{"report_id":"bc3bcf21-81c4-48af-98a5-0386cdf8c5e6","version":6,"status":"done","tags":[],"date":"2026-02-20T13:35:23Z","url":{"schema":"http","addr":"kryptomining.io","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":0,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"title":"Krypto Mining LLC | Cloud Mining |BTC Mining |ETH Mining |DOGE Mining |Mining |LTC Mining |","dom":{"size":73624,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1150)","md5":"f3d235f1488370fa485fb07f7a9d1f85","sha1":"8ffe6de688fe87e78a3c77e8682940368eac5967","sha256":"665dab71e291c369e5553eb01cc7ded3512684db8bbc8ad97d96e862e0fe94b6","sha512":"b037221aa8f7e414c3c71e5822af538ce3b1ececf1bafcd4ab2dc18551fe8c3bd771f1c29926d4791a4dbbbf17f4b86c2e84e091c1af546c8404d51f242a857b","ssdeep":"1536:Uesi6iIwQUKIlXzibnXR8XI9EyiA5VG2TeC:Ue/ZIpY+bXR8XI9EyiwG2d","tlshash":"c973b661d75d2caf021311c160b07bd860bf9e32d6274deafebf122923c4c88656b5b6","dom_hash":"domhash150342bd78eb94fc27e5a51559168e51","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kryptomining.io","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":0,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-27T13:35:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"kryptomining.io","ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"domain_registered":"2025-08-25","domain_rank":0,"first_seen":"2026-02-20T13:35:26.154035Z","last_seen":"2026-02-20T13:35:26.154035Z","alert_count":126,"request_count":63,"received_data":2923611,"sent_data":40662,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"decimal.js","description":"","website":"https://mikemcl.github.io/decimal.js/","common_platform_enumeration":"","icon":"decimal.js.png","categories":["JavaScript libraries"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Popper:2.9.3","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Bootstrap:5.3.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-02-15T22:32:42.929582Z","alert_count":0,"request_count":5,"received_data":554221,"sent_data":2457,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-02-15T22:26:45.957139Z","alert_count":0,"request_count":1,"received_data":103021,"sent_data":467,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"client.relay.crisp.chat","ip":{"addr":"64.227.36.222","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"domain_registered":"2017-06-09","domain_rank":159579,"first_seen":"2017-07-02T12:24:26Z","last_seen":"2026-02-19T01:25:31.31953Z","alert_count":0,"request_count":1,"received_data":441,"sent_data":594,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"collect-v6.51.la","ip":{"addr":"43.174.27.154","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"domain_registered":"2005-01-17","domain_rank":348646,"first_seen":"2021-03-08T16:03:54Z","last_seen":"2026-02-16T03:21:06.298707Z","alert_count":0,"request_count":1,"received_data":359,"sent_data":471,"comment":"","tags":null,"fingerprints":null},{"fqdn":"translate.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":6317,"first_seen":"2012-05-31T07:21:21Z","last_seen":"2026-02-16T04:39:11.220018Z","alert_count":0,"request_count":1,"received_data":387653,"sent_data":548,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.gstatic.com","ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":146047,"first_seen":"2012-05-29T15:36:17Z","last_seen":"2026-02-15T22:30:04.850164Z","alert_count":0,"request_count":1,"received_data":21152,"sent_data":542,"comment":"","tags":null,"fingerprints":null},{"fqdn":"client.crisp.chat","ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-06-09","domain_rank":168029,"first_seen":"2017-07-02T12:33:45Z","last_seen":"2026-02-19T03:10:38.029253Z","alert_count":0,"request_count":6,"received_data":514782,"sent_data":2849,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"translate.google.com","ip":{"addr":"216.58.207.206","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":609,"first_seen":"2012-05-30T01:30:32Z","last_seen":"2026-02-16T07:28:45.188105Z","alert_count":0,"request_count":1,"received_data":82226,"sent_data":461,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kryptomining.io/assets/js/script.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c069cbe73053b6c4461f1ac0b573827","sha1":"331c55160f128fe5dc4c36f74b65eeae09ff6dd4","sha256":"cb6a16e28aa5e08e6d7dfc0c97e33564a2b81074f0f277a89c62087a3945ef7a","sha512":"a7e79853c9bfe73c0a15dc32428f8d0d099953b44aec444921284f77bbfef3416c59920c92901458ed450c858590d5c8dea7b88f1a78ec1685915f6d1f4e328e","ssdeep":"96:+TSk+7vKqeqppI18MIe527schKRRWbimb/ebL8ghPzkSIFoEH:+T87vKdqp2e3ew73gRW+mDefThLkSIFz","tlshash":"9a91404ca0c2450b40f310eab65b2a04740b76175b41ec127b6d0597bf5ee7ea1faade","size":4572,"data":"","first_seen":"2026-02-20T13:35:30.261197Z","last_seen":"2026-02-20T13:35:30.261197Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"697970e8df96ae6996b20cccf43fd8a3","sha1":"830863effb05341b138643a548c16c02c373547a","sha256":"2a8e10852c8614209b9e3cdcb26d51fe64a24f50b80868850a9dbab42603be62","sha512":"96b11ec4f2553d0c7c1237401a278c2cb7bd626b1c76fbe2a688f9c637309b8112a3d943543d03950c8d03cb45980e792614660377ad8b77cbf5fcecda168484","ssdeep":"","tlshash":"c21158c5e74d17e2c0512b340af197ec327ec1b9ab62b8a73c7857486468adc531e279","size":962,"data":"","first_seen":"2025-10-30T07:25:49.065841Z","last_seen":"2026-02-20T13:35:30.345916Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"cb01aa903e49140d04438b1be8a86e96","sha1":"139ee269187e58cc7e6d20524dcd1d5871327279","sha256":"e7387dad190fb12ed576c7adb9b9a34b29b8c4b9068cd9af7989a82aa7f5a030","sha512":"7f3e478c7016daa3848576beef5e28e08316d53d890543d11a4dbf362c9eeb21ef04ca2cadf2e83e28932e264c658fd77bd076b34d4a81540bb9306eb2bbb173","ssdeep":"","tlshash":"a8a02200fbcc2080fa28a808003a20cc002c223330820c3cce8c20803cf0f2c322cc0c","size":81,"data":"","first_seen":"2026-01-28T03:11:26.124893Z","last_seen":"2026-02-20T13:35:30.346514Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"e49f60686a5e5891ee4390921c95dc63","sha1":"630dc248f62aaad9e2d93c674aaa6f7c9bfdd2f6","sha256":"abba4a18a10ceb41f809fffd63a0bafeb9df40075c50b9d3026e344d13f46e01","sha512":"d275cb5a33881e3fe1348ae0598dff19f687aeb899fa8997e033deca9b75e520cd4e25046f0eccc4336d874b498a78dc6566fa269ce184dd37076184ae7b7ab0","ssdeep":"","tlshash":"68e06870fb2c283383b2e30b741cbaca612e0035e8056e477e3c89050cc2a1926a15a6","size":410,"data":"","first_seen":"2026-01-28T03:11:26.1261Z","last_seen":"2026-02-20T13:35:30.347622Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"a7c2ff89bc1bf1f412a2444f3213d2c2","sha1":"e096b14ed2d1946882e8318f7af09b95876e9f8d","sha256":"5e613c79352107d2cd84c03562cfc99c7a8aa8c2ca74dd229f2260334cbbb5b8","sha512":"0edbe36837e7a39ce3a0619befabd297891fdfb6ddad6d988d31c3bd79d6f81a91d6938e5777f7d5ed5dcfa623e401a2b13d284152920627548d9223f15a4ea0","ssdeep":"","tlshash":"b4119be1f36c623606f129a0caa9b6cdd43e00f1b805a46fbc5d964d27c16994d610a2","size":1024,"data":"","first_seen":"2025-10-30T07:25:49.071727Z","last_seen":"2026-02-20T13:35:30.348261Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"b8f378e04002908e61ab19806d14adf4","sha1":"bdb080a5ee1b09532f4baefd801615cd55d4303d","sha256":"ddf156734b0215a12a72b6dda81e227b40fd31878f827841ef6f665c643ed752","sha512":"dfd9e4c8fd0a27fa723c2c994883de0e2ed07cde3ae7a7e854cbde6ec0dd09445ebf39ab28bf7e1f70997ef0467d24db6b652e9200d0f940ad0669161f327c7b","ssdeep":"768:yZk38iN03OukpBAPW7m7V1k00WOuKbL1neniU8fQ8Xi6huxV6hk00W6uOAEgnBQo:0uj+7niUAjxm6h2kkBvSpO/TAxHJL3hB","tlshash":"fa43d82ab30aa73202c101917ad647d1f76ba4edf35687a67c78405e23e5d2cc23f6e5","size":56152,"data":"","first_seen":"2026-02-20T13:35:30.349112Z","last_seen":"2026-02-20T13:35:30.349112Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/js/jquery-3.7.1.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"590e42343d102243a708680d1e0bae99","sha1":"24f01f4996e3fe908292b0a39ce552610d2200ac","sha256":"2ce29ee8fedb8ccd1be187f5c1ff6937591df4ee5b3afbcc99fd3e7f4d2819e4","sha512":"0c3a713961d624bf85481bf9b64957cf4c5a85a0b1b49a734adf5a6178cdf0926c9deb83c89391ed490b6de39c51d1c7a9254f024342f9a1de9f23dc22886a8f","ssdeep":"6144:P0aVw1fff7JTEeo4S9FzRG2x6lvX0ok307NaTxbJj+ir3Aag8MwI7UU:mA4S9FDElvX0ok307NaNhlLAaGw4UU","tlshash":"b384e85d79ea21254a23707eabef7109b635d0271508de50bc8d43582f9183892fbffa","size":390024,"data":"","first_seen":"2025-10-09T20:13:11.744268Z","last_seen":"2026-02-20T13:35:30.293018Z","times_seen":16,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/jquery.i18n.properties.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"227aa0313b8804146aa65b7ee8d80fbf","sha1":"dc359eab2baeeaf01552b74219f2cfac1dbd666f","sha256":"8791b106fc85230e4d9e8f76d5170d7b8e37f11cf775e5ea637048a4dcb5ca95","sha512":"f52fb89bb7454c7bfd0617ad3eaba99a8b9bbbbdba8f1d63959ba0eaf5a121b3b7346bbe0bd910db7b036b6160f1dd636092b716582c95bb27a635d52928681a","ssdeep":"192:jALJBkwFZJxjvbiHO+Jhx3rxZxInaeeQw2vQysUU8gNlzEl/G4/Gs8y138BsT+FV:sNmwhtvbiHX5Rp+j+ToRUmlk","tlshash":"d9a23f0d69420d994d7373749faa2498eb75946b0220e1a2bcad77403f78c9491faffc","size":21953,"data":"","first_seen":"2026-01-28T03:11:26.086482Z","last_seen":"2026-02-20T13:35:30.313978Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"948a48f8a8603ecd670c3abf22dcd10b","sha1":"b5f8841fef18ea70c4367d1d197f99b6fa51e173","sha256":"d4465c0d4b141649136ddf2b07f64f93631e86474057b53d9db1a61ced21d8d5","sha512":"ff0816f4396ec01eb4243a9fcaedec7ab24bc67bddf41b323eaf0b8d980153de750000a26bd95604054eff07d890f489eb6f03ff9372f4fba94d49aae5651026","ssdeep":"","tlshash":"9c216ed4e77c3027cb2e726549ba23ef127df133780648aebd45219d06c162d9399d28","size":1234,"data":"","first_seen":"2026-01-28T03:11:26.135448Z","last_seen":"2026-02-20T13:35:30.350844Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"c062503fc0de7d917625a7615a78657b","sha1":"4e4e97fabed0e43bcfea8af431803d1f15c25be3","sha256":"23efb4470229178f914e45078c64753ffbcab1a4ae86331fad841cf67210bfb8","sha512":"5fea587f23158fe1b8d4df3421a515e05b6c244a1ee90c2cf6758a6b195fbfa0a1dff4528a08bc2b01c80dbdfd0fce452c28c95964657c8e9a46c0b698f7e45b","ssdeep":"","tlshash":"19d02b6b1a9a2030407e11ae922fe1387893505f4613e005b4ccc9de5f30d6b8ae6bbd","size":286,"data":"","first_seen":"2026-02-20T13:35:30.352063Z","last_seen":"2026-02-20T13:35:30.352063Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"a63955ec435542d90fb5132077f94e03","sha1":"fc44871de3ff8deb5c61044fdeda3163d1117ddf","sha256":"fb653aa2083e8cf297b1fc5329bbe5abbc69001e08528eed54b50fcdaa133a61","sha512":"e4e353421ae7b5ed42d32d5e9c69cc8f3d80db19778eb05634a15f48d783f927ee564a88f61cb165087b94e503a98bb1a17cdc9b57c56549ca5b2ef2815840c9","ssdeep":"","tlshash":"d751739af35e36df007302da40ae12c0b0ee6073ae046c727e7b25012392e4a31a7da5","size":2924,"data":"","first_seen":"2026-02-20T13:35:30.35326Z","last_seen":"2026-02-20T13:35:30.35326Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"e630d67afdb36ec24ce336bf71fc467c","sha1":"04a0bd3348b622228507d089968f387216d07424","sha256":"3edd081da9ead6a4b3aeda22253e8662d8696dcb2d3b3e9882efdb00f9d39710","sha512":"67040602b290cae279a978097fe410b302f2584be538bb910a7c7bfe21f54f5203a204db88c57a2e1dcddbd4d9ad25d1b7cbade30715e3c53623939396237bbc","ssdeep":"","tlshash":"5b900230891000ccd03998d11c3433d8002a8da8040182001940d200fc147010756c9c","size":52,"data":"","first_seen":"2025-10-30T07:25:49.079174Z","last_seen":"2026-02-20T13:35:30.354468Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/l.js","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d58aa65e2c334ae126e2b0622c08a8d8","sha1":"106607ad0c4747260d1f45dd19bb8f02ff5a5b53","sha256":"37d3ba3afa708c3dce89ad695001ae8de125da33f218b80bf829409100a88b62","sha512":"48c374f04ef417402695472b1772c78953ea26eda90d9a5fc9eb2bd8727f6b23aea4d2aeda32b43d347593c85c841cccef41e43b4cef507b9486d109fed737c4","ssdeep":"192:bjiSfZ0VsU+ZO09SOQal5eK5Y+91Edlng99dgY3AjL/7Cb/+io:nh+IHmMeK5Y6iu9uY3Abkk","tlshash":"e8f183173269a03505a362ef123b6a45f03361295c85825cb569ecf1297ce4fa13bffe","size":7756,"data":"","first_seen":"2026-02-20T13:34:07.952227Z","last_seen":"2026-02-20T14:47:24.603779Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.QjRrtq-TNBA.O/am=AACA/d=1/exm=el_conf/ed=1/rs=AN8SPfo12XO7tT8z0rVFR5DWgJGeq0dJ-w/m=el_main","fqdn":"translate.googleapis.com","domain":"translate.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ff1d2e3f1d0db9bb5da46d1e233a498","sha1":"f1a4ef11a1bb4324bbc45e112d3e9275f34184e4","sha256":"304acc7636e3b5c9ce4f1967c12c2a4b08c031c9e0c2c33b5c66ea9dfd236cd8","sha512":"9bec9e4da7b6da0ab995dd0c0e172faac55ef2953d40fad7f55f2c0d110190251af0a11f8b3fbb4d3c7b3afcf7b78ec8dfeb7de0e06aaa20cc0d53677e1da745","ssdeep":"3072:5U8u68h+wUfJGxqmcq4fjn5g6CoVOgFIxVE3fuuOES6Tl3aEt5fWvnbQYFO:qUwgixven5ai","tlshash":"5884d9cab266b8939262f8a190bf004bb93d9d57b4484c6cb549d8ef5db08094173f7f","size":386790,"data":"","first_seen":"2026-02-17T20:33:57.511221Z","last_seen":"2026-03-25T05:08:41.976324Z","times_seen":689,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2e477967e482f32e65d4ea9b2fd8e106","sha1":"ddc6e9ead6d16ae9237399ce41e8c1620cc59c36","sha256":"0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c","sha512":"ecf8bfa2d7656db091f8b9d6f85ecfc057120c93ae5090773b1b441db838bd232fcef26375ee0fa35bf8051f4675cf5a5cd50d155518f922b9d70593f161741a","ssdeep":"1536:WmwIiEEO+TBR2t4J9RirWDKsVA5y7fy3YJtC/r/45wZbfbXZTb0WU078:HwORx3YCD45wZbDZTb0g8","tlshash":"ce73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","size":80721,"data":"","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-06-07T18:29:04.501601Z","times_seen":26974,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/decimal.min.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"edf3d41bc87901f9e2f638ad9848e338","sha1":"f5e7d4636da36f6821f84dacedb98b8fb9dd6204","sha256":"90171448a828e11d0a832881f16f5e08eb071806b63604118eb44b4a2fb38cb5","sha512":"97fa6f8f80eff325fc5b9e207bfc3415c294b97f954cc91a1b401401111a2fc000415af4d6252b76c7b6d3a622502e58d5ed76ea8d6855485de5974cfab2525d","ssdeep":"768:rnHX+7Sb7cEBFA2HZuE5pJ7ZmGT1aaULc:rnHX+7SPcEnzZ99PV","tlshash":"7fe2f8e532b2f1c623e328e140ef9487f2376d54994d21b1e24c9af53cb1589a27af74","size":32670,"data":"","first_seen":"2025-10-30T07:25:48.919852Z","last_seen":"2026-02-20T13:35:30.333839Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/i18n.