent-Type: application/json\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 23\r\nx-powered-by: Express\r\nlocation: /\r\nvary: Accept\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":21640,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-21T09:33:31.894507Z","times_seen":14009670,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\netag: W/\"5488-A4o2nIllUgx0rvd7HmxSh98RZJw\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Chart.js:4.2.1","description":"Chart.js is an open-source JavaScript library that allows you to draw different types of charts by using the HTML5 canvas element.","website":"https://www.chartjs.org","common_platform_enumeration":"","icon":"Chart.js.svg","categories":["JavaScript graphics"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"decimal.js:10.4.3","description":"","website":"https://mikemcl.github.io/decimal.js/","common_platform_enumeration":"","icon":"decimal.js.png","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Bootstrap:5.2.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":21640,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (394), with CRLF line terminators","md5":"1c3f21d8eb0c9ae3f7853ed22b93be98","sha1":"038a369c8965520c74aef77b1e6c5287df11649c","sha256":"af9f751e4c6f4d398ce5aae6167d53065051a32b90b427848bdca94d4c77a050","sha512":"fb12fe89738d6e2e59f0680622e9a9de8390049c89cf9033d79dfeb83ab151b1bc3ddb57700bf16f213ad66878ac11f3bf7573b2b8aba1d5af9a0d99fe14cd0b","ssdeep":"384:CZqzBqjORBwjZR5PSBXH1KdrnnMW83R+V2zOINI+J:CZqzBqjDz5aBFK1nnMW83R+waINvJ","tlshash":"73a21b2160c0163b427391885e226baefd929207d30b9a6173fd1bdb5ff3d14dc67a89","first_seen":"2026-04-21T03:52:29.735744Z","last_seen":"2026-04-21T03:52:29.735744Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/discount.webp","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/discount.webp HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 53594\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:08 GMT\r\netag: W/\"d15a-19d2f8611a5\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":53594,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6470255d9a7207e479c3d41afedba33a","sha1":"3f276768ea41745c35473619539decc658df25cf","sha256":"87c8edebe1de518289ab5e49e9150d8ea5d7e844bdbc17e9f61a23a9fcbc445e","sha512":"3340c3ba0022f967660396f53c8110ce4ba22cc100face189e451889710ef3b98646262638772983cb9dd517ff6da174cd0a7150ee091d99dbea4fec09878e36","ssdeep":"1536:70GKMeEdPO7Ml4LiEq5ihVR1GQeD8zgfyTc9sIKjiH+:70GpdPG5lGQeDYgi8sIRH+","tlshash":"793302cb58f25a9b2462e659277ac4f48bc325267cc4ae48fc05ec5ca3cb6b754f0261","first_seen":"2025-09-22T11:43:04.233082Z","last_seen":"2026-04-21T04:54:46.226925Z","times_seen":12,"resource_available":false,"data":null}},"time_used":197,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":112,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/log-balance-error","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:49.029Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"POST /log-balance-error HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nContent-Type: text/plain\r\nContent-Length: 58\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":58,"data":"\nURL: undefined/api/v2/address/undefined\nCurrency: success"}},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:49 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 63\r\nx-powered-by: Express\r\netag: W/\"3f-LhX6B4QvXHerUks6uf3oEe2K/pg\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":63,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fcdf5e66ca7c6a2a9323f32bdbd2fa9f","sha1":"2e15fa07842f5c77ab524b3ab9fde811ed8afe98","sha256":"dab3a762fc87b626377248b86f985a84715ac8de3ffc0780259d05a8793e69f3","sha512":"cf69b9becb0d1d587d533d8b8882c881322bfad549284537e7b4ba06a13353cf84d90946ab201113710369bc3024706c70bf5fed0cccc05b082d224a8202e8e5","ssdeep":"","tlshash":"80a0025d770669791a1112c561546684778414869584a519c04bb61c96a24a470bb519","first_seen":"2024-12-05T13:56:54.226135Z","last_seen":"2026-04-21T04:54:46.238578Z","times_seen":13,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/logo.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/logo.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 3227\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:08 GMT\r\netag: W/\"c9b-19d2f8611b7\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3227,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a894fe0ef912501e81a662610fbc8ca9","sha1":"2858dd8be76404b3b6112e3bf4bf065f2af939e2","sha256":"e22370f8d18dd03ff9bb14e984163988c15037f95f8ef89a18e152740dea6324","sha512":"0774c43dc93a2b305f93f5e32ab5fee79a96bdf4185af87f8004c626167fa52e347886aec51dbdff3f1b0fa43e981438fda2c6517258271c339391b017f4938c","ssdeep":"","tlshash":"c86101cd3b6484ce5acc97da2b5439f920a3a1fa7c874a14f1299a48188492e8e646d7","first_seen":"2025-12-24T04:14:24.015816Z","last_seen":"2026-04-21T04:54:46.241038Z","times_seen":10,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/dayjs/1.11.7/dayjs.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/dayjs/1.11.7/dayjs.