{"report_id":"bbc3b0dc-3a57-42a7-bc3e-b4fa017517d4","version":6,"status":"done","tags":[],"date":"2026-01-24T13:34:09Z","url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"172.67.166.251","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"title":"QIE Airdrop","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"172.67.166.251","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-28T13:34:09Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"airdrop-qie.digital","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"airdrop-qie.digital","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-24T13:31:39.720607Z","last_seen":"2026-01-24T13:31:39.720607Z","alert_count":5,"request_count":5,"received_data":7719387,"sent_data":2233,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"f278e1582a6b32d6a9a05328bba73b0f","sha1":"02780b645a044990e49787663d3dba06626b1e3d","sha256":"07317dc90130ec69ed8e07a8362168074f9067473354101f361449cff37110aa","sha512":"08463b63ba1654bf203117d8f0c0a2ce4b5d92914ffba7c8ac3d942ff1a812c86cc61d9e840e5f3422c2b22d1b71b1a06b9a6d40d4e4259b32fd8cd40cc8357f","ssdeep":"","tlshash":"55319948a43216904242e8f1c676abeeabe774080574446d349cbec7eff8447e521678","size":1529,"data":"","first_seen":"2025-08-01T04:16:24.221852Z","last_seen":"2026-05-06T23:41:09.276248Z","times_seen":2930,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"59a13eef9e5e0ec7844e58e8b47d54a0","sha1":"0fb2b2059a878b87f8524284d448dd46a4351953","sha256":"c890c150b008d069bfddb86ee2c2e3fe979515939053b4c53fd6853b68e4fe35","sha512":"7fcdb614d30b1141e9a1e134a98e2888007f786f866c24e6383106d3e003f094e72901aa295e7d3450fccf5a249b25b436401a5b9439205da6b0eec8d72cfc80","ssdeep":"","tlshash":"33f0beaf336126ca23ae6ad20796c01d1e72e4ab3002163c575a36ca0cb6f52521b07e","size":494,"data":"","first_seen":"2025-08-01T04:17:54.874483Z","last_seen":"2026-05-06T23:41:09.285373Z","times_seen":2765,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1e21743cd2ee2004cd56bfc5c29e3609","sha1":"bf516634ffbcfd3186b71dafc0ecdcc47894c439","sha256":"0e428980439e794b176e0ee3cd84e4878510b1d52c1efc1c00f4af9729a17029","sha512":"4264e5ce5b4f3acb24046582388132a5915398c9266c18c6349d75fb94bd74bac990dc6ebd12e1e118a3a24752a3e4badae2faabd69b9827d1f223a0750da4c2","ssdeep":"48:atoyTqSsM+c69M+c69M+c69M+c60778KK7NaaM//M+A:atlDNDNDNDl778KKw//M+A","tlshash":"25913f32165427da63ce8fd45a85751d01d2c89a383e60bdff3279eded3a683c031612","size":4506,"data":"","first_seen":"2025-08-01T04:16:24.215618Z","last_seen":"2026-05-06T23:41:09.283626Z","times_seen":2901,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"2380d391cf784bce2f77e0e16fa2268b","sha1":"2b88cb08e3d7f56772d46fe1a10d84774e8728d5","sha256":"e65fcff70fe965f3d1878fe515a7ebcd265dfe61b15461521450c882e8d081d7","sha512":"0f3264af3a045928be20d2ee1ef3af905571d07e3fc25eaeda22199baca89b8c9bff94d90d81124ff45b16c5e40df291c2f49d9464ba901d2d961f6fd1196f1f","ssdeep":"","tlshash":"e6411b1e00aa0aa31ba3054333ce846d0956c2cedcc73534d3b27f8134c67832a93bea","size":2254,"data":"","first_seen":"2025-08-01T04:17:54.882582Z","last_seen":"2026-05-06T23:41:09.284559Z","times_seen":2797,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"0e1ee9f442371606d9a13b41a0dbeaff","sha1":"a05c25c8ad9127fe7d45319ce13e8b4a485d2e01","sha256":"713285cbc0cb910dfd2e7a86c604d191a27789ae50964ab1c674507ff4a20c45","sha512":"1dbac9fa1e0b338e780a3600f1a3da140a6c83a961a1d0c6c80fe3dc5a9041c346c471d264a07ccc87457cdccc2a28b768d02283512ba9cee0fc2e2b7124e42d","ssdeep":"","tlshash":"0221fedeb2826488526794d742cd8dceb8e617a919008c20452ef299225c3e8fb6ad54","size":1177,"data":"","first_seen":"2025-08-01T04:16:24.218288Z","last_seen":"2026-05-06T23:41:09.288399Z","times_seen":2853,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"8de04e3dc63af7585af0e827672eb149","sha1":"02ee5e4b4e73e430d629744c4b7a3e38c36ed06d","sha256":"123e2a4c9c65ad62ea2b0992b1f80073e18a341a810f9ba40d1c4cdc31f1e759","sha512":"a42fcbfd4fc45305b75c0093524abafcf73f7d10f3bbe8cf573f3ea87803f672ae7fd293a116e7c24aeb0ef9fb24b9ea32e48200a56243187d5b550407631184","ssdeep":