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b17f5a0dac5329e52eb1bf7eb0649d8","sha1":"3cd063e2ed693cc2831c76e84ed901d931c10fa5","sha256":"45f301186b5ccbf9085d9b9e29f713d18b2e9ac40e6a0f67dca1d39a36a6dd48","sha512":"5be7b2fec538f16fe252796db23a360396af04e38fccb7d9cbf202b842d3df404e48fc8c2c8f067d44195f7b336cfc247479ba7b3c30a8ab59815fa6bc183a64","ssdeep":"","tlshash":"d131328cf4369a81107327e573296500ec71a81f03a1ee0336ad48a16fa9c8cb177dde","size":1516,"data":"","first_seen":"2026-02-20T13:35:30.33509Z","last_seen":"2026-02-20T13:35:30.33509Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@popperjs/core@2.9.3/dist/umd/popper.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1a71969a95592d2d3d32bb7c1296190","sha1":"f6e3039d5b647e7c9f79293dc7c46cb286003d6c","sha256":"ccc0ee783158d1ab3ae590ef8c982a827e38e8b82fd121551cdd4c20041fcd1b","sha512":"5cba3a6d07b4f22ac939b09cf3aac510a41d70561b18620755771f32cc696ef17ca26a6677548d263a956398668d0d354ecd149a649019faa9b777c68e6ea918","ssdeep":"384:P5tp5wmEyOQQ5+D0/BAyMAoflA0mxPjjLqWlV1NnuGixt0ZUL83H+H9h++Ee:gmE3UD0/myRoynOWD1Nnuft0ZUL83HAT","tlshash":"ca82b5cd3990f0a5167b52b6c07f550fb3339561228ea100b255d6dd2c78ebba26bc3e","size":18873,"data":"","first_seen":"2023-03-07T13:48:21Z","last_seen":"2026-06-07T15:53:01.066762Z","times_seen":672,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sdk.51.la/js-sdk-pro.min.js","fqdn":"sdk.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b8a41c9449b73e8ba0224c6be1f0b7e8","sha1":"33d79319d4110bcf5c44c36f7dd4a291972ac546","sha256":"52079c09a7355f4ce3af750602ebb9aebae8238583601f8a06268eecccf13565","sha512":"472d0395a65a3ade2d215559b196a88ffcdacde3ac0f573eb8663b524f201d72c9339bcacbc198d82452a0ac367c0efd407b12795943cdd2755d95a8cf71b977","ssdeep":"768:swetbD3SkE+a/l1jaKUiQU5eqEh9GMXBOXAA/EXBeJMlbJfuPT:BetbD3SVT/3+KUc5eqEh9GMXBYEXBeJ7","tlshash":"dbf23d9577c0317cc3c783ea362b501ae1a69e910059a8bcf345f6907d34e56a37fba8","size":36114,"data":"","first_seen":"2025-03-10T03:40:31.536734Z","last_seen":"2026-06-07T15:49:12.940853Z","times_seen":98188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/static/javascripts/en_default_8a1b536.js","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"94c37c77a65e194f1dcc0fa8cca6e916","sha1":"23d2fba422f0801da108adf7957c24610834ee95","sha256":"8a12ec9d69ade82735e934e07dd38c775b579bf19bf26beeed8972be0703b810","sha512":"0fc2d7f295c00070bdfb5d5a43dd697c86fd99b9c259737de4e64a2388d9b32587746151ae03fc429748f5a9e894c20995fb0dc9dc691152e9491e69c0b49034","ssdeep":"192:pFmXDS8ajwhwPteE2WZXikEeMeTAFGySAU1RrUWYGfu7nOmrY2FYXC+LvvKTzHrO:pFmX28oXikEeMeYGySfRrLzmCQrO","tlshash":"0d52a61eef36ce7b02774b83b084b6124eb111b106d0687ed45d497d02a4dc9b66bf4d","size":14214,"data":"","first_seen":"2026-02-20T13:35:30.311399Z","last_seen":"2026-02-20T14:47:24.604562Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/index.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f0e0eaf912cd8676bea26f8616411ea","sha1":"902ddbe01481b6c701df6b65ee61fed7c76b613e","sha256":"b000a9bd267b3068f37013ad4dea0a231f2d23673a1d02cc12f300eea8e7284b","sha512":"f5c5a6eae2ccba40ae765d129f95e90f0c5911f90d4e3786b46f068d656f2274cbb1fa150beca9c2260afd744f851d6d0c6bb7034a3cdf2a95ec8f2deebc4661","ssdeep":"192:1A89G/u5t0vDrB3FrWBrwe/F2n/wtGOO//NfgaK7TfZXw:79G/u5t0vDrB3FrWBrwSon/wtGOO3Nfb","tlshash":"b5128690a1fb5d26027314c550a12644b0efae37c726d085bbbf92503fd5ca4b4f29be","size":9575,"data":"","first_seen":"2026-02-20T13:35:30.295271Z","last_seen":"2026-02-20T13:35:30.295271Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":true,"md5":"ac8f6ae8ebcfb0cea7be0d1f8802e1de","sha1":"726170dc082bf70d3737ecd674fa905b1f8d0d10","sha256":"4abee1b01a402b76a3450a9e6e3c46c6619a4bb02f06bbdc86db681b08e6f233","sha512":"5dfa3cc31a5fbdede7dc2d082ec344d12ec3bce2caf6b218a7102dc48bf82dc8f5d05c0127590ac095fb2328514dc226dec6bb64aa9f50e32a5b4be1d3043bd4","ssdeep":"","tlshash":"5e90028006420409c8940b4803168bcf3855e043c814e004ec66f3d002c0e22680d129","size":54,"data":"","first_seen":"2026-01-28T03:11:26.138685Z","last_seen":"2026-02-20T13:35:30.356324Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/_/translate_http/_/js/k=translate_http.tr.no.QjRrtq-TNBA.O/am=AAAM/d=1/rs=AN8SPfpUZDPh0WwrKGKSm5fQf-jwkAXO8w/m=el_conf","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c13e5f7acf7712a6c8fc0fee0f2969fa","sha1":"a87f332c518c59d973e5f529d2425dc0dda4e244","sha256":"028a1ce994bc0942d4d87fbc1c38150fc80bd6a42647d08519c09b34acb512e1","sha512":"6aa3636d658f947d82c2e1e4d14314b624ea22b1868c5262bdd036a02350038d4cd668af3d24a39a8455fcea80034076d8df1db0b85cb557f8c9b64655478856","ssdeep":"1536:Xbnw0ufUp+e9aX6UPA6KqeKvJMm1/JL6sNH4eOdDZGgiSwNWiv:XT+e9aAtqeKvum9qIgirv","tlshash":"8983b8ccb6a671618263f5b5413f000eb23f59aaf8084cacb288d8e16df5949417bf7d","size":81656,"data":"","first_seen":"2026-02-20T13:33:56.42287Z","last_seen":"2026-02-20T13:35:30.319371Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/static/javascripts/client_default_8a1b536.js","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f97108d38697e86fb4bf4e1276f2e7f2","sha1":"d9de4d8671c4395bfdcaff7b922074698dba5028","sha256":"0637d504e108a88b6103b9ad9b788e7bacffe98cd5e5b18daef13cde282cdf97","sha512":"fd471071ad1e0232193268b7c843554fd900f2957ba9d03cdd4194a6ac06538489fa845a3d9ff4dfe93adbea87557e936bc5495f10e00071ba22cb0dbb0f7652","ssdeep":"6144:eLHetYEHOg8MjvtNazcvQ0EYUJULcTp2Mjpn1rID:mHOeCoYUJ2cTpVjpn1ED","tlshash":"8d64198a7261a83213f682d7a4310942f339255d7486843cf36cadef664cec671e7bb5","size":329381,"data":"","first_seen":"2026-02-20T13:34:07.979051Z","last_seen":"2026-02-20T14:47:24.601612Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-07T18:34:06.98019Z","times_seen":363313,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/adv4.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/adv4.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1bc2-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 7106\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":7106,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 76 x 74, 8-bit/color RGBA, non-interlaced","md5":"99465e17d1bac4f25dc8ba4f9e21e69f","sha1":"38355f964bbf3f6c2fffbad13460ef3ae1af2068","sha256":"a2041b8d305953504ce01a6380d92ee13488ba12aebc2eca6a84fa0952137b8d","sha512":"c70ba5591b443e1799eb46e68de16e745ae9b86824b60c4ffa574708a2e1077ba24837c614a24f7137dbf2e089008dcb9e1a79e9d1559d01869880740ec376d7","ssdeep":"192:0FOx0U/mXChMkk7VNQvF9keeR8n/jO3n/SXq:0AWU/mShgQXkkboaa","tlshash":"bce1bfe25abc9cf59ec836074af39c34945e74a9b839fd005c4cfb89ab00a3241d921f","first_seen":"2026-01-28T03:11:25.922095Z","last_seen":"2026-02-20T13:35:30.2261Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2017,"receive":138,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img5.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img5.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"6bbf-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 27583\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":27583,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 80, 8-bit/color RGBA, non-interlaced","md5":"a4b8491c2888768b2d08ea479fc256a2","sha1":"00fe47ead73d360cab66655865fdf66d8e3151db","sha256":"30580b44996b8e20d38066837b6ea851b8d054a58b3432c6002af4c18ee4fae9","sha512":"4286d33ae0de6ff98f699cd47be5431738d3f2019ff29b61fa2a366649b929b7271c2afd5b02cbde219f12d1af25fa6f7c2e31c2fd03beb7648126d311a233b5","ssdeep":"768:7xw8sVBrvlKaKJAkZreNY1hXIiTNHo6Bw68:FcfvlT9kZr51xnok4","tlshash":"41c2d02a90dd0869ccef70b5dcca188bd47d1301bdbf785925613ac524da5ee037ea2b","first_seen":"2026-01-28T03:11:26.055042Z","last_seen":"2026-02-20T13:35:30.229629Z","times_seen":5,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":203,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap@5.3.3/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 33206\r\ncf-ray: 9d0e6284efc390fd-ARN\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.3.3\r\nx-jsd-version-type: version\r\netag: W/\"38d63-xawd7pYctZoEUlbsID9p4xeHL3w\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220057-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 1519968\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=jj4z%2ByRpAZfnqJaxb4y934tCkpzg0iTD%2B3e3e3gq1jBvujA%2FxeuXpGUEsBP6MiXQ%2Bzv%2BIh6z4r6oQkqP2p1dalo%2BDblfxTz4Csh%2F5cuoeEFDajLRc9elSuh3bHx2BFB0ABo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":232803,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"a549af2a81cd9900ee897d8bc9c4b5e9","sha1":"c5ac1dee961cb59a045256ec203f69e317872f7c","sha256":"3c8f27e6009ccfd710a905e6dcf12d0ee3c6f2ac7da05b0572d3e0d12e736fc8","sha512":"8e74ae0384acd8f9248a448e2ed62cf0195821e7882b587df6dcb861fbd13c0973af7efbbebdc25c36fbb1bede1040588c3b5c623f808c11f714bbf9b9226e5e","ssdeep":"1536:O9YnIWbn98fdRfvO5wlP77k9P3EV98IsYRElV6V6pz600I41r:RnIw98fbV986I6V6pz600I41r","tlshash":"dc3482d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-06-07T18:29:04.474216Z","times_seen":22857,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":57,"dns":0,"connect":42,"send":0,"wait":55,"receive":7,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/css/zalink.css","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/css/zalink.css HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"3447-199155edad0\"\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 2683\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13383,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"e65cdfdea2a5214d6d673df4bb0dfc5f","sha1":"9ac14828c131b183bdea5825d7408e47abb3d050","sha256":"92fd2a4ad4017351e191bab92c53d4d0e97604ae58dfc089727739f0f8599713","sha512":"375a3b06290e5f2f75b2ffcb02fcab7f4f9d60e3f4ae437ce4da6feb32a34927358999f13726804dd78c2ed3a9144ee1db7ad66322c10d57e6bba3daffec4bf4","ssdeep":"96:CiLoGOKOyZLFQGb4Q1vxeNk88Bj+1LZJ8JwRvYkJbYh39+jXR8/Jhz7g0MCZCLqe:Dssj8Q1vrfB61pldJbSccJ9XqZF8dIF","tlshash":"ee52be7ae9281c0f6309b4e0bfb1afe35d888c5eda4607f6e552751cf1c266616f0392","first_seen":"2026-01-28T03:11:25.91669Z","last_seen":"2026-02-20T13:35:30.235842Z","times_seen":5,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/mobile/icon-set.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/mobile/icon-set.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"624-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1572\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1572,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 52 x 46, 8-bit/color RGBA, non-interlaced","md5":"9beea83b940328cdbb0709a27b6e3f76","sha1":"7662b9062ee2c7ce23bb95e63ea58be2263d4dba","sha256":"1c96d8b7b7bc6d26571e1fcbb3251f16bfbd77a3f5905e9e1a7425a770f00766","sha512":"9cb6f8e2165e392c13a848c5c19bcc11c40f47b406f39c062ed31ed8088ef4abda05118abfae7aa4a82685c067b45e2df2344449c4679fdd780a32b542a64b4f","ssdeep":"","tlshash":"fc3107e0ef29d217ed9075d809b315860dfb6789c38d621dba2b230abb07f28f402704","first_seen":"2026-01-28T03:11:26.114391Z","last_seen":"2026-02-20T13:35:30.239423Z","times_seen":5,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":61,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/footer_bg.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/footer_bg.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"2b857-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 178263\r\ndate: Fri, 20 Feb 2026 13:35:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":178263,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 492 x 456, 8-bit/color RGBA, non-interlaced","md5":"b7f931716b3177df708e41ce9024506c","sha1":"5b853c6f7c88680ca100d476ca9a23bf14275466","sha256":"3db4bbe7e5dd22232b5b51b7b6796bd1441ce5dab55a94ae3447bd1aad4a8cdc","sha512":"f2dc794024bcacb684aa2b0b9eea76b7616164d64236a9fd407ebcce1f6248f06e6d39ffa99969e7cb29032878a5fb373a551d8f4d5d24b41aa82b35cdc92e60","ssdeep":"3072:+MUksPa3/4Md4H2PzFuHxqgwOoVq8Pzea+RLiIMcyT36YwfLJoaR0tqgbbzXBG5v:zULP64c4H2oEgS08PzePRLiIM96YwjJ7","tlshash":"f2041301a198635e782b53fddca6ba3804515ca2f2198b20b50cf99b3d6cd5f7cb1f62","first_seen":"2026-01-28T03:11:25.968403Z","last_seen":"2026-02-20T13:35:30.242282Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3404,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3004,"receive":400,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img11.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img11.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"80ec-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 33004\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":33004,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 94, 8-bit/color RGBA, non-interlaced","md5":"141c39ec72c820bdb23bfa27babe38f2","sha1":"dbb974788427e6b8e8dcb6bd796761c227f79062","sha256":"15479ba3d5743848aee1f86eaa394878d771a15453368de99c5697e5ecdf7b31","sha512":"a0a64590519302d4b15155b2ab84f57f924731d4d0ad84da60a68457866a7c01ff220e54ba9ac7cc760a227640f4da5ebfd34b0f3ae8ef627b4f788f0a753161","ssdeep":"768:C+myy5347qyAowlyT7GHf1bxBKzTNJuqICa5U9m:C+myhq8TSdbxBmTNTIT69m","tlshash":"81e2f1ac7d61312b37cafc15a6ff3ac1443ae8891ae3a2887111b1ddc94564f7022f79","first_seen":"2026-01-28T03:11:26.050325Z","last_seen":"2026-02-20T13:35:30.244629Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2042,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1988,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/index_icon2.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/index_icon2.