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2700\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"638f7727-a8c\"\r\nlast-modified: Tue, 06 Dec 2022 17:08:55 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 411926\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A%2FNmiV9AMpRzQMnM4QyEZAq8FfTV7d4x14lg2yEm98uYdfFZt%2FysMNsybfLyqo23g%2FB%2FRS5GT4lxoXWv1e7tbFV3VBiAIRc1u3o8eSTrkDRzj%2FSE8JtXhJ4IIgW2LMyUTHPDp7fh\"}]}\r\ncf-ray: 9ef96eaa1b96c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6670,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (6670), with no line terminators","md5":"fc50c4b32f73acd0ca4a31e0b94418b6","sha1":"4cd4b7159ca9e1de084a7d1ede12ad51a5d4651f","sha256":"11f24ea8272c8454bfd93c6102b511bb75a7f1bfd70c0e1f6cf58a4b067ed41f","sha512":"85c57a0d7df904a8224e2598ac980f6eedc5c52e82b028ca826aec3d1a543e45d66ef3e22b1bd2552761597d325dc3dcb4e236149e163fa375cc7fb5ec1fec00","ssdeep":"192:+85zla0PpG7zCEttDgtXoeG7yag4roHGq:+85zla8MzCEzDgtXoXhfrYt","tlshash":"c5d1418ab282f5161793a174442f410af26f59aa7c5f85acf53ac8c36c7884ed13bf74","first_seen":"2023-03-10T08:34:01Z","last_seen":"2026-04-21T04:54:46.230664Z","times_seen":312,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":45,"dns":1,"connect":4,"send":0,"wait":7,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/eth-safe.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/eth-safe.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 4956102\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:08 GMT\r\netag: W/\"4b9fc6-19d2f86118f\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":4956102,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"58f12b7b376aace4cb85a1aee0161117","sha1":"105f583a288370913b9bc59f413bc380338b9d52","sha256":"46c9e903c031d2fe6fbfc039505d2810d1ed2656c46658bbf0f64a30c456a5d2","sha512":"d9a04316315d10337645c4deb2a04c5bc3d72027deb66e7b7c904b44348c96d80504d646b76bf504bf8f7b0712e4c9973d5c8283301b407083aa356761610b02","ssdeep":"24576:kMY/shFCDb2MSzKXzxkOCmQ8mlXCRtAPi5DyB1sET2+p:zYUqDKIuOrnmsy7sETnp","tlshash":"6a252342f874e6bec9128250b619ae0463a7c957b1ef3744ac9de33e45a0c49b7ed3d0","first_seen":"2025-09-22T11:43:04.222125Z","last_seen":"2026-04-21T04:54:46.260538Z","times_seen":11,"resource_available":false,"data":null}},"time_used":796,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":686,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/get-requested-addresses","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /get-requested-addresses HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 63\r\nx-powered-by: Express\r\netag: W/\"3f-LhX6B4QvXHerUks6uf3oEe2K/pg\"\r\nset-cookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; path=/; expires=Sun, 18 Oct 2026 03:51:48 GMT; httponly\nnirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go; path=/; expires=Sun, 18 Oct 2026 03:51:48 GMT; httponly\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":63,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fcdf5e66ca7c6a2a9323f32bdbd2fa9f","sha1":"2e15fa07842f5c77ab524b3ab9fde811ed8afe98","sha256":"dab3a762fc87b626377248b86f985a84715ac8de3ffc0780259d05a8793e69f3","sha512":"cf69b9becb0d1d587d533d8b8882c881322bfad549284537e7b4ba06a13353cf84d90946ab201113710369bc3024706c70bf5fed0cccc05b082d224a8202e8e5","ssdeep":"","tlshash":"80a0025d770669791a1112c561546684778414869584a519c04bb61c96a24a470bb519","first_seen":"2024-12-05T13:56:54.226135Z","last_seen":"2026-04-21T04:54:46.238578Z","times_seen":13,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/js/deposits.js?v=1776743507201","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/js/deposits.js?v=1776743507201 HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 7823\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:12 GMT\r\netag: W/\"1e8f-19d2f8620be\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":7823,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"1aed1e282723bc7b4400d008812b061e","sha1":"c578099253b862879ac1e5e4438b985f59de6224","sha256":"dd96159d0b2019435cc4b28deea1ae4a2722ee29818802fda0b19a025ae458b3","sha512":"2666657fb28a7defe5007863545a86942a6c54612357bdc875759fe984274b7dd741f1dc4b05a0c7e63c9bc814a5cbfdfb60d863aba1f8a96505dff85db7332e","ssdeep":"96:Hh+RVyU5amgsV4ViWz91/iJ/MZt/xnugHiXVP6yZ1zg4GkwUiMcLZQi1inBOgVzP:HhQf5a0mVrz9Ni1MZHkL64fu4BOwP","tlshash":"5cf1dc6103626262ca313ba48e2f411ef62653e7f646418f3b7cc5910fb44b1c5f6eae","first_seen":"2024-12-05T13:56:54.254357Z","last_seen":"2026-04-21T04:54:46.234951Z","times_seen":13,"resource_available":true,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/volumes.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/volumes.