"","tlshash":"a911cce0aa6c599781c2095034894b02b13cb020203d9fd0bf75f0ce7c7c7ec96d262a","size":1000,"data":"","first_seen":"2025-12-20T20:03:49.143914Z","last_seen":"2026-05-06T23:41:09.280413Z","times_seen":1597,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/claim/svelte.js","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"73b754259b9a1f0e2f8287b9270a47f8","sha1":"107d83b5dd73c4f8dd7dcf03a843ae47e6df6646","sha256":"3bdef486b926ad783598b399ad5f4ef212ed009a7a45614694dab414a4c03fc3","sha512":"324b392322111634f4c323c6ffa52b9c60830442ce44b62d457e7949d4e55cbe4ad37ad2288af43d0a0f7ff149e19a1969181668264d32f9b3e92f34894a0ce5","ssdeep":"1536:EWnLJMZWnLJM0jK0QfFe8G3Nbbp1TG+p2H:fNwFe8G3NXDTG+p2H","tlshash":"c253b6d4991bd0e98e1121ddd473e829e4640ea3cdacf1a3ea3cded1791ef21848717a","size":61857,"data":"","first_seen":"2025-12-28T18:46:24.959794Z","last_seen":"2026-02-05T13:17:03.368533Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"3433c9d3e9b7e8e5b34ed72e309db572","sha1":"d53d7df082088749c1df6b08330ee9b9e4076932","sha256":"1d96fa9904e3743570bccd5be90e83fd91975299f374093cc6f723673d582dd1","sha512":"ffd0e047331871f21738643968b7eb7fa045ee0e45346a9ea986c4b8a3e745dd310542c6b2734f6d244408bba6548ec66f5cd7662c69485b5e59e3b9432cdff2","ssdeep":"","tlshash":"06f04245bd825a24d35670ddc41f978cc53690dd91491c4cbb64ece1de94c2cdfc6534","size":585,"data":"","first_seen":"2025-08-01T04:16:24.219641Z","last_seen":"2026-05-06T23:41:09.277044Z","times_seen":2967,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"airdrop-qie.digital/secureproxy?e=jscdn/getFile","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://airdrop-qie.digital/","date":"2026-01-24T13:33:46.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop-qie.digital","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 06 Jan 2026 07:38:00 GMT","end":"Mon, 06 Apr 2026 08:36:32 GMT"},"fingerprint":{"sha1":"04:B6:B3:10:22:B1:85:EA:88:90:45:62:5E:1D:D2:BD:DE:5B:4C:1F","sha256":"29:63:8C:A2:9B:76:FC:5A:91:AE:8B:32:B4:65:BF:57:60:67:19:3C:52:54:17:11:45:EA:AD:C3:04:AE:2F:E0"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: airdrop-qie.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://airdrop-qie.digital\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"c8czf4te8mrk1thnluyc\"}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 24 Jan 2026 13:33:47 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\ncast-mode: default\r\ncontent-security-policy: frame-ancestors http: https:\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET,PUT,POST,DELETE,PATCH,OPTIONS\r\naccess-control-allow-headers: Content-Type, Authorization, Content-Length, X-Requested-With, Accept, Origin\r\naccess-control-allow-credentials: true\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding, origin, access-control-request-method, access-control-request-headers\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WYC7htiDD208wO%2BcpXcr437JrADrtKeptK0Mw4WwNUjaWsd%2FZurL7J2C1S%2BnZbI3vxQmhRN0V7ZiVwbdhcTUh1G2EQ3DcZ00vpSVB4URIavsKw%3D%3D\"}]}\r\ncontent-encoding: gzip\r\nalt-svc: h3=\":443\"; ma=86400\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\npriority: u=4,i=?0\r\ncf-ray: 9c2fe78ed93f23eb-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4541846,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6a549ce28fcd683b1875324663e6a6c9","sha1":"a216bc19847164cbd9032f74914cae1884843b3d","sha256":"e1855e58111e89dbabc8f29c3be97905c8df83bdb105e281541f66b7a5d6c8be","sha512":"dcf2e6d7f959be48f474c354d14937ca235e1b51eb9d5aa2ef9da1965fd8de74d56117c48adb7cba2fde0931e77d15ecf3a19c6595447216045493df669f7cff","ssdeep":"24576:dJh+mVcl15N29Dz3taoB294uaQb+4Kkk7V1/iLqBm:vkmmlhi/3zB2KjQH783iLmm","tlshash":"542523f9fc52a0c1bda16d747ad27e5daea850cd5a91cf3738d8ec10b09127802ed9d2","first_seen":"2026-01-24T13:31:44.535753Z","last_seen":"2026-01-24T13:47:06.045546Z","times_seen":4,"resource_available":false,"data":null}},"time_used":895,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":381,"receive":507,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"airdrop-qie.digital","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-24T13:33:46.