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"9bd-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 2493\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2493,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"63866cbdd420decfbf5faf504c1fe940","sha1":"e27280c9acee209844a14590a13a77132d7a2356","sha256":"106bfd573f0cf09299a9e3824b0acd12e41fbfaf3ed3c91d6542f0d78eaab19d","sha512":"539b03746d5b803c9a56fab0f66b790965b0d27aa8a4d70370dbd706e85b78060b9db1ff4396f61de5eab44ba9eed4e26649591f35d43fe41c2f56411369433d","ssdeep":"","tlshash":"83517f7d067573912c644df68c7d32d8e9c8ce02a604a6d0414b7c4a157b724491f7fe","first_seen":"2026-01-28T03:11:25.934572Z","last_seen":"2026-02-20T13:35:30.247032Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1470,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 24464\r\ncf-ray: 9d0e6284fb254651-ARN\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.3.3\r\nx-jsd-version-type: version\r\netag: W/\"13b51-3cbp6tbRaukjc5nOQejBYgzFnDY\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220114-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 57605\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=sjIp5RYnusn6o1caWfJhS1dkxIYb1tfWES%2FsNwj%2Bdz6nRFIEC5MSusU9bPadIr8G5lh1WGON%2Fu8hX0TE1k9h33VDjp4K6B6qDoMt9VDTD92ARfKHlkYqyyBR00ZW9DsCszo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":80721,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"2e477967e482f32e65d4ea9b2fd8e106","sha1":"ddc6e9ead6d16ae9237399ce41e8c1620cc59c36","sha256":"0833b2e9c3a26c258476c46266e6877fc75218625162e0460be9a3a098a61c6c","sha512":"ecf8bfa2d7656db091f8b9d6f85ecfc057120c93ae5090773b1b441db838bd232fcef26375ee0fa35bf8051f4675cf5a5cd50d155518f922b9d70593f161741a","ssdeep":"1536:WmwIiEEO+TBR2t4J9RirWDKsVA5y7fy3YJtC/r/45wZbfbXZTb0WU078:HwORx3YCD45wZbDZTb0g8","tlshash":"ce73c5593244b4730ade85b68037430bf2265998b24b812cb57cadde2a7dcc67277f78","first_seen":"2024-02-25T11:27:02Z","last_seen":"2026-06-07T18:29:04.501601Z","times_seen":26974,"resource_available":true,"data":null}},"time_used":241,"timings":{"blocked":38,"dns":0,"connect":32,"send":0,"wait":89,"receive":39,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"4d7-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 611\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-07T18:34:06.98019Z","times_seen":363313,"resource_available":true,"data":null}},"time_used":3131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/fonts/Impact.ttf","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.322Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/fonts/Impact.ttf HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/assets/index/css/munt.css\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 162\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"91b05fe4fae51178cb4c3c463da3eb62","sha1":"aa0f24e09a2b7d4de88093e7f52760eaf1f58840","sha256":"d4e2254a37b61c422c0633e3f733cf88725200f0030744db421e9cbe25b4e976","sha512":"50557562b02bdebcbabed5a02524403c5b631c095c364a8f5445145d9486864161acb6fa578769b8194df01273aed80c50a85319c662001daf0f1c4f60d2a832","ssdeep":"","tlshash":"48c08c9e110012020a3093002ad1729429973f9d36e3da186a82e06bf8e9a1ac8862ad","first_seen":"2026-02-20T13:35:30.25179Z","last_seen":"2026-02-20T13:35:30.25179Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getCoinPrice","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:20.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getCoinPrice HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978; crisp-client%2Fsession%2Fc6c1dfb9-905b-4898-83d1-bc92d9873eaf=session_78fa2efc-8e04-49bd-a60c-1e91c8231209\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 156\r\ndate: Fri, 20 Feb 2026 13:35:20 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2e44722d1eeb28ef103f7859be074bb7","sha1":"1a4755fe4cac6883e7143e6e0e7fe63685097a35","sha256":"cd6ce954d763a90d193606112814bf23a62f873df25218ca01eed2ce2bf3d647","sha512":"1c985a9c1c61452e05d5ed0d1144be7469a4d85e2fc45f52b2e29b810519e9c808ca4a58224b8bba96ed1acbc6da5676d813f719bc56cd9b09cc3267bae634c0","ssdeep":"","tlshash":"8bc08cea1001150a493082042ae622a538e73b9a24e29a006e82e05ba8d861bd886188","first_seen":"2026-02-20T13:35:30.254027Z","last_seen":"2026-02-20T13:35:30.254027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/img/sid2.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/img/sid2.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"797-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1943\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1943,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 39 x 36, 8-bit/color RGBA, non-interlaced","md5":"8505fa5b5c8b9200bbfb34e5ec7790e6","sha1":"64373b252bb3f0f000942a17be20350f5714c594","sha256":"8e8100c072791c8bb719567b9aa46b94106f5cf8be4ea7db4be3d91c175b699c","sha512":"94b845c11db7991781eddf08b3c9ec51d7b6de929dd4ec9878688df50a3db77a9957e83410038015c5025c80a6700aaea0a1c13f35d68b74d9ed5c0343027bd7","ssdeep":"","tlshash":"5841e820d82f17f9a217d1734d04589cc6525b248ca6a06d2583d957caaea9f8d71cb3","first_seen":"2026-01-28T03:11:26.082325Z","last_seen":"2026-02-20T13:35:30.256431Z","times_seen":5,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/adv2.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/adv2.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"10ab-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 4267\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":4267,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 84, 8-bit/color RGBA, non-interlaced","md5":"be852a09e865422b0c8e13dd0dc8c512","sha1":"220daeae731833c9e0f9ca0b8c8fd03af2ade0df","sha256":"46d423981fbe2339ae821ff1232622e534fc82fb2fc3325e9263dc28df535164","sha512":"dd0aa7892579792feee1ad788373d7f48c7bf9239612fdbd2b8b07c52680637152496c872858ebcc34d8db87c99d923fecb81ef7c33b9deac769c31c78f4306a","ssdeep":"96:/W/StBCN+mCgdUvrYX9fIfG6jjMgzeFJ2fmLMKNM2xu7jvt+RQ:/HO/dUvrYXsGQuBtpu4RQ","tlshash":"0f917c49be7fae52e4f8f102a0e72d4240974c2c02bdd09c39531d2d0832f24a6cea9a","first_seen":"2026-01-28T03:11:26.040293Z","last_seen":"2026-02-20T13:35:30.258512Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2017,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2017,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/script.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.863Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/js/script.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"11dc-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 1409\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":4572,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"5c069cbe73053b6c4461f1ac0b573827","sha1":"331c55160f128fe5dc4c36f74b65eeae09ff6dd4","sha256":"cb6a16e28aa5e08e6d7dfc0c97e33564a2b81074f0f277a89c62087a3945ef7a","sha512":"a7e79853c9bfe73c0a15dc32428f8d0d099953b44aec444921284f77bbfef3416c59920c92901458ed450c858590d5c8dea7b88f1a78ec1685915f6d1f4e328e","ssdeep":"96:+TSk+7vKqeqppI18MIe527schKRRWbimb/ebL8ghPzkSIFoEH:+T87vKdqp2e3ew73gRW+mDefThLkSIFz","tlshash":"9a91404ca0c2450b40f310eab65b2a04740b76175b41ec127b6d0597bf5ee7ea1faade","first_seen":"2026-02-20T13:35:30.261197Z","last_seen":"2026-02-20T13:35:30.261197Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2223,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/l.js","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:04.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crisp.chat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 20 Jan 2026 10:11:33 GMT","end":"Mon, 20 Apr 2026 11:11:30 GMT"},"fingerprint":{"sha1":"CF:0C:FC:2F:34:74:7E:49:1E:7C:40:BB:59:F3:B6:C9:67:38:8A:6C","sha256":"FB:3B:C5:60:19:2B:8C:0C:EC:D7:A6:9A:D4:D3:E5:A4:A3:67:2B:44:09:99:21:44:6B:96:A0:65:53:27:D0:26"}}},"request":{"raw":"GET /l.js HTTP/1.1\r\nHost: client.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: Content-Type, Origin\r\naccess-control-allow-methods: HEAD, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 300\r\ncache-control: public, max-age=10800\r\ncross-origin-resource-policy: cross-origin\r\netag: W/\"699858a6-1e4c\"\r\nexpires: Fri, 20 Feb 2026 16:35:05 GMT\r\nlast-modified: Fri, 20 Feb 2026 12:50:46 GMT\r\nvary: Accept-Encoding\r\nage: 2442\r\ncf-cache-status: HIT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9d0e6298cdb3aa08-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7756,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (7661)","md5":"d58aa65e2c334ae126e2b0622c08a8d8","sha1":"106607ad0c4747260d1f45dd19bb8f02ff5a5b53","sha256":"37d3ba3afa708c3dce89ad695001ae8de125da33f218b80bf829409100a88b62","sha512":"48c374f04ef417402695472b1772c78953ea26eda90d9a5fc9eb2bd8727f6b23aea4d2aeda32b43d347593c85c841cccef41e43b4cef507b9486d109fed737c4","ssdeep":"192:bjiSfZ0VsU+ZO09SOQal5eK5Y+91Edlng99dgY3AjL/7Cb/+io:nh+IHmMeK5Y6iu9uY3Abkk","tlshash":"e8f183173269a03505a362ef123b6a45f03361295c85825cb569ecf1297ce4fa13bffe","first_seen":"2026-02-20T13:34:07.952227Z","last_seen":"2026-02-20T14:47:24.603779Z","times_seen":6,"resource_available":true,"data":null}},"time_used":251,"timings":{"blocked":99,"dns":1,"connect":40,"send":0,"wait":53,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getCoinPrice","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getCoinPrice HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 156\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2e44722d1eeb28ef103f7859be074bb7","sha1":"1a4755fe4cac6883e7143e6e0e7fe63685097a35","sha256":"cd6ce954d763a90d193606112814bf23a62f873df25218ca01eed2ce2bf3d647","sha512":"1c985a9c1c61452e05d5ed0d1144be7469a4d85e2fc45f52b2e29b810519e9c808ca4a58224b8bba96ed1acbc6da5676d813f719bc56cd9b09cc3267bae634c0","ssdeep":"","tlshash":"8bc08cea1001150a493082042ae622a538e73b9a24e29a006e82e05ba8d861bd886188","first_seen":"2026-02-20T13:35:30.254027Z","last_seen":"2026-02-20T13:35:30.254027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img3.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img3.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"6ea4-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 28324\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":28324,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 458 x 110, 8-bit/color RGBA, non-interlaced","md5":"8b792a18805d9177d26a27d9fd9232d3","sha1":"e03698dcbc3abf3c390763f1ca75cf78a020dbfd","sha256":"5bd3c466520dc884102d55cf93ad0f41e461684034bb1759c1fe8b8219017d41","sha512":"c42e242bb69a7e87cdbf648609aed02be92e5a151957e1400a430bc5cef8e7094d9a81d147ed2a9d6ef4fbd371b96a01c22fef8f4cf99a50571a4f982d859485","ssdeep":"768:uc57i5sk0zZ0qCjfpa0aiWv6IMpbfq9DD:uBJ20tjx8YbODD","tlshash":"8cd2e113c7f35a465eb6befeb2b96103870374485539b0cab4966474f5a0c79f4b0a07","first_seen":"2026-01-28T03:11:26.091123Z","last_seen":"2026-02-20T13:35:30.265833Z","times_seen":5,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img4.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img4.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"a06f-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 41071\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":41071,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 126, 8-bit/color RGBA, non-interlaced","md5":"78fd7de57be2f3b7d95a7e49f5a7eb34","sha1":"d520fb5c24700f90b8bdb034cb93ab0e237381bf","sha256":"022f5f0413d826fc827fe3aa2f7c02dcc91cec7da6e4cba5666eb4e756c95af0","sha512":"de8cf3b0520df20117ca927c6a9f778f0898ed854a98dd70e2711080d04e223b7f3ff79126216ebd9424267fa995b754ec8917a41203c6d1c55285e635ff5ecd","ssdeep":"768:bX36eekBUmwxftm9jVCc4Pe9TvqkqRyX+KvJBRhs+bIzlgo3Nh7fg5:xiRtm9jVj4PEqkqR9WBJbIzl7Q","tlshash":"2d03f1d09e668483ec0bc9082331c3fc73d725a5b491b1afe99a9549291c9f63e3494b","first_seen":"2026-01-28T03:11:26.111746Z","last_seen":"2026-02-20T13:35:30.268458Z","times_seen":5,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/static/javascripts/client_default_8a1b536.js","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.377Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crisp.chat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 20 Jan 2026 10:11:33 GMT","end":"Mon, 20 Apr 2026 11:11:30 GMT"},"fingerprint":{"sha1":"CF:0C:FC:2F:34:74:7E:49:1E:7C:40:BB:59:F3:B6:C9:67:38:8A:6C","sha256":"FB:3B:C5:60:19:2B:8C:0C:EC:D7:A6:9A:D4:D3:E5:A4:A3:67:2B:44:09:99:21:44:6B:96:A0:65:53:27:D0:26"}}},"request":{"raw":"GET /static/javascripts/client_default_8a1b536.js HTTP/1.1\r\nHost: client.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: Content-Type, Origin\r\naccess-control-allow-methods: HEAD, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 300\r\ncache-control: public, max-age=315360000\r\ncross-origin-resource-policy: cross-origin\r\netag: W/\"699858c2-506a5\"\r\nexpires: Mon, 18 Feb 2036 13:35:07 GMT\r\nlast-modified: Fri, 20 Feb 2026 12:51:14 GMT\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9d0e62a78b7dc8cb-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":329381,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65123)","md5":"f97108d38697e86fb4bf4e1276f2e7f2","sha1":"d9de4d8671c4395bfdcaff7b922074698dba5028","sha256":"0637d504e108a88b6103b9ad9b788e7bacffe98cd5e5b18daef13cde282cdf97","sha512":"fd471071ad1e0232193268b7c843554fd900f2957ba9d03cdd4194a6ac06538489fa845a3d9ff4dfe93adbea87557e936bc5495f10e00071ba22cb0dbb0f7652","ssdeep":"6144:eLHetYEHOg8MjvtNazcvQ0EYUJULcTp2Mjpn1rID:mHOeCoYUJ2cTpVjpn1ED","tlshash":"8d64198a7261a83213f682d7a4310942f339255d7486843cf36cadef664cec671e7bb5","first_seen":"2026-02-20T13:34:07.979051Z","last_seen":"2026-02-20T14:47:24.601612Z","times_seen":6,"resource_available":true,"data":null}},"time_used":1348,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":92,"receive":1207,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getCoinPrice","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:08.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getCoinPrice HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 156\r\ndate: Fri, 20 Feb 2026 13:35:08 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2e44722d1eeb28ef103f7859be074bb7","sha1":"1a4755fe4cac6883e7143e6e0e7fe63685097a35","sha256":"cd6ce954d763a90d193606112814bf23a62f873df25218ca01eed2ce2bf3d647","sha512":"1c985a9c1c61452e05d5ed0d1144be7469a4d85e2fc45f52b2e29b810519e9c808ca4a58224b8bba96ed1acbc6da5676d813f719bc56cd9b09cc3267bae634c0","ssdeep":"","tlshash":"8bc08cea1001150a493082042ae622a538e73b9a24e29a006e82e05ba8d861bd886188","first_seen":"2026-02-20T13:35:30.254027Z","last_seen":"2026-02-20T13:35:30.254027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":53,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/img/sid3.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/img/sid3.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"5b1-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1457\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1457,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 35, 8-bit/color RGBA, non-interlaced","md5":"d0094ce4e2188971c64e400a4f086114","sha1":"faffdc8f1c168b33a49a6d8e2363916891af9ca9","sha256":"f8243a48aa7d9ec9e7dc405a222b4c5cd0fd260a7ed4268dec4292ed8bef17e4","sha512":"ff6ecc43371d4799026c01d3f2ff444cee90179d98dba264871f7d42d02f96d0284a6993c112e24aef5faf443858bb60dcbed7870529dfed62c66da673f652a5","ssdeep":"","tlshash":"c7311bb5d39f90835299712d341c23c63531af41e0dc5db5788b0696b4a1739f19df0d","first_seen":"2026-01-28T03:11:26.093984Z","last_seen":"2026-02-20T13:35:30.272292Z","times_seen":5,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/index_icon1.