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 176997\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:10 GMT\r\netag: W/\"2b365-19d2f8618f0\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":176997,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced","md5":"64ae63896240b020d28f7bbd824a72e4","sha1":"1902ef39cebc71a24bcabf36cf68ca90249fdef7","sha256":"68b5d8aeaf9fc43eaf63f2bd68b62c2e487629756db01693576594526d4b25f0","sha512":"20f96c3fa703b70d661189c62a53c3d6a0cd7edb725050238c3ac463a4b172e4416e034b58e2fc48f849c82bf362f55afbc3153df249f7456b1a538e4480903a","ssdeep":"3072:hV/O5neXJaA7S+2uNnbQRthtHbMT3qekvnmOE9JhdLOf8T6ejCLKJiDSB:v/2QJaAeSIhI3Avnu9JhdLw8TdjCLiiY","tlshash":"e804120c9faa8bfef196b8176ee67dcab23814cae0dc0996d21c4c4fb135b51c52c845","first_seen":"2025-09-22T11:43:04.202914Z","last_seen":"2026-04-21T04:54:46.262996Z","times_seen":12,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":140,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/money.webp","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/money.webp HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 102666\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:08 GMT\r\netag: W/\"1910a-19d2f8611e1\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":102666,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e14a8f897f373636d57d425fb5c8d6d7","sha1":"63f05ee6341804b52e78634421f8c5db0315c000","sha256":"269da69f3f5df679645a9e534c8b4d67ffd11d996a4818895ceef10cd78f7fda","sha512":"df888e982b6bda6b3d7758230d832584f36801917e88e2c4946738e699115f8570ae5bc41f3494648ad4502571c82380f81b4e16007768cd967390caf9b40d41","ssdeep":"3072:s22ckpdL6sH1q9IkT2KtdT5rk5F4ifn10AQIOtV:R2rxhE5T/zVgzn1jGtV","tlshash":"fba3124426d559ff706ec77643ab530a4ef503e1e73fe7991736d41359ac088061ba8c","first_seen":"2025-09-22T11:43:04.231444Z","last_seen":"2026-04-21T04:54:46.267922Z","times_seen":12,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":80,"receive":119,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/Chart.js/4.2.1/chart.umd.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/Chart.js/4.2.1/chart.umd.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 59638\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"63e5ec6b-e8f6\"\r\nlast-modified: Fri, 10 Feb 2023 07:04:11 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 952065\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=49u0LJOHIKLBtoBC6miQonD7qpqOLIK6QOspczYOuvx5xiVcXjrvemlCZMcolsywYE2kmGunjfWkFQgi0jrkGTvp9GiFNYiVPnB3CrnAethQnebfDLLFlMjLX8PypamF3ksTt96o\"}]}\r\ncf-ray: 9ef96eaa1b93c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":203190,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (57336)","md5":"623f1081a8fa5cd9b0f5045967440d7a","sha1":"ed4bb46ade5b56bbbd57264da5883b21bd93ea97","sha256":"90957a40588ebd829b4567617cd13007638a276c35cbef1a1fb9811921f2f266","sha512":"bc251b7a3b52f8771662d0c7445d93e41d012b0546fc22deb9ec39b93d80897e1227659f7f9dbe91f80e36fb5d013aa4a90302f587b92be4ddd0e4dacfe3fb73","ssdeep":"6144:OyxLOWFKRwOtibhQGveXE2FjPi9DReTRYsTUm6W0Vk0jAKyjqNI:pHKRwOUbhQGveXE2FjKreTRYsTUmp0WR","tlshash":"7b14f5d53342b12282d256d6583a050ae3366648354789acf2bc5ddf3c6a98b71fff38","first_seen":"2023-10-20T12:18:54Z","last_seen":"2026-04-21T04:54:46.256129Z","times_seen":21,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 20789\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"633bb089-5135\"\r\nlast-modified: Tue, 04 Oct 2022 04:03:21 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 782562\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T5iRxtOQ6LIm3FaR2GVtZQRrvPXH%2B8owtHoKwfuuCvIJxfWCnnsHKy98V7I7a0oJeHOkSsDT66fAftTlYL3NCo7Bc5wTQm6rfZlRgDwUll%2FbhmhgLqX9c3GbnNhjJD2Vs9kZlrya\"}]}\r\ncf-ray: 9ef96eaa1b95c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80496,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"d2b0d31f74e62440ea1a557f126d0c64","sha1":"5c8f6cb983397deb65673b961a8657cfd6113ad9","sha256":"c4b2394a30fa0e4a23c6b308541353e20872a6fd765ed8fb70e6b402029deb00","sha512":"04eb2f29b2dbd1d075215a6538bf69b54d44600f8bb8228496e656454606ef7871a8d054f3924120184f1b085097b3badf72ad92332ff25bf165c58ff8ddd5df","ssdeep":"1536:84lMTGR2t4n+3ifBHJR9WbUHk3j8YY+PwRM3CjcI4BqQM6kF:X4Fj8GPwRM3CAI4Bt8","tlshash":"2773c6593254b4770ade45b68037420bf2265d98b24b802cb5bcadde2a7dc863277f7c","first_seen":"2023-03-08T14:58:09Z","last_seen":"2026-04-21T04:54:46.265656Z","times_seen":2321,"resource_available":true,"data":null}},"time_used":119,"timings":{"blocked":45,"dns":0,"connect":6,"send":0,"wait":6,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/trading.webp","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.523Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/trading.webp HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/webp\r\ncontent-length: 44672\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:10 GMT\r\netag: W/\"ae80-19d2f861892\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44672,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5d56764ef784377593dab0c917543c35","sha1":"a029d72c6bce0883988a5bfc370d7b5c0a55b240","sha256":"a19e522230283cc6d8ea93faa821e91c0acffe8e9603f1baf4071d6089b8ae0d","sha512":"43e1e2309b724c8a2ad66785788d6fbfb9dc8b30f4b6fd8be55f2b6056db19adbc6533a10979bc32d8a46cef60bc100e56bbe3ba1f9a249b34d2aae4072f0ffa","ssdeep":"768:UgQ54rm9c5AYW3PV+pTVaJpMaD+s21JDRnGuOT8Zp3j2med4Luaz+CZtv3o7N38R:UlaK9SPWfVe5i7kRSoZVjGd43+CZ1o7w","tlshash":"6a13f1a17b178b280642c59162da5147f0a4ccfa8d6ccfbf5900acbbca47cdba6c4d71","first_seen":"2025-09-22T11:43:04.227374Z","last_seen":"2026-04-21T04:54:46.22291Z","times_seen":12,"resource_available":false,"data":null}},"time_used":199,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":111,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=DOGEUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.132Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=DOGEUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 