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop-qie.digital","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 06 Jan 2026 07:38:00 GMT","end":"Mon, 06 Apr 2026 08:36:32 GMT"},"fingerprint":{"sha1":"04:B6:B3:10:22:B1:85:EA:88:90:45:62:5E:1D:D2:BD:DE:5B:4C:1F","sha256":"29:63:8C:A2:9B:76:FC:5A:91:AE:8B:32:B4:65:BF:57:60:67:19:3C:52:54:17:11:45:EA:AD:C3:04:AE:2F:E0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: airdrop-qie.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 13:33:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Tue, 06 Jan 2026 08:23:35 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Bo%2B79Hoq6N0Tz8UMLAwVdteJcnaDFIk0MbQzuETh066nBbOGZNsOERVNe3DIumChuPZHqFPfdnNLp8jPI9WsmJuUUDd0lvU%2FHn0pY1vnblvXZdQ%3D\"}]}\r\nage: 150\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9c2fe78cb80135a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":57216,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (723)","md5":"9a9789c203e52c85188f56234863cd75","sha1":"bf9e1124bd2faf3ebec46f9f5084e0d7063176b4","sha256":"bbd4892b0e3ee38a8418640d98084c5661bd2b7060d08fef6d54f9016296f1e8","sha512":"8e4782727b2edc661c0baa78403a28ba6727c74cc217a79559708dfec557e305006b520c54a9385fc4535a365ec3949f513197f33b5ad1bfbbcfd978f083ee48","ssdeep":"768:otKnQcM3gaNPXXgA3yGTZ81+6SgMA8Q7K64QXr1qEt0Hv0EV06108e:lKuQdTZ81+6Sm8Q7K64QXr1Ie","tlshash":"5b43911564a384795c13657d27eeb10eb33af047d92aeea8becd1101cfc12f49e927a4","first_seen":"2026-01-24T13:31:44.531193Z","last_seen":"2026-01-24T13:34:10.742867Z","times_seen":2,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":17,"dns":1,"connect":1,"send":0,"wait":12,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"airdrop-qie.digital","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/claim/svelte.js","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://airdrop-qie.digital/","date":"2026-01-24T13:33:46.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop-qie.digital","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 06 Jan 2026 07:38:00 GMT","end":"Mon, 06 Apr 2026 08:36:32 GMT"},"fingerprint":{"sha1":"04:B6:B3:10:22:B1:85:EA:88:90:45:62:5E:1D:D2:BD:DE:5B:4C:1F","sha256":"29:63:8C:A2:9B:76:FC:5A:91:AE:8B:32:B4:65:BF:57:60:67:19:3C:52:54:17:11:45:EA:AD:C3:04:AE:2F:E0"}}},"request":{"raw":"GET /claim/svelte.js HTTP/1.1\r\nHost: airdrop-qie.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://airdrop-qie.digital/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 24 Jan 2026 13:33:46 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=2592000\r\nlast-modified: Tue, 06 Jan 2026 08:23:35 GMT\r\netag: W/\"f1a1-19b9267831d\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\ncontent-encoding: gzip\r\nage: 149\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=88XwjN7B0yFIghUHu%2Blbdpak5YfWHucCciYSZcip9EeCvbQrtY4P%2B4W2M9MgN2zjQmD73ZKMia74ZyFFKb8qvkClgDL6kIis2XicwrZIObh0E0U%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c2fe78dae5423eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":61857,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (61857), with no line terminators","md5":"73b754259b9a1f0e2f8287b9270a47f8","sha1":"107d83b5dd73c4f8dd7dcf03a843ae47e6df6646","sha256":"3bdef486b926ad783598b399ad5f4ef212ed009a7a45614694dab414a4c03fc3","sha512":"324b392322111634f4c323c6ffa52b9c60830442ce44b62d457e7949d4e55cbe4ad37ad2288af43d0a0f7ff149e19a1969181668264d32f9b3e92f34894a0ce5","ssdeep":"1536:EWnLJMZWnLJM0jK0QfFe8G3Nbbp1TG+p2H:fNwFe8G3NXDTG+p2H","tlshash":"c253b6d4991bd0e98e1121ddd473e829e4640ea3cdacf1a3ea3cded1791ef21848717a","first_seen":"2025-12-28T18:46:24.959794Z","last_seen":"2026-02-05T13:17:03.368533Z","times_seen":14,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"airdrop-qie.digital","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/claim/logonavbar.png","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://airdrop-qie.digital/","date":"2026-01-24T13:33:46.