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/index_icon1.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1cb9-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 7353\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7353,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"4bdf31817c6caa1cbd1987469d151f45","sha1":"71ccbc1a01223fe9eb4b4ee7790d0707cabfce55","sha256":"ef445f838b8ada173b5d0e67192446e3db88d8d148c5d6534789b97673e9b2bf","sha512":"1738abe876e8d9a407357c43fe976cd641fd754389720a214b257689b61352c0e77b5f623da1b75f3eee489427f07bb3b541d70b839adb1b5dd6955ef31a3de6","ssdeep":"96:0yDgFkaQi6nQgrMpNemJ3E0i/f+atbk/1CU/ENDVQSK8U1hvt0Vr388TUB8G3ynp:SkaQrQgg+mRoPQ/n2DOX8Yt05jUoX5","tlshash":"68e1ad4fa4a67038eab2006a4f3b90dca56de66f1c97071104b3d26334eda64f1ed5a1","first_seen":"2026-01-28T03:11:25.974687Z","last_seen":"2026-02-20T13:35:30.274741Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1022,"receive":449,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/adv6.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.858Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/adv6.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1b63-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 7011\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":7011,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 84 x 66, 8-bit/color RGBA, non-interlaced","md5":"8dbcadf3f20565ae16ad9303554e67b1","sha1":"4e85e35de6d3a09d7984d57f8f2e620d99341a80","sha256":"f7cb6baf0ac6efc90dcdb09f3f4fc714739ebcbf25acfecb96b4a8da00ea56de","sha512":"4d9970dd3422df387280a0620fef43338421a3b7141c854045a042e14383b6d8bae6f88a342efa17b1dc9dc1198a60d0a27d4ed71aaa16584f5f253caf4f14b8","ssdeep":"192:Kg5AN++JFNyooTqLWq2Zu+V3v0s1XSB73eS4g:X5A7fCXdu+tICSF","tlshash":"c9e1af881735171220d6e97331311307ecc65a765441ab5f904e1f9973336f7e867e6b","first_seen":"2026-01-28T03:11:25.960669Z","last_seen":"2026-02-20T13:35:30.277247Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2087,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2016,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/static/stylesheets/client_default_8a1b536.css","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.381Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crisp.chat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 20 Jan 2026 10:11:33 GMT","end":"Mon, 20 Apr 2026 11:11:30 GMT"},"fingerprint":{"sha1":"CF:0C:FC:2F:34:74:7E:49:1E:7C:40:BB:59:F3:B6:C9:67:38:8A:6C","sha256":"FB:3B:C5:60:19:2B:8C:0C:EC:D7:A6:9A:D4:D3:E5:A4:A3:67:2B:44:09:99:21:44:6B:96:A0:65:53:27:D0:26"}}},"request":{"raw":"GET /static/stylesheets/client_default_8a1b536.css HTTP/1.1\r\nHost: client.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\ncontent-type: text/css\r\ncontent-encoding: br\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: Content-Type, Origin\r\naccess-control-allow-methods: HEAD, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 300\r\ncache-control: public, max-age=315360000\r\ncross-origin-resource-policy: cross-origin\r\netag: W/\"699858c2-26605\"\r\nexpires: Mon, 18 Feb 2036 13:35:07 GMT\r\nlast-modified: Fri, 20 Feb 2026 12:51:14 GMT\r\nvary: Accept-Encoding\r\nage: 2442\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9d0e62a73d732efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":157189,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65438)","md5":"d885770adb4e94f137a8069816d2eae2","sha1":"ebc1c7dd0756e095a9eeeed427767aa433486e77","sha256":"e8fe4682e488d6ee833be2ec8f002bbf66d63eedbc401c1cc209687545951530","sha512":"ebeec9b607986d9acbb76abed68bddc928c892db7f281ee01d20516afde2631735e306ccf50df54cb99701abc1c2bb472afed6ec233fda5b5aef47f1d8e6a5af","ssdeep":"768:jNq/vBL3IN4t4Irr+LNKzVs//J5A7RPAbAHVq3R4YGuITyZOXj7Mj4+h4ANopRBm:EvPrEUXcZJ4AMB8H3YERnyy","tlshash":"24e3645fb2aa502114d748a3bd88b73d942da8ff92113a3dd71426bc4e981ff53a4738","first_seen":"2026-02-20T13:34:07.941767Z","last_seen":"2026-02-20T14:31:45.660877Z","times_seen":5,"resource_available":false,"data":null}},"time_used":242,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":171,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getCoinPrice","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:14.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getCoinPrice HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978; crisp-client%2Fsession%2Fc6c1dfb9-905b-4898-83d1-bc92d9873eaf=session_78fa2efc-8e04-49bd-a60c-1e91c8231209\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 156\r\ndate: Fri, 20 Feb 2026 13:35:14 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2e44722d1eeb28ef103f7859be074bb7","sha1":"1a4755fe4cac6883e7143e6e0e7fe63685097a35","sha256":"cd6ce954d763a90d193606112814bf23a62f873df25218ca01eed2ce2bf3d647","sha512":"1c985a9c1c61452e05d5ed0d1144be7469a4d85e2fc45f52b2e29b810519e9c808ca4a58224b8bba96ed1acbc6da5676d813f719bc56cd9b09cc3267bae634c0","ssdeep":"","tlshash":"8bc08cea1001150a493082042ae622a538e73b9a24e29a006e82e05ba8d861bd886188","first_seen":"2026-02-20T13:35:30.254027Z","last_seen":"2026-02-20T13:35:30.254027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":57,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":57,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/logo1.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.837Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /logo1.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 09 Sep 2025 23:39:47 GMT\r\netag: W/\"162f-19930d989b8\"\r\ncontent-type: image/png\r\ncontent-length: 5679\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":5679,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 309 x 119, 8-bit/color RGBA, non-interlaced","md5":"562db13f86cb7f61350c8a6d18be4927","sha1":"7721a1f9965c569eebe93950145814d7949704c9","sha256":"3bbb9c776cf43c611beab39e67fceeb092a7c28ca0a41b629c58723ccb827161","sha512":"a986f592150ade8541562986e2d8bed2f78ad67d6a5b2d8c1595fb912206ff68a2c0eb6da902148f687a4e5eba7ac23a1ec145dd186793a9f2c5b2fdf055fd0c","ssdeep":"96:l1MEDIU+q8s5YjEvFjmKpHQb4QSljGr7+Hw1hhdtlpmZDdRSrixU3AhIn:bMEDIU+q8IYojHpH+KjOpXmZ5i2In","tlshash":"4dc19ecd4d4c08e35755ee126e0063d63547ceca2601ff195a2a7be129958cca613e99","first_seen":"2026-02-20T13:35:30.281922Z","last_seen":"2026-02-20T13:35:30.281922Z","times_seen":1,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/img/sid1.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/img/sid1.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"41f-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1055\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1055,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 38 x 38, 8-bit/color RGBA, non-interlaced","md5":"aa2b6a13f3f35d73e6748338429c8dcb","sha1":"0de3689b16a9017fde71935f6a40a47a6a3ec83d","sha256":"c84ed80322c6a08463967798573c14a6c40199fb8b0a5bc15b59a37b4c533523","sha512":"83a0d88dd9f25aa92f44f5a6d313b29e7a05043b316505ebffee5acbc9122bf50103ecc228d3696948014cfd0e4479f05f98702cf261efa7f7229ba8413d6415","ssdeep":"","tlshash":"b511b68bd25ad23ae397aa2a82413cc5ca24c9037355a5cb1e8b376267806504084170","first_seen":"2026-01-28T03:11:26.003431Z","last_seen":"2026-02-20T13:35:30.284541Z","times_seen":5,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/img/close.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/img/close.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1e1b-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 7707\r\ndate: Fri, 20 Feb 2026 13:35:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":7707,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"65ca0a94f4de814e1eba43ee03a48e35","sha1":"ccde71599a8f9fc252947c4b57410fab0ff2f7a0","sha256":"e539ccdb2acb314c4c3edda0220742e5412a2ea77404ed59ffe2fb4944700cfd","sha512":"fb81ee8896a1347f8be348b6e37d6cf4c9fba67073bc4ef8f7bc9ed1d85a79433197ed35734eb669962954c8ad9d331f1dafec4fd1209a74e49049aeb92853ab","ssdeep":"192:kh+j/5REKSPbB640iPEjlow+WIISYKaIMYJqwjV4Zj/:kgXzSNzKlonWTKaIZq0Ab","tlshash":"95f1b002a51fa581fd84319554714fec847c927e26ecc19eefc9346d09da453a1fe2e3","first_seen":"2025-10-30T07:25:48.904841Z","last_seen":"2026-02-20T13:35:30.286465Z","times_seen":10,"resource_available":false,"data":null}},"time_used":3136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3002,"receive":134,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img8.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img8.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"7b8b-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 31627\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":31627,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 64, 8-bit/color RGBA, non-interlaced","md5":"e9700165d823aee0c217cafdb6f6c0f8","sha1":"461dcb6c83efc54cc3da00133bfecb43d059d6db","sha256":"3e0c86b0743f86637e344ca0de91a94784743bc5a0d6ce8820bdcf3095eefdab","sha512":"61b9dda66cc8387bfe7220c84c6ef9aedb790291bd3d0d6664c68d93cd5336212d168be1bd6e488a7e4fe2623bd8e6c325cff20691fd75837e5adc997f91847b","ssdeep":"768:9UJPSVyb6FOAoWUF+6kFv061nB6kZNFQYkNd2wg:+XG3vXvZNFbed2x","tlshash":"83e2e1f42d51632a541ae86389b9750c1054a3d0d7b61e96bc37f7c13207ebf2a2668b","first_seen":"2026-01-28T03:11:26.019694Z","last_seen":"2026-02-20T13:35:30.288546Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2093,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1987,"receive":106,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/logo.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:06.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Tue, 09 Sep 2025 23:39:47 GMT\r\netag: W/\"875-19930d989b8\"\r\ncontent-type: image/png\r\ncontent-length: 2165\r\ndate: Fri, 20 Feb 2026 13:35:06 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2165,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 104, 8-bit/color RGBA, non-interlaced","md5":"8d8544f153129571b13fb0797915d613","sha1":"34c9c3c53b57abac7ba6e3ba58e14c1bdcb6e167","sha256":"0bf055e9d9d4d462fb8111608be5410762e6559b486751ba445dfb87f0512d22","sha512":"1d30e13ce1f2efc50d67dbde59edfff8a068055aa5aab7f7d181112ac7ff728281c48cd795402142e8ba963611f229f09bc405baebe404a7c9adbe4595d86cc3","ssdeep":"","tlshash":"e641094c24f8948786c2cf78588e2ca44eafd762e946be789824bf7654336798699210","first_seen":"2026-02-20T13:35:30.290119Z","last_seen":"2026-02-20T13:35:30.290119Z","times_seen":1,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.824Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/font-awesome/6.4.0/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 18752\r\ncf-ray: 9d0e6284eee13017-ARN\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"6421d693-4940\"\r\nlast-modified: Mon, 27 Mar 2023 17:46:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 40832\r\nexpires: Wed, 10 Feb 2027 13:35:01 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=wNFrkcz3SbdMYnH1q9ycSPNflLviFMtVfRu52l6xpZkAVlAputCk7WWApKipe34ACgMGfmExHjSiB0bC7GRXYxmmSgYeyIhKYMzhen9jkU85Y7M9AofwuU460C5Zctd7rzarTL2U\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":102025,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (52276)","md5":"ded1c367363e8b20bdc6a19b8350a737","sha1":"8c06d82739d14b094ff6d9036021a252bd1d985d","sha256":"1edb1725a9ea8ca4dcf2f5508cee183218aa1685e47c1b23056717f754f58ebf","sha512":"89e71d2e66ac925ec2564aa45cd43f647fd72e5bd664e2728fb632eed71e9e6a43d72a404a8ce9993fc4d223ed985201e3a66676d01cf5e341bc7d07fd9a6207","ssdeep":"1536:OwMCMPMCMjMCM4MCMwMCM3sVMX709gbPMfjSFOTyPGuZprfZCl:S709gMGFiyPGuZpfZCl","tlshash":"2ea3a7f9e44c05d97732c44bab95b37c65b6f738d5810ca9f02f580c1ad26a822c6f7a","first_seen":"2023-04-06T15:05:25Z","last_seen":"2026-06-07T17:53:22.130219Z","times_seen":50989,"resource_available":false,"data":null}},"time_used":217,"timings":{"blocked":64,"dns":1,"connect":40,"send":0,"wait":52,"receive":4,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/js/jquery-3.7.1.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/js/jquery-3.7.1.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"5f388-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 93621\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":390024,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"590e42343d102243a708680d1e0bae99","sha1":"24f01f4996e3fe908292b0a39ce552610d2200ac","sha256":"2ce29ee8fedb8ccd1be187f5c1ff6937591df4ee5b3afbcc99fd3e7f4d2819e4","sha512":"0c3a713961d624bf85481bf9b64957cf4c5a85a0b1b49a734adf5a6178cdf0926c9deb83c89391ed490b6de39c51d1c7a9254f024342f9a1de9f23dc22886a8f","ssdeep":"6144:P0aVw1fff7JTEeo4S9FzRG2x6lvX0ok307NaTxbJj+ir3Aag8MwI7UU:mA4S9FDElvX0ok307NaNhlLAaGw4UU","tlshash":"b384e85d79ea21254a23707eabef7109b635d0271508de50bc8d43582f9183892fbffa","first_seen":"2025-10-09T20:13:11.744268Z","last_seen":"2026-02-20T13:35:30.293018Z","times_seen":16,"resource_available":true,"data":null}},"time_used":2352,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2020,"receive":332,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/index.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/js/index.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"2567-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 2663\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":9575,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"Unicode text, UTF-8 text","md5":"7f0e0eaf912cd8676bea26f8616411ea","sha1":"902ddbe01481b6c701df6b65ee61fed7c76b613e","sha256":"b000a9bd267b3068f37013ad4dea0a231f2d23673a1d02cc12f300eea8e7284b","sha512":"f5c5a6eae2ccba40ae765d129f95e90f0c5911f90d4e3786b46f068d656f2274cbb1fa150beca9c2260afd744f851d6d0c6bb7034a3cdf2a95ec8f2deebc4661","ssdeep":"192:1A89G/u5t0vDrB3FrWBrwe/F2n/wtGOO//NfgaK7TfZXw:79G/u5t0vDrB3FrWBrwSon/wtGOO3Nfb","tlshash":"b5128690a1fb5d26027314c550a12644b0efae37c726d085bbbf92503fd5ca4b4f29be","first_seen":"2026-02-20T13:35:30.295271Z","last_seen":"2026-02-20T13:35:30.295271Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2187,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2083,"receive":104,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img1.