281\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: 2b8e8519-f5a7-43ee-8208-31b7a83ba88c\r\nx-mbx-used-weight: 28\r\nx-mbx-used-weight-1m: 28\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 7OadUeSuK4jd_d-_JLOZBgLz9RwXm20An0b7zFdfnvdGV4qRgBfiKQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":534,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"8dd14f30c3b904e32d30771b891ebc8f","sha1":"d0101ff8187accb0f5da13415ddf21314c8c15f4","sha256":"16615b2f755a056f39bfcf5a9779eb1b5843a9bdbf3385abb72c0608844e9e8c","sha512":"7854972aa644a15bfcd00ebac86408d8ec39b2c098af55f213648b53b22344c7bc829e2223f7cfa1ddaccde46913d2e600cf44550769dc9e95c93f9fdfb14e66","ssdeep":"","tlshash":"e6f0e2e6ae0c0c45c5be0eaacb82b52042c4b859c6c89f0186fd45b645b173f162cb60","first_seen":"2026-04-21T03:52:29.753552Z","last_seen":"2026-04-21T03:52:29.753552Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1037,"timings":{"blocked":206,"dns":77,"connect":1,"send":0,"wait":705,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=TRXUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=TRXUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1607\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: 7b3fcaf1-3156-448d-8a76-34783d36a3b5\r\nx-mbx-used-weight: 12\r\nx-mbx-used-weight-1m: 12\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: IAPElxJk6seUD9E5o22uKIoDfbK1Mq6rSyFSU0TaXwDPj0ntK1cD0A==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5185,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c966cf389c861d7ce88ac9a0a258e0e9","sha1":"8fd4f711c87758e46ff11464550b921fe2ea69a8","sha256":"08b414c67a4d0aae902863a668a89c5f6134996b7198674d3cfbb2b47211516c","sha512":"68236d74b2e94308cfd47accef7121906dd6f0b159c7b322a1d9400e929d2ca3c0d4cf3819ff5f8c33cf8e3b08c959686495fbbff4b6cd0cb1ae3b3ddbcf8301","ssdeep":"96:0TapeFdJm1ZHYWP5Vm4y5Lq25TWxQS3S2TdE7XIWn+/FyuI4nD:0episZbPG4+Tuj3S2TduXIWcLv","tlshash":"f1b12960169d8270f97a8e1923a7f8e5097a745ffece1fc44ad425271ce52b14338f50","first_seen":"2026-04-21T03:52:29.7555Z","last_seen":"2026-04-21T03:52:29.7555Z","times_seen":1,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":170,"dns":0,"connect":0,"send":0,"wait":246,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/css/bootstrap.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/bootstrap/5.2.2/css/bootstrap.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 20096\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"633bb089-4e80\"\r\nlast-modified: Tue, 04 Oct 2022 04:03:21 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 16385\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tIFW7Rud6zLST2ylLaC0e2CA8E8eFMPuLmAONAnXO4H4hWYqShVnXxF0QwANiCHQ1DGfrZXodeu71weRTktcMsYdj%2Bj24AbjbM6QOebe1OEQzwtH0L4Sx1vGbPq3V4KcNPKIZoJ6\"}]}\r\ncf-ray: 9ef96eaa3bb0c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":194901,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65305)","md5":"025df1ec88740cad5ff14bb3380da6dd","sha1":"7abed070e37ce060c0a561575f1d41a7f248fc74","sha256":"2143941c03dacda8b4f1016ced6e0c6f34e5c04585a3bcffe33c3c626c448a4a","sha512":"0a920a512ca1f505f6fb349d7c63fe7962f1db70bc0e3f7f5e61e3658dae0ed7e474b1a8d2e635da381c9e45fdbd73a061a8c429bfe38b0ebb1189be9017feea","ssdeep":"1536:StGg9JfWgeQK5wlP72qgOfI3N9LsqkVkpz600I4lp:StGg9JfWD9kVkpz600I4lp","tlshash":"c11482d6f190307d98a7c2499591fefd866fa585d7120aaaf0137b6807ca7c30963ecc","first_seen":"2023-04-05T17:39:52Z","last_seen":"2026-04-21T04:54:46.231187Z","times_seen":3003,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":50,"dns":5,"connect":9,"send":0,"wait":6,"receive":1,"ssl":41},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/css/common.css","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/css/common.css HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 134624\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:04 GMT\r\netag: W/\"20de0-19d2f86016b\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":134624,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"b400b5411569f0f9825c0a9ced936030","sha1":"5bde4c0ed2e1b7c20beef6da92d6b87ec995b113","sha256":"c7a96865e8d00803fc62502bbb292861518bbf8f3d389e93c305f88c738b68a6","sha512":"b9c236c769f64c2eeb9d639506149659fd27d7065f11a2dcadf4f1fe8fe498983a7557f33cab810faf2ccba739ca5dcdcce47d034e1132768ece4b2859cb70dd","ssdeep":"1536:/9xCxOS+NwEn0Q753QUDrVQYcQdgPBv+Jvz5PrYgq:VMgS+NwEn0Q753Q4vz5j+","tlshash":"f5d3746aca0012085633ef245bea0711faf940b7970a72f93ddd6184df7ba44c6a1fd9","first_seen":"2025-12-24T04:14:24.019092Z","last_seen":"2026-04-21T04:54:46.239116Z","times_seen":10,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":89,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=ETHUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=ETHUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1867\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: 