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop-qie.digital","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 06 Jan 2026 07:38:00 GMT","end":"Mon, 06 Apr 2026 08:36:32 GMT"},"fingerprint":{"sha1":"04:B6:B3:10:22:B1:85:EA:88:90:45:62:5E:1D:D2:BD:DE:5B:4C:1F","sha256":"29:63:8C:A2:9B:76:FC:5A:91:AE:8B:32:B4:65:BF:57:60:67:19:3C:52:54:17:11:45:EA:AD:C3:04:AE:2F:E0"}}},"request":{"raw":"GET /claim/logonavbar.png HTTP/1.1\r\nHost: airdrop-qie.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 24 Jan 2026 13:33:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 1526679\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Tue, 06 Jan 2026 08:23:35 GMT\r\netag: W/\"174b97-19b92678315\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 149\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4eKK2%2FGR6TKXkcrhl%2FEF6M5mlo53Atp2idd0tu4CFrUDQvk4%2BjmZm6BxPaOStQAIDVhdTeWMO2lHI5iH20jukyu23CiI3fDSS75DH%2F3lCKRB0hY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c2fe78dae5b23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1526679,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"96bd9699d730382dea5fb7f78ca6c50b","sha1":"e04f86ab09d313f5ff4f74555928d8609c49a6f1","sha256":"0ccc86b1ae643f773cc2563cb3d0d51118b3c2dcc79c1bd03a01b6645e295969","sha512":"cb766897849d9a180b9c5a3e1744d08ba7ef2b16dfb716aa314aa3911ebdd467a0852bd605a1288cc7f5b7c2ad5e66c34046a4fa0b3d84951bae62af218f8a32","ssdeep":"24576:eL6PnXI/fnT94vfJrgni43U1CjW2hxg0dVDWK3:26PnCL98Kisa2Xg0dVDWK3","tlshash":"ab253336a611d673e7430bf78cb478363a754b6404adea3683319d01deaced850857bb","first_seen":"2026-01-24T13:31:44.527757Z","last_seen":"2026-01-24T13:34:10.748634Z","times_seen":2,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"airdrop-qie.digital","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"airdrop-qie.digital/claim/logonavbar.png","fqdn":"airdrop-qie.digital","domain":"airdrop-qie.digital","tld":"digital"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://airdrop-qie.digital/","date":"2026-01-24T13:33:46.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"airdrop-qie.digital","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 06 Jan 2026 07:38:00 GMT","end":"Mon, 06 Apr 2026 08:36:32 GMT"},"fingerprint":{"sha1":"04:B6:B3:10:22:B1:85:EA:88:90:45:62:5E:1D:D2:BD:DE:5B:4C:1F","sha256":"29:63:8C:A2:9B:76:FC:5A:91:AE:8B:32:B4:65:BF:57:60:67:19:3C:52:54:17:11:45:EA:AD:C3:04:AE:2F:E0"}}},"request":{"raw":"GET /claim/logonavbar.png HTTP/1.1\r\nHost: airdrop-qie.digital\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 24 Jan 2026 13:33:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 1526679\r\nserver: cloudflare\r\ncast-mode: default\r\nx-powered-by: Express\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Tue, 06 Jan 2026 08:23:35 GMT\r\netag: W/\"174b97-19b92678315\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nx-cast-cache: MISS\r\nage: 149\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fJ80jTtPSVZNlq4HmgVYrIh5uk6Naufi%2BFRIOdpZlZXZdDonl7QoDBEZ2gfcfXcUgLjU6AytV2TQYE%2Bea74gZL5ZSLijneEYJqnq2GD5FUgdLEk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9c2fe78eb8f923eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1526679,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 1024, 8-bit/color RGBA, non-interlaced","md5":"96bd9699d730382dea5fb7f78ca6c50b","sha1":"e04f86ab09d313f5ff4f74555928d8609c49a6f1","sha256":"0ccc86b1ae643f773cc2563cb3d0d51118b3c2dcc79c1bd03a01b6645e295969","sha512":"cb766897849d9a180b9c5a3e1744d08ba7ef2b16dfb716aa314aa3911ebdd467a0852bd605a1288cc7f5b7c2ad5e66c34046a4fa0b3d84951bae62af218f8a32","ssdeep":"24576:eL6PnXI/fnT94vfJrgni43U1CjW2hxg0dVDWK3:26PnCL98Kisa2Xg0dVDWK3","tlshash":"ab253336a611d673e7430bf78cb478363a754b6404adea3683319d01deaced850857bb","first_seen":"2026-01-24T13:31:44.527757Z","last_seen":"2026-01-24T13:34:10.748634Z","times_seen":2,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":18,"receive":90,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"airdrop-qie.digital","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}