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img1.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"8cb1-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 36017\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":36017,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 118, 8-bit/color RGBA, non-interlaced","md5":"3e56f5bf3fd7ab9f5fff40df106b9eca","sha1":"de7ad2252b0a7221626655bbb5dbce3afc27f4e7","sha256":"deef651d24c05aa2d0577932eb62be016c697b5cdb5e9afb3326ba74a4f15c31","sha512":"228df8e1dd85716e073b966af6364f0662badd43f794834c82ef687362fa3ebca456c4f8f818bc6ad8bf7c8b0cc4451b78d52c5f36a8476e3a10d37e9fa616ea","ssdeep":"768:JFkzAEAaNGoFZ/E8afh+IgRFrrIreDQ+Bg1mh+Wm23yf5t16k:+AboF+8afwrrIeE+f+hxf5T6k","tlshash":"a4f2e0b4b1dec2424e7587735a741466f0d22f71b8da06b3284349e1b981f4da6efe38","first_seen":"2026-01-28T03:11:26.096932Z","last_seen":"2026-02-20T13:35:30.296807Z","times_seen":5,"resource_available":false,"data":null}},"time_used":127,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getLanguage","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.397Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getLanguage HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 155\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":155,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"732774fcf4e81687a2b836ce22a71bb2","sha1":"080f1585d5e3f3e71f8634b90f494e52371525b2","sha256":"2ce5cb8800c3837f53fc3f2803e910927309bcb38b379f29e6c424003bffa6ce","sha512":"9bec762478d3ce00c2ca38b90895e0b398a01d7687c4a373aa7e07933b29d55f2dfdc2be6ecaa0c60b4eb990bad0fc38872e33b1d9ccd96d26ae8a194191cd45","ssdeep":"","tlshash":"33c08cea10002107092082043ec226a438a73b9a24e289006b82e01be8d9a27dc86188","first_seen":"2026-02-20T13:35:30.298291Z","last_seen":"2026-02-20T13:35:30.298291Z","times_seen":1,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"client.relay.crisp.chat/w/f03/?EIO=4\u0026transport=websocket","fqdn":"client.relay.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"64.227.36.222","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:09.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"client.relay.crisp.chat","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 03 Jul 2025 00:00:00 GMT","end":"Mon, 29 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"CE:90:EE:6D:D5:63:F5:A1:37:0F:51:0C:32:82:59:67:AE:D0:33:E7","sha256":"B4:16:9C:53:C5:9E:50:98:26:14:D8:A8:13:14:9F:B0:2D:AF:A3:3A:52:8C:70:C7:1D:23:EB:2B:39:D0:CC:71"}}},"request":{"raw":"GET /w/f03/?EIO=4\u0026transport=websocket HTTP/1.1\r\nHost: client.relay.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://kryptomining.io\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: VVJCrSVkCWWpZzLfKfqnJA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Fri, 20 Feb 2026 13:35:09 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: Y7/fNf0d1EywMytF7X+eK2WYpsk=\r\nX-Crisp-Ray: website w:f03 10.133.254.92:3000\r\nAccess-Control-Allow-Headers: Content-Type, Origin, Upgrade\r\nAccess-Control-Allow-Methods: HEAD, GET, OPTIONS\r\nAccess-Control-Allow-Credentials: false\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Max-Age: 300\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T18:34:13.800455Z","times_seen":16218517,"resource_available":true,"data":null}},"time_used":1490,"timings":{"blocked":0,"dns":648,"connect":702,"send":0,"wait":69,"receive":0,"ssl":470},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/index_bg1.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/index_bg1.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"509-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1289\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1289,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced","md5":"ef29a8a2f937541f4023d632a3eed75d","sha1":"19e150c7280be4f0885b200c154f0b017d5258ec","sha256":"242e4b83aac1ff4c699a8ac92490cca628db003c9dc5d56e45a58fde2e3b85ed","sha512":"1905230dd50f9560bb6eda41fea63713b8a1d52e596dca04404a21046b549d6cde81a1912ed7c917f1d84dc42230db90eeb549f41c55781183987d691134a778","ssdeep":"","tlshash":"2221c748020e502f8f75103f2e3815d779c817e474c20e016f590ac517575fd230dc35","first_seen":"2026-01-28T03:11:25.969776Z","last_seen":"2026-02-20T13:35:30.300626Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1023,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1023,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/check_bg.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/check_bg.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"77633-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 489011\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":489011,"size_decoded":0,"mime_type":"image/png","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1280x654, components 3","md5":"a7eadca10fe24eace4a6e0b76d111feb","sha1":"d8ea22fb3e42864ca729ebf009305c171197a76e","sha256":"452e8ad401879d5d1943e39e9f6d862c6a89c7ec4e11513d7a6d2a7cdf2c101a","sha512":"146010252c94dfef1f954ace5a9bb541336b897c4ba1149f4c6cd9365acabbb36b853ba4387f6095916c8f2c1bdcfc77c1bbbeb56ec6fe99ee6ddab64c5d6f6f","ssdeep":"12288:SOBABUT0Fjjfp2Kks/GxdRR7kGULPd1xXnDZIEBBuNxWqu8:bBT0Np2eun7qTZJBRR8","tlshash":"51a4233c354b3023314b30798a6f8c39590b1565495b3baf1f3bee9a905b2bf9249d36","first_seen":"2026-01-28T03:11:26.071701Z","last_seen":"2026-02-20T13:35:30.302291Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1732,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1468,"receive":264,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"collect-v6.51.la/v6/collect?dt=4","fqdn":"collect-v6.51.la","domain":"51.la","tld":"la"},"ip":{"addr":"43.174.27.154","port":443,"asn":139341,"as":"ACE","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:04.989Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.51.la","organization":"广州有啦网络科技有限公司"},"issuer":{"commonName":"GlobalSign RSA OV SSL CA 2018","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 18 Mar 2025 04:08:22 GMT","end":"Sun, 19 Apr 2026 04:08:21 GMT"},"fingerprint":{"sha1":"AE:CB:32:71:EE:EE:E6:72:A4:88:B2:9F:4F:C4:E5:B5:A8:C2:73:6C","sha256":"7C:F1:09:2F:6A:8C:5B:F8:63:DF:D3:32:B0:F3:F8:E7:01:29:0E:F2:55:8B:4F:6C:58:55:8E:44:E9:EC:15:F4"}}},"request":{"raw":"POST /v6/collect?dt=4 HTTP/1.1\r\nHost: collect-v6.51.la\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 812\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 210 No Reason Phrase\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://kryptomining.io\r\naccess-control-allow-credentials: true\r\nserver: TencentEdgeOne\r\ncontent-length: 0\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\neo-log-uuid: 4200073687758717751\r\neo-cache-status: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"210","status_text":"No Reason Phrase","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T18:34:13.800455Z","times_seen":16218517,"resource_available":true,"data":null}},"time_used":1087,"timings":{"blocked":281,"dns":181,"connect":47,"send":0,"wait":524,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getLanguage","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getLanguage HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 155\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":155,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"732774fcf4e81687a2b836ce22a71bb2","sha1":"080f1585d5e3f3e71f8634b90f494e52371525b2","sha256":"2ce5cb8800c3837f53fc3f2803e910927309bcb38b379f29e6c424003bffa6ce","sha512":"9bec762478d3ce00c2ca38b90895e0b398a01d7687c4a373aa7e07933b29d55f2dfdc2be6ecaa0c60b4eb990bad0fc38872e33b1d9ccd96d26ae8a194191cd45","ssdeep":"","tlshash":"33c08cea10002107092082043ec226a438a73b9a24e289006b82e01be8d9a27dc86188","first_seen":"2026-02-20T13:35:30.298291Z","last_seen":"2026-02-20T13:35:30.298291Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img10.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.057Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img10.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"66af-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 26287\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":26287,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 104, 8-bit/color RGBA, non-interlaced","md5":"9b66606a8232d53a1de55d3e03cce407","sha1":"909c9250999684c62a4050238947ce9e7b9793fb","sha256":"1d99fbc36a9d46048fdb627ca05310ff07cdaca1de3e5f607dfa44df4c3b42b9","sha512":"99ea2b9368a9adf0ec444a141afdbf47ca37fa9bfcb51a59fbf0d3611ac0d6422ddf49f3468cecefd27aca4343c296945cbec5eb46aaaa436c7a971a5f61c514","ssdeep":"768:PgJmOZCgzmR2cUkWzHB+sB2qeKdxBf/9LHmIm:2CCmrUzzB+1HKzx/9LHdm","tlshash":"aac2e1811bb98e33e6060f4543b185115bdfa8c73557ca9e61e0483e469ead71bbc32a","first_seen":"2026-01-28T03:11:26.101736Z","last_seen":"2026-02-20T13:35:30.303713Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2065,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1991,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.no.QjRrtq-TNBA.O/am=AACA/d=1/exm=el_conf/ed=1/rs=AN8SPfo12XO7tT8z0rVFR5DWgJGeq0dJ-w/m=el_main","fqdn":"translate.googleapis.com","domain":"translate.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:06.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:41:02 GMT","end":"Mon, 20 Apr 2026 08:41:01 GMT"},"fingerprint":{"sha1":"CE:4C:7F:8F:8F:6A:C6:C8:7D:B4:2F:84:18:4E:0D:FB:63:4C:61:E5","sha256":"26:A1:50:21:90:A7:C5:05:61:2F:4B:99:EE:0C:BA:28:24:E5:BF:CB:00:37:F9:42:00:D8:72:4C:00:37:9B:B9"}}},"request":{"raw":"GET /_/translate_http/_/js/k=translate_http.tr.no.QjRrtq-TNBA.O/am=AACA/d=1/exm=el_conf/ed=1/rs=AN8SPfo12XO7tT8z0rVFR5DWgJGeq0dJ-w/m=el_main HTTP/1.1\r\nHost: translate.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"rosetta\"\r\nreport-to: {\"group\":\"rosetta\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/rosetta\"}]}\r\ncontent-length: 109916\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 17 Feb 2026 20:16:39 GMT\r\nexpires: Wed, 17 Feb 2027 20:16:39 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Sat, 14 Feb 2026 02:09:39 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 235107\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":386790,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2481)","md5":"2ff1d2e3f1d0db9bb5da46d1e233a498","sha1":"f1a4ef11a1bb4324bbc45e112d3e9275f34184e4","sha256":"304acc7636e3b5c9ce4f1967c12c2a4b08c031c9e0c2c33b5c66ea9dfd236cd8","sha512":"9bec9e4da7b6da0ab995dd0c0e172faac55ef2953d40fad7f55f2c0d110190251af0a11f8b3fbb4d3c7b3afcf7b78ec8dfeb7de0e06aaa20cc0d53677e1da745","ssdeep":"3072:5U8u68h+wUfJGxqmcq4fjn5g6CoVOgFIxVE3fuuOES6Tl3aEt5fWvnbQYFO:qUwgixven5ai","tlshash":"5884d9cab266b8939262f8a190bf004bb93d9d57b4484c6cb549d8ef5db08094173f7f","first_seen":"2026-02-17T20:33:57.511221Z","last_seen":"2026-03-25T05:08:41.976324Z","times_seen":689,"resource_available":true,"data":null}},"time_used":772,"timings":{"blocked":177,"dns":2,"connect":47,"send":0,"wait":99,"receive":317,"ssl":127},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/fonts/Arial-BoldItalicMT.otf","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/fonts/Arial-BoldItalicMT.otf HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/assets/index/css/munt.css\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"47-199155edad0\"\r\ncontent-type: font/otf\r\ncontent-length: 71\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":71,"size_decoded":0,"mime_type":"font/otf","magic":"ASCII text, with no line terminators","md5":"b78f68e586f7d10b7dd7f1145abd0a16","sha1":"616c8f56fe11be974c750c790b24ee4fc3011e43","sha256":"341a8f534d807b8423c0fe31eb7741cba3ebcb8e743292de2b0a0bb340bfc102","sha512":"2b73a463a0c18794879838d12f5662dfde7344682558803f5bae2a29436467410f817b0c79a7d83643ffee34890a6db0fed3cd10d8802b00b65cba21a208acea","ssdeep":"","tlshash":"69a022e28300c3000be000b032b2ae80882380af3082e80203b000ce02c0330223023f","first_seen":"2026-02-20T13:35:30.305972Z","last_seen":"2026-02-20T13:35:30.305972Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/img/sid10.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.843Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/img/sid10.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"470-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1136\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":1136,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 36 x 29, 8-bit/color RGBA, non-interlaced","md5":"a67bac80f92fb55a71660f07b5d3fe7f","sha1":"adea390cf2653fa482b2c76f15a65e14f9be9918","sha256":"82891967f463fc83f1a33030d34cf82252269a61dc37f8306bcde2d92cb669ca","sha512":"678908ef9098dd7837e2792e944db2a2578c34fb2ffbeaff32af1bf4abc8053058f47e05ebb8381bbf9d791d71e34fd61bf925155ce11fde6ab2a101b912e5cb","ssdeep":"","tlshash":"ad21cae0832615f218781874400dd8d5821e25499daeb36f1cc818b74fa79dc326df42","first_seen":"2026-01-28T03:11:25.98628Z","last_seen":"2026-02-20T13:35:30.307344Z","times_seen":5,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.831Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 13383\r\ncf-ray: 9d0e6284eb004651-ARN\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.11.3\r\nx-jsd-version-type: version\r\netag: W/\"14f73-BDozLk9VXMC/015FG+lVtLk5ZqA\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-eddf8230141-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 1919084\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=MWI09I4P95%2BXrsH7man%2FdUEnDWCvJKunHv7iC3qMLZlcuxB9CkUYtb%2FJNimDT%2FSoL5Ezcu%2Bh%2F1pQD6oO4dLg5lZ0xgqcGLLfT85PB5PsvulN4YRSMLz%2FD%2BFWrEtbpkEYn48%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":85875,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65354)","md5":"5605c44f8b24ea5de37a959955b71eb6","sha1":"043a332e4f555cc0bfd35e451be955b4b93966a0","sha256":"f643d6fe7e679f9de3e16311600c5ef5cd6b098f7a3a8828fcc29255d2b33e62","sha512":"74f5d8703b9bfda79bd3c73ade346afe4e8668a71c976e7a250cbf0273aaec2027119f45cd22fdc126dc664329e11dbabc1b0c2c5607e2443aeff6db57c5da09","ssdeep":"768:ZPcr8JUkZrpULKt4bDcf3oQpeqfZs0BWeUz5+XIHx5qkgwTz:hrpEKt4moUeqfZbc5+XIHZz","tlshash":"9383fbe8e58d05e8f372c48faf42775e31aafa3cd5811c68f14a111d5ac26650ac7fb8","first_seen":"2024-01-11T04:35:50Z","last_seen":"2026-06-07T18:32:55.710757Z","times_seen":8286,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":57,"dns":0,"connect":41,"send":0,"wait":56,"receive":1,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/i18n/messages_en.properties?