89154bab-b510-483a-b3a2-fdb2118717c3\r\nx-mbx-used-weight: 16\r\nx-mbx-used-weight-1m: 16\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: Es9HjBbO-8aewzwKnd9nxbrY1H4wYSo6UxSifowI73pfUaqZNQwjlg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5512,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"3b719f4ad547e1df7c6090a0b8e89ec3","sha1":"e4f32f459e766cb3be9ac87e145eef55daf5851f","sha256":"e02b5f6b447fc03a83bff25086751021365569387b3e00339720234824153ae8","sha512":"f603b64d26ac6f53477ffb47a19bd35d40ccf1b88c6dc8750ff1c53a2c4e4e870a541c874d369d60481731fb696e6b9891747d68262a84b641284a2401c2e567","ssdeep":"96:qKjd2y5+n7lzzW7AUaj+8TeI6N2aQINHn05Q1ZHbBxlJ2H:fd2y5Glzi7AUOzTeI6N2aQINH052Z7Be","tlshash":"8ab1ba6117a48bb4fe7a8a093791bca5597a705feeca0cc4aad13b771ce11b21b1c710","first_seen":"2026-04-21T03:52:29.759451Z","last_seen":"2026-04-21T03:52:29.759451Z","times_seen":1,"resource_available":false,"data":null}},"time_used":421,"timings":{"blocked":173,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/logo.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:49.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/logo.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:49 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 3227\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:08 GMT\r\netag: W/\"c9b-19d2f8611b7\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":3227,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a894fe0ef912501e81a662610fbc8ca9","sha1":"2858dd8be76404b3b6112e3bf4bf065f2af939e2","sha256":"e22370f8d18dd03ff9bb14e984163988c15037f95f8ef89a18e152740dea6324","sha512":"0774c43dc93a2b305f93f5e32ab5fee79a96bdf4185af87f8004c626167fa52e347886aec51dbdff3f1b0fa43e981438fda2c6517258271c339391b017f4938c","ssdeep":"","tlshash":"c86101cd3b6484ce5acc97da2b5439f920a3a1fa7c874a14f1299a48188492e8e646d7","first_seen":"2025-12-24T04:14:24.015816Z","last_seen":"2026-04-21T04:54:46.241038Z","times_seen":10,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/decimal.js/10.4.3/decimal.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/decimal.js/10.4.3/decimal.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 11116\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"638d3c09-2b6c\"\r\nlast-modified: Mon, 05 Dec 2022 00:32:09 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1183319\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ei50Ab5y%2F606gfOjZDKTiLeX8ACa4vaUVmf4OGD2IMqcRM%2F9%2BvF21RQEvwdXhTgzBiD3qBaOaElxdM5PBZ4ecyfWQR%2Bj7dBor%2FkaQRYfNEq7TaiW2LpWmPUNmoBvQmVj4HhurFEe\"}]}\r\ncf-ray: 9ef96eaa1b99c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31896,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (31896), with no line terminators","md5":"277304477526834eaf918ca7d9d9e049","sha1":"85f9e74dd02132f079aa24ebbe6d6617e0fbfc9b","sha256":"efbb6ddf6344490bf0ff9e5a80d784a4afec43934b120f6989e17876a7ece475","sha512":"596cc2643419db71ae3d528fa30046085e8c8680356b3f22264fc68e1d9ae52de379e344bca2478063ccc83a1f794b5c39e1de23701bb0f15420b5877e844ff3","ssdeep":"768:4DL32yF2iFFGBUb6cLgs5M4kSzIevAABUOnwu6uJ10oN9P/CvLf:4DL3qqGC6onJkkvAnEp9+","tlshash":"52e2e8e532b2f0c663e328f140ff4487a23a6d55994d11b4e2089af57cb16c9b23af75","first_seen":"2024-08-19T13:20:56.622688Z","last_seen":"2026-04-21T04:54:46.23443Z","times_seen":20,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":42,"dns":1,"connect":4,"send":0,"wait":12,"receive":1,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/doge.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/doge.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 57184\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 13 Jan 2023 10:09:58 GMT\r\netag: W/\"df60-185aa9b88f0\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":57184,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bfe942ea1ab1cdd5b24bf66e4764bee1","sha1":"cda102204962596c36af10643a9c7d52f2d27185","sha256":"fd1c5bba25550fb3817560c04c9ec96e9b1a59251249997220a98b8c69cc5cdc","sha512":"7f118456391705644d5bb4c3b668c055f7b145344cde2e4c4e72062c80882c0ddca1d137d5da4f58b9bcf5b70e285e33557e30726449c9a6f0c07529701e80c2","ssdeep":"768:ceNIDXtN03ZpiteAidcLojmW3/tbHH2OZugokMUXzCknYL9bkFyyFWATv:ceNWQAXUme/RdZdok/jdvXz","tlshash":"a3438993d2a817fc79460b24c531706679f555aa723be39ccb67d6827806ef200bcc7a","first_seen":"2023-11-25T21:53:24Z","last_seen":"2026-04-21T09:14:59.269982Z","times_seen":892,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":80,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7884\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 18 Apr 2026 01:53:20 GMT\r\nexpires: Sun, 18 Apr 2027 01:53:20 GMT\r\ncache-control: public, max-age=31536000\r\nage: 266308\r\nlast-modified: Wed, 27 Apr 2022 17:03:52 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-04-21T09:33:48.865337Z","times_seen":308686,"resource_available":false,"data":null}},"time_used":603,"timings":{"blocked":289,"dns":3,"connect":24,"send":0,"wait":26,"receive":1,"ssl":256},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=TRXUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.135Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=TRXUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 288\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: 1cc5415e-a1da-42fb-bec1-9e882b84965a\r\nx-mbx-used-weight: 22\r\nx-mbx-used-weight-1m: 22\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 1fyXppENQaOVpYnvjoHDlAdVw_ROMb8ZTSMfBE1sQB9QgRkBhWvxVQ==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":534,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"a74175f633b19c12965272d4bc6ca031","sha1":"0647f6ac2729c860f63fc22b65a89b231129a5c5","sha256":"1791f0aabdf8af8c5ac9b3fab8618d71943d626de5fe0c49a48e787d004f3021","sha512":"5dd3bc1aef371488b20268b85676d12b2e3fe3213b937ebfeb97e9779ec12882a3e01439e139717aac39eaa3c870314ae1d91270b9795749c73aa6201460ecd9","ssdeep":"","tlshash":"52f020f2921d0d05c43c2ea9c79ab12a10c9b1a3c2e68f401aeeaaa014f4bbf2204740","first_seen":"2026-04-21T03:52:29.76618Z","last_seen":"2026-04-21T03:52:29.76618Z","times_seen":1,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":157,"connect":0,"send":0,"wait":244,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=SHIBUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=SHIBUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 284\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\nx-xss-protection: 1; mode=block\r\nserver: nginx\r\nx-mbx-uuid: 5dfdb6a3-3731-413b-8b3b-0655d4bf410d\r\nx-mbx-used-weight: 2\r\nx-mbx-used-weight-1m: 2\r\ncontent-encoding: gzip\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-security-policy: default-src 'self'\r\nexpires: 0\r\npragma: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-content-security-policy: default-src 'self'\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nx-webkit-csp: default-src 'self'\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: JPk1qyTOFHRGnGiG2-ru0_VIx7_cGrfZ676bY3l_X1ytolDN-4xFRg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":527,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"9cc3b527b6f889df3b155073cfbc558e","sha1":"8f9f9bd37177e99c5a0cb6620bc555be4f04aa93","sha256":"fea9b718fe75666b96cfa1e614b7d0ef1c9c6ed65cc1f4e92d7cb0973d3fe3e4","sha512":"53373dd75740d16889661b75deaaedaf9f0c41c3afc17d8122eba821c24636089f2911408af75506d7bad11992a276de63b8e8afde646aceb06cc41ef5a8c446","ssdeep":"","tlshash":"d3f097e3ab0c0e85d4fd6fa5c781703881c8f24b8be4970016ef4ab001b471f2619801","first_seen":"2026-04-21T03:52:29.767782Z","last_seen":"2026-04-21T03:52:29.767782Z","times_seen":1,"resource_available":false,"data":null}},"time_used":425,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":241,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/log-balance-error","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:49.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"POST /log-balance-error HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nContent-Type: text/plain\r\nContent-Length: 58\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":58,"data":"\nURL: undefined/api/v2/address/undefined\nCurrency: message"}},"response":{"raw":"HTTP/2 400 Bad Request\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:49 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 63\r\nx-powered-by: Express\r\netag: W/\"3f-LhX6B4QvXHerUks6uf3oEe2K/pg\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":63,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"fcdf5e66ca7c6a2a9323f32bdbd2fa9f","sha1":"2e15fa07842f5c77ab524b3ab9fde811ed8afe98","sha256":"dab3a762fc87b626377248b86f985a84715ac8de3ffc0780259d05a8793e69f3","sha512":"cf69b9becb0d1d587d533d8b8882c881322bfad549284537e7b4ba06a13353cf84d90946ab201113710369bc3024706c70bf5fed0cccc05b082d224a8202e8e5","ssdeep":"","tlshash":"80a0025d770669791a1112c561546684778414869584a519c04bb61c96a24a470bb519","first_seen":"2024-12-05T13:56:54.226135Z","last_seen":"2026-04-21T04:54:46.238578Z","times_seen":13,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":72,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/currencies/shib.svg","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /currencies/shib.svg HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 9894\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 13 Jan 2023 10:20:04 GMT\r\netag: W/\"26a6-185aaa4c820\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":9894,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e53ff3a90e8c46f183c2f76f5e56c725","sha1":"496b59dfa36d361399419112394dbfa2d638ed44","sha256":"e1718d832724f003ff97f4b2e5210ef48399cc992b00efca2ca3a17f75ccc908","sha512":"afd69f9c50b857827d1e73b101c64b058c2a537fa94272fa0041cf084ef3bb3d6ec2ee63c9db2a91252bc807374dd0821d9436469590d7eb31f4e6bce2e5be6d","ssdeep":"192:u0x5yqAxbG8Nz+R4y42CMAAq79NzpdyjfLFtCmkdPc6lI1y:u0vVAhG8Nz6gMAH79NzpQLfNkdU6O0","tlshash":"61122f074388ebf8bda98228d51064d979d5ecdbe430f2d4bb6b1442c58c4d5a68c7fe","first_seen":"2023-05-22T20:26:51Z","last_seen":"2026-04-21T09:14:59.279927Z","times_seen":532,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:49.