_=1771594504242","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /i18n/messages_en.properties?_=1771594504242 HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/plain, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 08 Jan 2026 14:59:46 GMT\r\netag: W/\"d830-19b9e1eeed3\"\r\ncontent-type: application/octet-stream\r\ncontent-length: 55344\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":55344,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-07T18:34:13.800455Z","times_seen":16218517,"resource_available":true,"data":null}},"time_used":213,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":159,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/settings/website/c6c1dfb9-905b-4898-83d1-bc92d9873eaf/?1758519756513","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:10.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crisp.chat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 20 Jan 2026 10:11:33 GMT","end":"Mon, 20 Apr 2026 11:11:30 GMT"},"fingerprint":{"sha1":"CF:0C:FC:2F:34:74:7E:49:1E:7C:40:BB:59:F3:B6:C9:67:38:8A:6C","sha256":"FB:3B:C5:60:19:2B:8C:0C:EC:D7:A6:9A:D4:D3:E5:A4:A3:67:2B:44:09:99:21:44:6B:96:A0:65:53:27:D0:26"}}},"request":{"raw":"GET /settings/website/c6c1dfb9-905b-4898-83d1-bc92d9873eaf/?1758519756513 HTTP/1.1\r\nHost: client.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kryptomining.io/\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:10 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: br\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: Content-Type, Origin\r\naccess-control-allow-methods: HEAD, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 300\r\ncache-control: public, max-age=14400\r\ncross-origin-resource-policy: cross-origin\r\nexpires: Fri, 20 Feb 2026 17:35:10 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 20 Feb 2026 13:25:27 GMT\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9d0e62bc5d0ac8cb-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1255,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7a04448f88c6e1be1fb488075ee3ba57","sha1":"d5dbd0c34c3c52fada442d45887cb823c491480b","sha256":"339823e0c165fe5d6253adfa5f79ce63b5112ef6bad9cdbd414854635f7d0fef","sha512":"94f2800da5986a966461bd9eeb6797660b86cb2449bbb84a30e8349115b1d1a178d0461bb16811762a73389986e06f51f6b9d41a9abcac042c7d86c0c73c5308","ssdeep":"","tlshash":"a021cd0d59b544bed2f80345e8163e410bac10a7b044b845f69c8c1d32eb6c77372227","first_seen":"2026-02-20T13:35:30.309953Z","last_seen":"2026-02-20T13:35:30.309953Z","times_seen":1,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":98,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/static/javascripts/en_default_8a1b536.js","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:10.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crisp.chat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 20 Jan 2026 10:11:33 GMT","end":"Mon, 20 Apr 2026 11:11:30 GMT"},"fingerprint":{"sha1":"CF:0C:FC:2F:34:74:7E:49:1E:7C:40:BB:59:F3:B6:C9:67:38:8A:6C","sha256":"FB:3B:C5:60:19:2B:8C:0C:EC:D7:A6:9A:D4:D3:E5:A4:A3:67:2B:44:09:99:21:44:6B:96:A0:65:53:27:D0:26"}}},"request":{"raw":"GET /static/javascripts/en_default_8a1b536.js HTTP/1.1\r\nHost: client.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://client.crisp.chat/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:10 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: Content-Type, Origin\r\naccess-control-allow-methods: HEAD, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 300\r\ncache-control: public, max-age=315360000\r\ncross-origin-resource-policy: cross-origin\r\netag: W/\"699858c2-3786\"\r\nexpires: Mon, 18 Feb 2036 13:35:10 GMT\r\nlast-modified: Fri, 20 Feb 2026 12:51:14 GMT\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\npriority: u=3,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9d0e62bd7f5ac8cb-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14214,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (14119)","md5":"94c37c77a65e194f1dcc0fa8cca6e916","sha1":"23d2fba422f0801da108adf7957c24610834ee95","sha256":"8a12ec9d69ade82735e934e07dd38c775b579bf19bf26beeed8972be0703b810","sha512":"0fc2d7f295c00070bdfb5d5a43dd697c86fd99b9c259737de4e64a2388d9b32587746151ae03fc429748f5a9e894c20995fb0dc9dc691152e9491e69c0b49034","ssdeep":"192:pFmXDS8ajwhwPteE2WZXikEeMeTAFGySAU1RrUWYGfu7nOmrY2FYXC+LvvKTzHrO:pFmX28oXikEeMeYGySfRrLzmCQrO","tlshash":"0d52a61eef36ce7b02774b83b084b6124eb111b106d0687ed45d497d02a4dc9b66bf4d","first_seen":"2026-02-20T13:35:30.311399Z","last_seen":"2026-02-20T14:47:24.604562Z","times_seen":5,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":81,"receive":108,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/index_icon3.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/index_icon3.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1a8d-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 6797\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":6797,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced","md5":"c1878a6b8203004feec15f33ed565ba1","sha1":"ebcb23af3cf407fdcff47fba8bcb2e271d888331","sha256":"838457e62a7ec816efb31d0fba46b01a216fbebcfaeb8a97618edbd41993b050","sha512":"bbcaf52a070b5946758998441fd40f170bc6b868701a869984ea8f174ac8810730b0859769712ed120d319b3bb73811ff53a9d034c9f0bee43174361f6165f39","ssdeep":"192:3Yrb+GsXQXWqkGUmJ7acZTML+2Lq93k42t5:mbDsX+kW7lML+JhB+","tlshash":"86e1b0112595758251f2e330907063c2e1187bb4f8a96fb113323e6ff345e0b95936ab","first_seen":"2026-01-28T03:11:25.939801Z","last_seen":"2026-02-20T13:35:30.312782Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1539,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/jquery.i18n.properties.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/js/jquery.i18n.properties.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"55c1-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 6045\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":21953,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"227aa0313b8804146aa65b7ee8d80fbf","sha1":"dc359eab2baeeaf01552b74219f2cfac1dbd666f","sha256":"8791b106fc85230e4d9e8f76d5170d7b8e37f11cf775e5ea637048a4dcb5ca95","sha512":"f52fb89bb7454c7bfd0617ad3eaba99a8b9bbbbdba8f1d63959ba0eaf5a121b3b7346bbe0bd910db7b036b6160f1dd636092b716582c95bb27a635d52928681a","ssdeep":"192:jALJBkwFZJxjvbiHO+Jhx3rxZxInaeeQw2vQysUU8gNlzEl/G4/Gs8y138BsT+FV:sNmwhtvbiHX5Rp+j+ToRUmlk","tlshash":"d9a23f0d69420d994d7373749faa2498eb75946b0220e1a2bcad77403f78c9491faffc","first_seen":"2026-01-28T03:11:26.086482Z","last_seen":"2026-02-20T13:35:30.313978Z","times_seen":5,"resource_available":true,"data":null}},"time_used":2188,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2083,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/i18n/messages.properties?_=1771594504241","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /i18n/messages.properties?_=1771594504241 HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/plain, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Requested-With: XMLHttpRequest\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"30-199155edad0\"\r\ncontent-type: application/octet-stream\r\ncontent-length: 48\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":48,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ASCII text, with CRLF line terminators","md5":"aecefa468b759eef98a9888576251a01","sha1":"4f0d4090aac7383d871dfaf2d738739141b66f7d","sha256":"3d3594de6c597a46f861df908af1595113e872b356f8415ccf5b3aea821938a3","sha512":"9790e1c8d359bdb862a72504298238cddcd0b6a753eb063c33057c7f7663b8a9977a77e81fa03383f0394da762296396851511f7efd8d6ca9216d7df17d5e380","ssdeep":"","tlshash":"509000b80a28008c0008aae20c32b2c8202a8c38000282a00808a208bc003820a8a88c","first_seen":"2025-10-30T07:25:49.032068Z","last_seen":"2026-02-20T13:35:30.315734Z","times_seen":11,"resource_available":false,"data":null}},"time_used":1984,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1984,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/adv1.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/adv1.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"ecf-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 3791\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":3791,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 92 x 92, 8-bit/color RGBA, non-interlaced","md5":"1a07bb46beeea42cb98f9ce8440b790f","sha1":"5c8781365103524e7912c55568aeccdef192cf70","sha256":"b70452ce46aef0a97f3b0eeee66c092e84ded1a508c4e962f4af91e59b876f0b","sha512":"a7ae617ac9de54dac25310e109de70bbd6a434654d279b01b4062e3cbe4f0503780df6423beaadb940f1e883538ebb73a352785cf89e236a54339f40e90057da","ssdeep":"","tlshash":"32718edd4a6c0ae9f3f11be875a0808b099718ac166dfe7d8d3c9553371f32a1190977","first_seen":"2026-01-28T03:11:26.088098Z","last_seen":"2026-02-20T13:35:30.317073Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1619,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1619,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/adv3.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.856Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/adv3.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1937-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 6455\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":6455,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 78, 8-bit/color RGBA, non-interlaced","md5":"86b11845fcf910eea990d6e01b58b857","sha1":"86b0071b7a381673d776c560660457f8a9614c37","sha256":"2995435ba4113e21d8b06c1231cd50260ba126348d5af2e07f120b5c321ab0be","sha512":"34ea43e9d35990f6367bb8217bde178e082ce2624a41620a857c36f7ce8b838bd5799835d288c2c6ddabf9d0178fd6e6ffb75694f559ddd1bd31ae79b99f6c27","ssdeep":"192:W1RcMT/VASAPf3wSS/biad3d4gPuA36FEfBVahSgkK9:vMT/VAJfAJv48u5WfBYdk2","tlshash":"6fd19f13a4fb1a738e6a63772c0f50a1c71994322e88bacccb1212518d6f96d015783c","first_seen":"2026-01-28T03:11:25.920463Z","last_seen":"2026-02-20T13:35:30.318102Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2018,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2017,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"translate.google.com/translate_a/element.js?cb=googleTranslateElementInit","fqdn":"translate.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.207.206","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:39:20 GMT","end":"Mon, 20 Apr 2026 08:39:19 GMT"},"fingerprint":{"sha1":"FC:29:4D:58:5E:E6:74:45:80:0C:2C:FE:14:2F:15:E5:F5:52:19:FC","sha256":"97:7E:CA:18:F0:30:B2:D8:F5:C6:F8:72:E1:CF:30:B5:CE:EA:5D:CF:26:AC:0B:BB:CF:17:23:E2:33:E0:56:12"}}},"request":{"raw":"GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1\r\nHost: translate.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":81656,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (2064)","md5":"c13e5f7acf7712a6c8fc0fee0f2969fa","sha1":"a87f332c518c59d973e5f529d2425dc0dda4e244","sha256":"028a1ce994bc0942d4d87fbc1c38150fc80bd6a42647d08519c09b34acb512e1","sha512":"6aa3636d658f947d82c2e1e4d14314b624ea22b1868c5262bdd036a02350038d4cd668af3d24a39a8455fcea80034076d8df1db0b85cb557f8c9b64655478856","ssdeep":"1536:Xbnw0ufUp+e9aX6UPA6KqeKvJMm1/JL6sNH4eOdDZGgiSwNWiv:XT+e9aAtqeKvum9qIgirv","tlshash":"8983b8ccb6a671618263f5b5413f000eb23f59aaf8084cacb288d8e16df5949417bf7d","first_seen":"2026-02-20T13:33:56.42287Z","last_seen":"2026-02-20T13:35:30.319371Z","times_seen":2,"resource_available":true,"data":null}},"time_used":473,"timings":{"blocked":186,"dns":0,"connect":39,"send":0,"wait":60,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.gstatic.com/_/translate_http/_/ss/k=translate_http.tr.Qrtd5lGlzn4.L.F4.O/am=AAAM/d=0/rs=AN8SPfr_8DyEZ1uyYMKcMtbmwQc9r7i7kQ/m=el_main_css","fqdn":"www.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.251.38.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:04.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /_/translate_http/_/ss/k=translate_http.tr.Qrtd5lGlzn4.L.F4.O/am=AAAM/d=0/rs=AN8SPfr_8DyEZ1uyYMKcMtbmwQc9r7i7kQ/m=el_main_css HTTP/1.1\r\nHost: www.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"rosetta\"\r\nreport-to: {\"group\":\"rosetta\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/rosetta\"}]}\r\ncontent-length: 3969\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 17 Feb 2026 18:18:31 GMT\r\nexpires: Wed, 17 Feb 2027 18:18:31 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 15 Oct 2025 01:09:54 GMT\r\ncontent-type: text/css; charset=UTF-8\r\nvary: Accept-Encoding\r\nage: 242194\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20298,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (20298), with no line terminators","md5":"183cb263396f0b39789db1ae3f1e1b20","sha1":"502fcf18fa8d865213e282824ab2dfaadb9b8beb","sha256":"6a91c12a6fd1664f4d594040374fda61fe5b02fd3aee5f0c877ccbfc49488ec5","sha512":"ef280b60fa9f4bcb446d952f59a9b89442b6da6737bddc20a8fb38fcf0b4083170c09c008d7d221cf205084c8342da1f995bdd99ce907d70e8e14fc62d827acf","ssdeep":"192:nvqx/EhNINclXsfg0S0Q8CqA3ukLzSJFzvQVMZnUIfIxIRhpTpeuHjPtcmx4v78l:gM78Sr3fWJFzouRUqWQhpTpdHjPtc5G","tlshash":"bf92972047aed01967efa82364d36dff71d444db90523eeaaf5a7352cd821f231ea214","first_seen":"2025-06-11T00:07:11.687997Z","last_seen":"2026-04-13T20:47:54.876807Z","times_seen":37896,"resource_available":false,"data":null}},"time_used":969,"timings":{"blocked":437,"dns":0,"connect":40,"send":0,"wait":42,"receive":52,"ssl":396},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getConfig","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getConfig HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 153\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"88c3b3e485d29d420a689b55c0932a25","sha1":"c8620196724b7332fd8d4b80f251732c18db1188","sha256":"2fe1da91936b73ad213716b0ba5213c95ea534dfb29a14d5bb1d2a5eaa8dec6a","sha512":"6ccb7e0c56901b498e4eab4bd16ba4fa06598076c663cc890a90f858fc6dae05413a8ac37e44b9c6a617980faae0e438cd595cdbd7030f3675be19651e9ba422","ssdeep":"","tlshash":"80c08cea100401030930c2046ac222a438a73b9a24e6a9006a86e01ba8d861bc986188","first_seen":"2026-02-20T13:35:30.32086Z","last_seen":"2026-02-20T13:35:30.32086Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1989,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1989,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/goods/goodsList","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/goods/goodsList HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 8\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":8,"data":"is_all=1"}},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 159\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"fe5c43ebfe9f291b8cd470417ef1ff44","sha1":"d7299f66be13b1b4e5daf78dc9e7888fa7f18265","sha256":"948ff17c092f1fe1ab17954b64d0e653b5477239da8ff6098bee33a52fc9b950","sha512":"5c2d4dba534fd751e2afee2e8bfa5b539dce146605837766bfc51ff6207bf8ac25525b1b89272d5bd81e1747c3e466354c196f10d3b1dfec397e14b4ef24d149","ssdeep":"","tlshash":"70c08caa10010106093087083ac222a879f73b9aa4e29d006a82e02ba8dd61bc8861a8","first_seen":"2026-02-20T13:35:30.322096Z","last_seen":"2026-02-20T13:35:30.322096Z","times_seen":1,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img6.