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: nirvana=eyJyZWZlcnJlciI6Imh0dHBzOi8vcmVmZXJyYWwtbGluay1pdDMyZ2ttejNpMWRtMjYuY29tLyJ9; nirvana.sig=DV51MHkZ-vCNdqaOy0cpC5oe5go\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:49 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-powered-by: Express\r\netag: W/\"5488-Xx9uvq4hBJyfnZymP0lt9FpNjYI\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"OWL Carousel","description":"OWL Carousel is an enabled jQuery plugin that lets you create responsive carousel sliders.","website":"https://owlcarousel2.github.io/OwlCarousel2/","common_platform_enumeration":"","icon":"OWL Carousel.png","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"decimal.js:10.4.3","description":"","website":"https://mikemcl.github.io/decimal.js/","common_platform_enumeration":"","icon":"decimal.js.png","categories":["JavaScript libraries"]},{"name":"Chart.js:4.2.1","description":"Chart.js is an open-source JavaScript library that allows you to draw different types of charts by using the HTML5 canvas element.","website":"https://www.chartjs.org","common_platform_enumeration":"","icon":"Chart.js.svg","categories":["JavaScript graphics"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"jQuery:3.6.3","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Bootstrap:5.2.2","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":21640,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (394), with CRLF line terminators","md5":"5fa5efc16096b2e2d48bcca099fc1448","sha1":"5f1f6ebeae21049c9f9d9ca63f496df45a4d8d82","sha256":"9d035e28f695fe79683d427626fb9fff8b115e7bc434f2e3948289293cd323b6","sha512":"8681406c3d3d36696539b441684b669ec416b87a2202c853f9f3fc98f43850069a58c66d138d428e529ca067326cd2cf7299047b4805719294e7fccebae5e4bb","ssdeep":"384:CZqzBAjORBwjZR5PSBXH1KdrnnMW83R+V2zOINI+J:CZqzBAjDz5aBFK1nnMW83R+waINvJ","tlshash":"47a22c2160c0163b427391885e226baefd929207d30b9a6173fd1bdb5ff3d14dc67a89","first_seen":"2026-04-21T03:52:29.769707Z","last_seen":"2026-04-21T03:52:29.769707Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/js/common.js?v=1776743507201","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/js/common.js?v=1776743507201 HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 603\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:12 GMT\r\netag: W/\"25b-19d2f8620ce\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":603,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"cc8db1f56ca6eebe8e29717c7ddd8e17","sha1":"68b47d175ebbefe907364b2b8dab0d3ad5fc1e3b","sha256":"047801fa1b412e031f88038ab341766471c184e5a3fb3ff2477b57034901df05","sha512":"4851ace7fa553b12d749ec17c587a53bef7d3249da46a27ec1d14371f76031088239e9d8136ed271231b853947ebe69002586ad0a08e58e657acad1433478f59","ssdeep":"","tlshash":"9ff0527b600e3272a233bfb8d6959482eb96323711822a05789d61122fb082527f4fdc","first_seen":"2024-12-05T13:56:54.252429Z","last_seen":"2026-04-21T04:54:46.261593Z","times_seen":17,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"referral-link-it32gkmz3i1dm26.com/default/img/trading.png","fqdn":"referral-link-it32gkmz3i1dm26.com","domain":"referral-link-it32gkmz3i1dm26.com","tld":"com"},"ip":{"addr":"62.60.226.89","port":443,"asn":215939,"as":"Valery Smoliar","country":"Iran","country_code":"IR"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"referral-link-it32gkmz3i1dm26.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sat, 07 Mar 2026 15:33:00 GMT","end":"Fri, 05 Jun 2026 15:32:59 GMT"},"fingerprint":{"sha1":"D9:37:D1:44:66:EF:E9:0F:F9:70:B1:E8:54:29:33:B5:CE:5F:45:47","sha256":"CD:68:1E:F9:21:79:9B:3F:DB:A5:BE:12:2F:B5:25:1F:28:58:B2:39:7C:A8:75:76:41:A7:E1:EB:B9:BD:37:B2"}}},"request":{"raw":"GET /default/img/trading.png HTTP/1.1\r\nHost: referral-link-it32gkmz3i1dm26.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 325803\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Fri, 27 Mar 2026 13:40:10 GMT\r\netag: W/\"4f8ab-19d2f8618b5\"\r\nx-served-by: referral-link-it32gkmz3i1dm26.com\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":325803,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"bdef9b286f7faf79b0999f3ffb715c3f","sha1":"935be411312174f5a55639da69af00c732ed8017","sha256":"7ac49caac3edb6bd7b209653ac6eb84e1a90f493c78c83bae8695dc58cab990c","sha512":"2344abd712d3df7364752d260eb87d443eae6ea0d259263766772836aeeabaa38a1f17960525d575c7997ddb7776d269927dc7c9dc12799f5b458d3a4a7277c6","ssdeep":"6144:ucMm1ikqbWgwMBZ9GRLRUR1KtbLsInJuCa1cCTMiEmOO3vQE8FS:9MmXqbNZ0R0wJAIJK1clbJO3vQBo","tlshash":"e76423dadd3970e5fc4e517ff4a98b9d4f82bc0f18d06cc62f2884d4062e289da2d964","first_seen":"2025-09-22T11:43:04.213377Z","last_seen":"2026-04-21T04:54:46.268982Z","times_seen":12,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":200,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-21","alert":"Sinkholed","trigger":"referral-link-it32gkmz3i1dm26.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:47.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 00:38:49 GMT","end":"Fri, 12 Jun 2026 01:38:45 GMT"},"fingerprint":{"sha1":"7A:4A:F6:D6:63:62:70:CA:51:C5:5A:06:41:17:71:BF:9D:2C:C9:42","sha256":"7F:F5:F5:FE:73:1F:E7:AF:1A:82:5B:59:EE:E8:E9:65:D6:87:68:61:8C:11:1E:94:4A:9A:C4:14:BD:4B:04:BA"}}},"request":{"raw":"GET /ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 21 Apr 2026 03:51:47 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 331\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03cf0-3f5\"\r\nlast-modified: Mon, 04 May 2020 16:04:00 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 786832\r\nexpires: Sun, 11 Apr 2027 03:51:47 GMT\r\naccept-ranges: bytes\r\nstrict-transport-security: max-age=15780000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GBMAjf1GmcBciFi5rNLUnUx2dSl5%2B2ZwKqwtNHb4YXhkzW%2FfgDBjgPaWXlsQLhRBy4PO%2FsjBt5krAsNaOxoIvlaOhtol5c9Lo1OeZrHvY29X3Hxa9wZiuBv66CGKZ1WiU1d3iL6b\"}]}\r\ncf-ray: 9ef96eaa0b81c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1013,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (846)","md5":"594b81805a98b267e47c70a8fad30d9f","sha1":"684d84ec40b305ca14efc88c91f12972cb6342b4","sha256":"924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac","sha512":"b0c5ed30d2f5cd1ce894760a12e8ccd80a822d447d1760b8ff4e5c75bc638cb491bcc40872210f090668fbe9e4ee0a3706d4ae2bd91f6bfb3e6b87f88b9a4b93","ssdeep":"","tlshash":"4d11abc5f189221d301781904aa842cb6b1e687e529d0ef5f8ee8160c22dd053a6fbf9","first_seen":"2023-04-05T06:03:14Z","last_seen":"2026-04-21T08:25:04.507555Z","times_seen":19507,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/ticker/24hr?symbol=LTCUSDT","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/ticker/24hr?symbol=LTCUSDT HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 283\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: 8a26ed98-13a4-4375-997e-0d3fa747c466\r\nx-mbx-used-weight: 26\r\nx-mbx-used-weight-1m: 26\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: AHAGdG-b5Lqv0YgCIJGYzYREh131ToJRPEtYz2BQhcFF-0oYVvJArg==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":531,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"2a71a832a992c5ee0b8ae3bb6269200c","sha1":"f1ab4e8185ec17adcaa8168c2b8e28e3d206619c","sha256":"89b1a71691275a6408ff8dc91d757777a51c421e7bc7f39ea61c0df0f429eb3f","sha512":"a7efb3b64105d04cbf4b45e6f24320455811d7f72bb421938cba58827e007551d52537bec8b3035c7973e79cfdd79bc424a2d376aa1d72397353789580f4ce4c","ssdeep":"","tlshash":"1df027a396082dc4c87d4ea9d396b53442c67183c7d58f0947ed4b5209f1b3ea518b50","first_seen":"2026-04-21T03:52:29.77367Z","last_seen":"2026-04-21T03:52:29.77367Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1046,"timings":{"blocked":212,"dns":81,"connect":1,"send":0,"wait":702,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.binance.com/api/v3/klines?symbol=LTCUSDT\u0026interval=1d\u0026limit=30","fqdn":"api.binance.com","domain":"binance.com","tld":"com"},"ip":{"addr":"3.167.5.231","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://referral-link-it32gkmz3i1dm26.com/","date":"2026-04-21T03:51:48.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.binance.com","organization":"Binance Holdings Limited"},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 09 Dec 2025 00:00:00 GMT","end":"Sat, 09 Jan 2027 23:59:59 GMT"},"fingerprint":{"sha1":"B3:E9:9C:BE:88:3B:90:E1:A2:3A:98:81:FA:0E:51:08:F0:80:5E:57","sha256":"B4:FC:8D:3D:AB:BE:3E:3B:A7:86:50:B8:92:3B:52:62:7C:FE:48:A9:1F:28:F2:45:AB:CC:DE:F7:68:0C:44:BB"}}},"request":{"raw":"GET /api/v3/klines?symbol=LTCUSDT\u0026interval=1d\u0026limit=30 HTTP/1.1\r\nHost: api.binance.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://referral-link-it32gkmz3i1dm26.com/\r\nOrigin: https://referral-link-it32gkmz3i1dm26.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json;charset=UTF-8\r\ncontent-length: 1612\r\ndate: Tue, 21 Apr 2026 03:51:48 GMT\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\nserver: nginx\r\nx-mbx-uuid: fcec361b-3aca-4ca4-82dc-13fbf7e79000\r\nx-mbx-used-weight: 14\r\nx-mbx-used-weight-1m: 14\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubdomains\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncontent-security-policy: default-src 'self'\r\nx-content-security-policy: default-src 'self'\r\nx-webkit-csp: default-src 'self'\r\ncache-control: no-cache, no-store, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\naccess-control-allow-origin: *\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 c66a2f390287242c7df16dd5190aa68e.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: 2y_vbV4n1dBxq65M0s4t0qt71gqZsMnYERUueU5iJlGQLDACgHUcpA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5144,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"4de507aa6c5859716fb1fc5b4dbdf897","sha1":"332adf8f8269d11515dc508809a7f9a9fc371517","sha256":"c5dff5c8898e107c9f262d162d16b6427230cc8c965495bc78730c1a4d7b3773","sha512":"bf3d7e89f8ae71a9c00498bc7f6817bd83f303687c37a346c5684a003e4eaabc76f6e87b383660d4828b46469761912871dd372d699545a257f779e4c2bb2ad8","ssdeep":"96:14qRiydORv3MR/zTQJ7FAxFu14UWlEzX7+E1sXll0qimgNSYh8Nf:14yiyuMVv27mxMUWrGVlJWNTiB","tlshash":"67b115121788c614fa7a8d2a33d2f8ad5b6a345bdede1dc08ab5ba234cf20714f0c755","first_seen":"2026-04-21T03:52:29.774807Z","last_seen":"2026-04-21T03:52:29.774807Z","times_seen":1,"resource_available":false,"data":null}},"time_used":416,"timings":{"blocked":172,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}