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img6.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"5f30-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 24368\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":24368,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 110, 8-bit/color RGBA, non-interlaced","md5":"c38c4baedcf213592acf5e93dfb7fb41","sha1":"94049616685a9f09c80ca6b64f81d8efdf9473d1","sha256":"e4623e07a2b8616c1ee9b4f9cc87e68bc44d511d9df089c984119cded90df21e","sha512":"05486f4a6dda065bfceeba7e7e7f3812e93ef4f7b39af34a2a37fbd5a5eaea5ad0ec11afbcf185171f16289b0741a09d82d8341375f1899a4f8a91f8525d9ead","ssdeep":"384:CNiSRV2kMWpfw69CraZ6EYb5sLM9BmvAvp4CaCsCxbimyBV+aKByMmjxUnsHuig4:CoSv2kMWpfwYEK6HbsMjmvCuSsCxuDBf","tlshash":"77b2e1a6bb9f1942a4dbe3d907e80609d5e6734917c824e7d3371f13179130d49a2b10","first_seen":"2026-01-28T03:11:25.929511Z","last_seen":"2026-02-20T13:35:30.323252Z","times_seen":5,"resource_available":false,"data":null}},"time_used":482,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":63,"receive":419,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img12.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img12.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"9ea8-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 40616\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":40616,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 678 x 156, 8-bit/color RGBA, non-interlaced","md5":"a1f8f0f625d76692d61cb5217cdf1c75","sha1":"0e9e7c5db16cd59a553899bf13014970d6476150","sha256":"706e472bd13ce693d195bfbad775a87fc439d0ab35b5c85a2ae39d98346b6178","sha512":"3d7eff2c1da1379e12283e8e8b3b8d1a8b6391c8e39ba1558a9f97c54f04f7f736cb13b76a30cdfcfedc61b263c47f2bf8f62c1b962da5cc59cb83a15953df6d","ssdeep":"768:N64IYTVX5Xnvd4dkmXs7/FypgZR7nyZ+yIVUHIfxnklWk8VK7/e:N64PVJXvd4umXwmyCIKIfxkuVKy","tlshash":"9503f1b4f7fab636696884eb709bc821ff03ed1448a8f30b134c6418596d0466cf89b5","first_seen":"2026-01-28T03:11:25.991075Z","last_seen":"2026-02-20T13:35:30.324503Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2089,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1984,"receive":105,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"client.crisp.chat/settings/website/c6c1dfb9-905b-4898-83d1-bc92d9873eaf/prelude/?2026-1-20-13-35","fqdn":"client.crisp.chat","domain":"crisp.chat","tld":"chat"},"ip":{"addr":"104.18.29.104","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:08.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"crisp.chat","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 20 Jan 2026 10:11:33 GMT","end":"Mon, 20 Apr 2026 11:11:30 GMT"},"fingerprint":{"sha1":"CF:0C:FC:2F:34:74:7E:49:1E:7C:40:BB:59:F3:B6:C9:67:38:8A:6C","sha256":"FB:3B:C5:60:19:2B:8C:0C:EC:D7:A6:9A:D4:D3:E5:A4:A3:67:2B:44:09:99:21:44:6B:96:A0:65:53:27:D0:26"}}},"request":{"raw":"GET /settings/website/c6c1dfb9-905b-4898-83d1-bc92d9873eaf/prelude/?2026-1-20-13-35 HTTP/1.1\r\nHost: client.crisp.chat\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kryptomining.io/\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:08 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: br\r\naccess-control-allow-credentials: false\r\naccess-control-allow-headers: Content-Type, Origin\r\naccess-control-allow-methods: HEAD, GET, OPTIONS\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 300\r\ncache-control: public, max-age=14400\r\ncross-origin-resource-policy: cross-origin\r\nexpires: Fri, 20 Feb 2026 17:35:08 GMT\r\nvary: Accept-Encoding\r\nlast-modified: Fri, 20 Feb 2026 13:35:08 GMT\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 9d0e62b05821c8cb-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":299,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a7dd9eed4e3585c86d49330d3c04d49e","sha1":"c6e99fb7939d3ba22a2951c1eb5438c78d4e1c82","sha256":"1e744561e11b044712537c52dbf483d2907ffbd6cac2a39193e2df68b3023610","sha512":"0a9f8fbd7339f2b11ad821cef9cd3b73c01e53289b6b2e4495f4cb5503acac1a29f585e424dd6d2dda2f6ec7b531a4f8457183c704e5b324618b91b02cfa3031","ssdeep":"","tlshash":"e4e0c2da0aa04070dbbc431e200eb9fd207741af54aa30fd54a89c2c28322d91a36230","first_seen":"2026-02-20T13:35:30.325633Z","last_seen":"2026-02-20T13:35:30.325633Z","times_seen":1,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/img/sid4.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/img/sid4.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"57c-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1404\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1404,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 31 x 38, 8-bit/color RGBA, non-interlaced","md5":"42370c162bb6a9bfbafffb6b98404a9f","sha1":"c904d86edd4f674d53d25a77860fe02f9e2158e4","sha256":"ffd3a255a0e1463e08cfe14bc135d5432a138c957f4a9bb16bb06e620402ce4e","sha512":"4ce505c16cead2abdd89b0d5bc4401bd866bb54db7b9e641f8a616ee181c00430e9078777314f85815c494b5b8e0f4feeb399dc629e6e712b660ad9937628f3e","ssdeep":"","tlshash":"8521e9442e7d7f326974847224c9bc250c7676f4d61f731b2b0f0403f62ba819a52797","first_seen":"2026-01-28T03:11:25.902261Z","last_seen":"2026-02-20T13:35:30.326775Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1025,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1024,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/adv5.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/adv5.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"2038-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 8248\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8248,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 86 x 86, 8-bit/color RGBA, non-interlaced","md5":"24c5b565bc7e744e0132cae6bd5b2453","sha1":"823091cb1aa7130131af50e7f0dbfaf8ac59c119","sha256":"2751eec650992bf7315b9e808d1a1f5f605626b2b8ca0d1cea0a964dba2de0fe","sha512":"fd1a504a57a2d1face13749eae4cdaa21de5c0b7037fe87ab3f540704fa502cf335107f055d7b8c2fa84c1ae0a7002c7bd3fb3bbbec0fb98c859631eaadd2bbb","ssdeep":"192:P/oqX0a8v418vcwRijHsCzElhjZQWCbsGsIaE7:PQqXb8A18UFfIt1Cgn3E7","tlshash":"1802b096d70cbd4e00f58f324e7c92b97128e7a133ac03aa6d96a6417e35b14178475f","first_seen":"2026-01-28T03:11:25.923701Z","last_seen":"2026-02-20T13:35:30.327971Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2083,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2017,"receive":66,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/indexList","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/indexList HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 6\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":6,"data":"type=2"}},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 153\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"ba20a8ae188688c98801735c208f2eb4","sha1":"3cc1ab5c3e6ca5c5c1fbb19d8e3db237298dc026","sha256":"8851503f770f42e48b0527634ce0bf306a2ec2863419ae978ee3d0fc26818204","sha512":"2e2f9dc5cadb20db35ccc959a74ac8aacc6bb648d5d99d37d3c0a3f0cddf95bdeb877a16018777ff4e2e6ae432759732b1ed8d221d92899e2837a0c625167bdc","ssdeep":"","tlshash":"a8c08caa11040202093082083ac226a469f73baa24e289006a82e01fa8d4617c88f188","first_seen":"2026-02-20T13:35:30.32912Z","last_seen":"2026-02-20T13:35:30.32912Z","times_seen":1,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img2.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img2.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"4be6-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 19430\r\ndate: Fri, 20 Feb 2026 13:35:05 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":19430,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 458 x 68, 8-bit/color RGBA, non-interlaced","md5":"c31a0a6805b9648fce6d3c82f36f7402","sha1":"25c6597a5d9c0771df38ad0e8a9695d77bd9623e","sha256":"3b3f40513dcecad412af41caff7243f2cb01946fe7b56d3af308c66e91578316","sha512":"40f0d23efe5c8a9788fd3cfe0b23ee6131e02a68d529d707a6bf9cbc38f5f049d72c0ef40785b32872834749efdbbb138fd069d4d0da1b8c851200f20535b77f","ssdeep":"384:dkTgPCs7kiXsVkMCmgidXPatCoTxJkG6VcWWd:kgPCs7hMCmlJ+7sWWWd","tlshash":"7a92e0de41bd759891ed13e040eab7b469e5cc239d9dc0f306fe6e299d60b0ad0eda00","first_seen":"2026-01-28T03:11:25.949764Z","last_seen":"2026-02-20T13:35:30.330254Z","times_seen":5,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/fonts/Nunito-VariableFont_wght.ttf","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/fonts/Nunito-VariableFont_wght.ttf HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/assets/index/css/munt.css\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"4d-199155edad0\"\r\ncontent-type: font/ttf\r\ncontent-length: 77\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":77,"size_decoded":0,"mime_type":"font/ttf","magic":"ASCII text, with no line terminators","md5":"61ceca1814dcd5c3bce26357e29e194c","sha1":"dcd53f3ebbf99bd01759f81871a1786ffa7f7624","sha256":"7c2e1bd1308c1562498c6aeb8850f1443cc7cad438d8468f4f4b878f2eab211e","sha512":"6a7a712e1797cbbc504178d66a3dd7f3e7ced474556dc0be5b43d0dd517ec6cc8cc981480dcf10203cc38f2b4214af03a32eaff611e9a4d4636cb3f23ac0a018","ssdeep":"","tlshash":"a7a02453434053c103d070ff40311d4c000341c53140d43f0350c14d00cd5040433f7d","first_seen":"2026-02-20T13:35:30.331478Z","last_seen":"2026-02-20T13:35:30.331478Z","times_seen":1,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getCoinPrice","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:11.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getCoinPrice HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978; crisp-client%2Fsession%2Fc6c1dfb9-905b-4898-83d1-bc92d9873eaf=session_78fa2efc-8e04-49bd-a60c-1e91c8231209\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 156\r\ndate: Fri, 20 Feb 2026 13:35:11 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2e44722d1eeb28ef103f7859be074bb7","sha1":"1a4755fe4cac6883e7143e6e0e7fe63685097a35","sha256":"cd6ce954d763a90d193606112814bf23a62f873df25218ca01eed2ce2bf3d647","sha512":"1c985a9c1c61452e05d5ed0d1144be7469a4d85e2fc45f52b2e29b810519e9c808ca4a58224b8bba96ed1acbc6da5676d813f719bc56cd9b09cc3267bae634c0","ssdeep":"","tlshash":"8bc08cea1001150a493082042ae622a538e73b9a24e29a006e82e05ba8d861bd886188","first_seen":"2026-02-20T13:35:30.254027Z","last_seen":"2026-02-20T13:35:30.254027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-20T13:35:00.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: Express\r\ncontent-type: text/html; charset=utf-8\r\netag: W/\"f7f9-OV0UK1d6LzJDk+kPPRUPkD8XeeI\"\r\nvary: Accept-Encoding\r\ncontent-encoding: br\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"decimal.js","description":"","website":"https://mikemcl.github.io/decimal.js/","common_platform_enumeration":"","icon":"decimal.js.png","categories":["JavaScript libraries"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Popper:2.9.3","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"Bootstrap:5.3.3","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]}],"data":{"size":63481,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1150)","md5":"0628e18d4e9931388998ac46ef78f8c4","sha1":"395d142b577a2f324393e90f3d150f903f1779e2","sha256":"ab666a861d1c1c256eaca36690198c0eec5bc15afcf56341245187fc4d71bb49","sha512":"89f5ed4bef6311bcd660366380e1c5a485d29cc484c9f0c856c522b0fe9e54e74d1b7802eed6ca262d2b0c4ffe74089b8d7894fd6c646682e69acc50cb3f32e7","ssdeep":"768:sXsSW8NXqSW8NX7UyELI69/6RHRCLPKIoIEIhi5twYE3tym4j/df8A8rq6uHEyiG:sXsi6iIORUKIoqhix8X8EyiA5V62V","tlshash":"c8539451db5d2caf021311c160743bd960bf9e32d6178ceafebf622423c5c88666b5b6","first_seen":"2026-02-20T13:35:30.332626Z","last_seen":"2026-02-20T13:35:30.332626Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1600,"timings":{"blocked":574,"dns":208,"connect":304,"send":0,"wait":452,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/decimal.min.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/js/decimal.min.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"7f9e-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 13149\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:03 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":32670,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32089), with CRLF line terminators","md5":"edf3d41bc87901f9e2f638ad9848e338","sha1":"f5e7d4636da36f6821f84dacedb98b8fb9dd6204","sha256":"90171448a828e11d0a832881f16f5e08eb071806b63604118eb44b4a2fb38cb5","sha512":"97fa6f8f80eff325fc5b9e207bfc3415c294b97f954cc91a1b401401111a2fc000415af4d6252b76c7b6d3a622502e58d5ed76ea8d6855485de5974cfab2525d","ssdeep":"768:rnHX+7Sb7cEBFA2HZuE5pJ7ZmGT1aaULc:rnHX+7SPcEnzZ99PV","tlshash":"7fe2f8e532b2f1c623e328e140ef9487f2376d54994d21b1e24c9af53cb1589a27af74","first_seen":"2025-10-30T07:25:48.919852Z","last_seen":"2026-02-20T13:35:30.333839Z","times_seen":10,"resource_available":true,"data":null}},"time_used":2337,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2084,"receive":253,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/js/i18n.js","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/js/i18n.js HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"5ec-199155edad0\"\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 643\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:04 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":1516,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"5b17f5a0dac5329e52eb1bf7eb0649d8","sha1":"3cd063e2ed693cc2831c76e84ed901d931c10fa5","sha256":"45f301186b5ccbf9085d9b9e29f713d18b2e9ac40e6a0f67dca1d39a36a6dd48","sha512":"5be7b2fec538f16fe252796db23a360396af04e38fccb7d9cbf202b842d3df404e48fc8c2c8f067d44195f7b336cfc247479ba7b3c30a8ab59815fa6bc183a64","ssdeep":"","tlshash":"d131328cf4369a81107327e573296500ec71a81f03a1ee0336ad48a16fa9c8cb177dde","first_seen":"2026-02-20T13:35:30.33509Z","last_seen":"2026-02-20T13:35:30.33509Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3007,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3007,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/api/getCoinPrice","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:17.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"POST /api/getCoinPrice HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ntoken: \r\nlang: en\r\nX-Requested-With: XMLHttpRequest\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978; crisp-client%2Fsession%2Fc6c1dfb9-905b-4898-83d1-bc92d9873eaf=session_78fa2efc-8e04-49bd-a60c-1e91c8231209\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 404 Not Found\r\nx-powered-by: Express\r\ncontent-security-policy: default-src 'none'\r\nx-content-type-options: nosniff\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncontent-length: 156\r\ndate: Fri, 20 Feb 2026 13:35:17 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":156,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"2e44722d1eeb28ef103f7859be074bb7","sha1":"1a4755fe4cac6883e7143e6e0e7fe63685097a35","sha256":"cd6ce954d763a90d193606112814bf23a62f873df25218ca01eed2ce2bf3d647","sha512":"1c985a9c1c61452e05d5ed0d1144be7469a4d85e2fc45f52b2e29b810519e9c808ca4a58224b8bba96ed1acbc6da5676d813f719bc56cd9b09cc3267bae634c0","ssdeep":"","tlshash":"8bc08cea1001150a493082042ae622a538e73b9a24e29a006e82e05ba8d861bd886188","first_seen":"2026-02-20T13:35:30.254027Z","last_seen":"2026-02-20T13:35:30.254027Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/css/linsty.css","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/css/linsty.css HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1e40-199155edad0\"\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 2207\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7744,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"28c122cba228906ff972431fb18f5735","sha1":"ef6bf5e49310907e5f4dae16627c6624ac1a30c6","sha256":"d3ce83f759c2fa26ca70829216161b0e2c9e03413d81339737f81cbb9a07d224","sha512":"20ac73b7474cf508bd23fe2d8c801066e3f3cbdb440f0846fd2b24038c7f48a01fcfc687fe2c66e731aa97f7237860a0a9028cad812997d4af11f2d44f121299","ssdeep":"192:MFn48tVZKVPUOP2xI4qJ3v3k058418o3p+n/a+Vn4apX8v:MFn4xG0n+/lVn4apMv","tlshash":"33f1b76cea04104a3333eaf4bb751b59db580497ce0b13acf6c731a5afb016c55a39e9","first_seen":"2026-01-28T03:11:25.972918Z","last_seen":"2026-02-20T13:35:30.336382Z","times_seen":5,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/index.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/index.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"1183d8-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 1147864\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1147864,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1347 x 1347, 8-bit/color RGBA, non-interlaced","md5":"76d297630103a70bf09247088b58bbe6","sha1":"a93ea003a85c635c59a157685d94d80b56c2f0a7","sha256":"7596f2a58f21c6e767bf48686b3c9ee9dd34f5cc892fe47c0129e3aeda667f16","sha512":"b6df79ee6f6352fe0b43aab75bb5eed23e54c74cc49c2bab1feb5dc122d8262e85057c6e9791f5194575f8bbba055ce1a5d87a96156b6deca2af287f885fa884","ssdeep":"24576:uXqMWJBJsZ+9KPhlJKxX8vL32eDZSfUFFemMbE:uMBENfJ8svzPZAm7","tlshash":"672523987c44fd235aa78c7238a6c2c59467d35bfe4aaf024991be780c667f933027d4","first_seen":"2026-01-28T03:11:25.953499Z","last_seen":"2026-02-20T13:35:30.337583Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1757,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1023,"receive":734,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/check_on.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/check_on.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"b2a-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 2858\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2858,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"040ec2d74b71527f8c613fd34cb5dbdd","sha1":"209257bf0b2ff60a832ae5340cf999fe3958770b","sha256":"ac3b80f648cf301183785d551357a0d4cb239bc05f2ffcb4b54306d7d7c31527","sha512":"207bdbc865a8c620850caee8a46b81e9f25cb9afd8231baa2e645afeccb8bcbbcdf9e32caa6ab43bb240024d21bf5ebde9e4452f677a25a2f2e8a5facce63e80","ssdeep":"","tlshash":"ab5119f3772d26c4d52addb34b6c52919b2137be28a0d570080b514555c5b9408dbf4a","first_seen":"2026-01-28T03:11:26.107887Z","last_seen":"2026-02-20T13:35:30.338863Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1539,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1469,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@popperjs/core@2.9.3/dist/umd/popper.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/@popperjs/core@2.9.3/dist/umd/popper.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 6875\r\ncf-ray: 9d0e6284fb134651-ARN\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 2.9.3\r\nx-jsd-version-type: version\r\netag: W/\"49b9-9uMDnVtkfnyfeSk9x8RssoYAPWw\"\r\ncontent-encoding: br\r\nx-served-by: cache-fra-eddf8230026-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\naccept-ranges: bytes\r\nage: 282263\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=lTY8sTP9z2NDwpgQdwf%2BOkxr6DtzbVkfzoVjzUTnVAWpd0%2FHsk%2BdjjMBqAhwiu%2B9pO%2FT7hkaa1kDlayvcZjpgeW9tZ3SIv1zwmkaFpou5sQX7OOhw4%2FP2MqFjAQLfPhigXk%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18873,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (18785)","md5":"e1a71969a95592d2d3d32bb7c1296190","sha1":"f6e3039d5b647e7c9f79293dc7c46cb286003d6c","sha256":"ccc0ee783158d1ab3ae590ef8c982a827e38e8b82fd121551cdd4c20041fcd1b","sha512":"5cba3a6d07b4f22ac939b09cf3aac510a41d70561b18620755771f32cc696ef17ca26a6677548d263a956398668d0d354ecd149a649019faa9b777c68e6ea918","ssdeep":"384:P5tp5wmEyOQQ5+D0/BAyMAoflA0mxPjjLqWlV1NnuGixt0ZUL83H+H9h++Ee:gmE3UD0/myRoynOWD1Nnuft0ZUL83HAT","tlshash":"ca82b5cd3990f0a5167b52b6c07f550fb3339561228ea100b255d6dd2c78ebba26bc3e","first_seen":"2023-03-07T13:48:21Z","last_seen":"2026-06-07T15:53:01.066762Z","times_seen":672,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":27,"dns":0,"connect":33,"send":0,"wait":95,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img7.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img7.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"f753-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 63315\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":63315,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 684 x 192, 8-bit/color RGBA, non-interlaced","md5":"4485b6e5e315070b28d6e7d250d84e28","sha1":"9709de0f86a3c98b1d164dcae9dd5e0fda1e0826","sha256":"23f2a79f15f9eaddbba4e51df18baa0d1351d851adaa49ca2106f26449de6fd6","sha512":"ee9b6a2aa556a19ae1f4dcf6051455e42885236d1ff2ad802477f14c9e11ec475db347dcde79b6a71dd7ca86f82d49194c24f2daeee368e787d0ddebdc0dd0fd","ssdeep":"768:SXjxl1uvq+uMR7SDB7YCzs3+PHc6E0v75xiPeJDKVGCxfJGKoCM97SMDZ:SXncy+7RGSCzRk6Dv75cPeIdC7DZ","tlshash":"ab530126dcdbb20f9abd86021a161cef6d60a04c7b97e57d275cb1829f1cd471f088a7","first_seen":"2026-01-28T03:11:25.925215Z","last_seen":"2026-02-20T13:35:30.340657Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2090,"receive":62,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/huob/img9.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:05.056Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/huob/img9.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nCookie: __vtins__3MTQ0SWdd3rVSyZ1=%7B%22sid%22%3A%20%223d89e210-9afd-5428-91fe-6aa04a966432%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201771596304974%2C%20%22ct%22%3A%201771594504974%7D; __51uvsct__3MTQ0SWdd3rVSyZ1=1; __51vcke__3MTQ0SWdd3rVSyZ1=2838b16d-6309-518b-a930-ff43f624eecf; __51vuft__3MTQ0SWdd3rVSyZ1=1771594504978\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"6635-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 26165\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":26165,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 456 x 96, 8-bit/color RGBA, non-interlaced","md5":"dea0b1cba51590d73f7878a811e19523","sha1":"491a4e904934c20f1cdaa6f51cb7b292075cff28","sha256":"3b2cdf9fe887f87f197a6cc9ccf76058cfcac4a5db0c78ce5253f60933aff988","sha512":"df84d2c40a752c2f75a0aa134a4c825f1b04c8d196a0e852b876604dfed65f40d4cca145f6c01fcc443b4e362c19d1f0f530374bf5701265263850a3d95dbad4","ssdeep":"768:Bb48CI+0fEcNxm8eB0cUcQb8J86ZxllkI913b:JbR+0G8eB0Rb8J8Oxz9R","tlshash":"a0c2d0e25486c816ae70c6ba682a32cc9836fa284f9f1ddda40dd6d45e4903df58835f","first_seen":"2026-01-28T03:11:26.116938Z","last_seen":"2026-02-20T13:35:30.341795Z","times_seen":5,"resource_available":false,"data":null}},"time_used":2095,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2042,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/fonts/bootstrap-icons.woff2?dd67030699838ea613ee6dbda90effa6","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:07.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/bootstrap-icons@1.11.3/font/fonts/bootstrap-icons.woff2?dd67030699838ea613ee6dbda90effa6 HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kryptomining.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdn.jsdelivr.net/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 13:35:07 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 130396\r\ncf-ray: 9d0e62a6ff6d90fd-ARN\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 1.11.3\r\nx-jsd-version-type: version\r\netag: W/\"1fd5c-Agw8b5KAoxXoQl1/kuFbzQzdobI\"\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220181-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 1229654\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=UoKbDBcJoJ2Otq4JGOmJvk%2BqQIEO8KuPosPTzh3dQXyYKD42LQQI3hyPDKbLlkKCR0njhNbghYqt%2B7mDWWd3ugHrXqRKKplb1ATf92kIsQcNvj4s78GHANoYe6clX7x9Rs8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":130396,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 130396, version 1.0","md5":"cc1e5eda776be5f0ff614285c31d4892","sha1":"020c3c6f9280a315e8425d7f92e15bcd0cdda1b2","sha256":"476adf42b40325098fcfa8b36ab3e769186bb4f6ce6a249753e2e1a9c22bf99e","sha512":"8ea88eb326ce57117a24f88abf9ef1740ff55a1cf6d09d8bc1e798132d44bf237aecff44253ef60c9eb3fce108cf4f7d8ea27e6a763a9338c7d6204247b2cc60","ssdeep":"3072:IBqhyg8Dr/UO5b2uP63F92P/ke/zjK9Ec5DGl0zdxxNSw1F:EsyH/uuOsP37j+NK0zdvNFj","tlshash":"b5d312e3ae1bd5965ccf2adb8431382d5e861ceadd039ff265b477ec579182028c025e","first_seen":"2024-01-04T23:06:55Z","last_seen":"2026-06-07T08:11:06.909924Z","times_seen":13823,"resource_available":false,"data":null}},"time_used":188,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":50,"receive":137,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/index/css/munt.css","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.833Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/index/css/munt.css HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"11f0-199155edad0\"\r\ncontent-type: text/css; charset=UTF-8\r\ncontent-length: 1348\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Fri, 20 Feb 2026 13:35:01 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":4592,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"assembler source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"c7df5f47dc13653ac758b68a6fb04e8b","sha1":"9c353c4ac87a0ad73aaa97f659e7f4dd5ab6a2a5","sha256":"a37a5a8e8ea23aca98da31c06a8dff32af32ca56ed2e39a2eb1f753181b07338","sha512":"5bf3acf20c91d29a21c987e35a7562de02113278737cb9ba0a3121be623ecfa4245da146ff26ea815cce2029e3fd283f000a89a573d33369082c0442e90368f8","ssdeep":"48:OQESbKFHALi8n+3/lj0bJ8fXaNFUAyOk3BSX097qcQp51fbTTu5S2vfi7Ti/T8o3:ExFHAO/e8f4FUgCoO21S538ibhYWd","tlshash":"1e917a9ae28b004762735eb82377a739fe7c00524b074b79769877784fa40f16a21f9d","first_seen":"2026-01-28T03:11:26.017862Z","last_seen":"2026-02-20T13:35:30.343671Z","times_seen":5,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kryptomining.io/assets/newImg/index_bg.png","fqdn":"kryptomining.io","domain":"kryptomining.io","tld":"io"},"ip":{"addr":"213.139.206.31","port":443,"asn":395092,"as":"SHOCK-1","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kryptomining.io/","date":"2026-02-20T13:35:01.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kryptomining.io","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 16:13:22 GMT","end":"Wed, 25 Mar 2026 16:13:21 GMT"},"fingerprint":{"sha1":"F9:65:D1:AB:D3:8A:28:D3:90:99:BD:D2:88:CA:F7:E7:A3:E2:B3:82","sha256":"2B:10:97:BC:C8:71:4D:B8:33:06:D2:E2:3D:48:76:11:FD:CD:6F:86:C7:90:F5:DA:E1:A1:DF:1A:95:AD:C6:98"}}},"request":{"raw":"GET /assets/newImg/index_bg.png HTTP/1.1\r\nHost: kryptomining.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kryptomining.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: Express\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Thu, 04 Sep 2025 15:36:02 GMT\r\netag: W/\"a0c-199155edad0\"\r\ncontent-type: image/png\r\ncontent-length: 2572\r\ndate: Fri, 20 Feb 2026 13:35:02 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]}],"data":{"size":2572,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced","md5":"64a5a6cdfecd55495910ea009d31e497","sha1":"083cad3e75ba69f746e32488668c20111a64a833","sha256":"728395b5344e18bc4ea34e11b1669aff31baf7f5f968f0171683ec9e2502a411","sha512":"a96086aeb8e962197794e463de3db771bca4b5e9728f8ac093dc41dcf6282ab4725252d33f609b056e05a9ff0dca1d179a91f73b9602359a1c47fd38136baa28","ssdeep":"","tlshash":"c85132df85752bdacc8b55e142cafdaee85072009dea81f8db1811ec1c9b469f53c2e4","first_seen":"2026-01-28T03:11:26.060191Z","last_seen":"2026-02-20T13:35:30.344826Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1072,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1024,"receive":48,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"kryptomining.io","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}