{"report_id":"bfe40eea-30b4-43d5-be15-8763e29c0256","version":6,"status":"done","tags":[],"date":"2026-03-27T13:40:02Z","url":{"schema":"http","addr":"exchangelink0067.ink/exchange","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"final":{"url":{"schema":"https","addr":"exchangelink0067.ink/exchange#/","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"title":"Amazon Reward points","dom":{"size":102857,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (64423)","md5":"9d89f165bded0a71eeaee081bd6a558e","sha1":"10aee7a9286865eaf5951bae6ee8d4773e20115a","sha256":"95606d1aa7bd33b57e753ff52dccab18e10eb19f4f1e3d552627ba22bb87a770","sha512":"85711c0f344b556b75753285b39090925815f7d12a5221ea24618faf5d3be8b6cae6c94aee16ba3ec3f28a0367c7b0243fcbce4c0704bbefb69c89271f3e00b9","ssdeep":"768:z4m4IGKKbNvfznxNOOetLmmseIjXXlo8Jtikm6WpLffeP69nWC4owYUgSrVsB7Fy:km4IGDbF77OLtHKjFzyfImSrm7qUQfb","tlshash":"35a384e897b5b12f52b971cffa075d4be4d680bf801e1c63bb5c841e2ec3a5696d1408","dom_hash":"domhash6a46e6272c5d73ab9476bfcf048623e5","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"exchangelink0067.ink/exchange","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":0,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-01T13:40:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"exchangelink0067.ink","ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"domain_registered":"2026-03-20","domain_rank":0,"first_seen":"2026-03-27T13:40:04.533282Z","last_seen":"2026-03-27T13:40:04.533282Z","alert_count":51,"request_count":17,"received_data":2122344,"sent_data":9452,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]},{"fqdn":"fonts-api.wp.com","ip":{"addr":"192.0.77.32","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1997-03-28","domain_rank":166248,"first_seen":"2022-11-28T22:42:34Z","last_seen":"2026-03-25T22:08:56.613951Z","alert_count":0,"request_count":1,"received_data":4522,"sent_data":497,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-03-22T22:34:23.857339Z","alert_count":0,"request_count":1,"received_data":711,"sent_data":472,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ipapi.co","ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2016-04-19","domain_rank":7936,"first_seen":"2017-01-31T09:07:01Z","last_seen":"2026-03-25T15:50:32.944467Z","alert_count":0,"request_count":1,"received_data":2509,"sent_data":441,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"maxcdn.bootstrapcdn.com","ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-25","domain_rank":6807,"first_seen":"2014-06-18T00:37:31Z","last_seen":"2026-03-23T02:31:32.901224Z","alert_count":0,"request_count":1,"received_data":28410,"sent_data":474,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-CNKEqp5j.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"importedModule","is_inline":false,"md5":"19c80aa3ed425e1719f54ecfef114053","sha1":"575cf9b9fd0ae4f39d4220eeb4a2d08230374cc4","sha256":"fc2602654bfe5b3e6cc29d599f76bd6b63c4a6694e107528b349c37e0fe41369","sha512":"5a51f695148ca8c7ad7e0446cc2be0731d3132dcf90606c63bdf7cee13cb9678ebd900d454cb0728cdf9b767f5fb2e6b119ff4c196fa0dd315df9fc43cdbf742","ssdeep":"","tlshash":"a3b01203490f21b8023401be0b057fb0111125ccba5087b8374d4ae9875bf521d0a601","size":100,"data":"","first_seen":"2026-03-19T13:43:02.846995Z","last_seen":"2026-04-06T22:04:44.93441Z","times_seen":73,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/us-Dk8k-lRk.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"beb764097c9d144594cb4c7d240874cc","sha1":"523141602effbf2e42d813385469362b4446475a","sha256":"ac9fc10ab30722adb623d5352f36ae10911f8890062cde9b6c3ff909debe85df","sha512":"778c4c5808b2031543cc77bf0c569047f1febeec1f2b9b13eb37e359eec9575f52fdb39c015c52d46526102c5df557bc387694c744f258689537e1d664e66034","ssdeep":"","tlshash":"c711acdc695250a7cf785d1eba7a6d3cc0e23ab95f8b618f8c918c17234065a39980bd","size":911,"data":"","first_seen":"2026-03-19T13:43:02.864214Z","last_seen":"2026-04-03T21:22:57.955067Z","times_seen":65,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-CdBZIvPs.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"57dc3f0f44202fc474587ce9699e87b7","sha1":"b708651ba85a6a9ed1248aec81550ae773d6fe4c","sha256":"5132fc7d13868dbea1a66aec176da0c44561edf5c7cf3420c15b4087d2527bad","sha512":"07fa59441b54eaa91940c17706bbf621b4866b8b7352e187f5218d597f0b03adc7542fd90906a83c0c8d3ffe4ba084878cd346f225432641cea1255a642f6c1f","ssdeep":"24576:zGNhnQL29ydynb0o3+KTMSV8K+78S7C89PpsUNHr/rWtv3pjT7f6QKEc0r4Ne/t9:zGNhnQL29ydynb0o3+KTMSV8K+78S+82","tlshash":"49559d9d39e0637105e2068ee6c7324bf229dc2aa109d1f1f68c99493fc78499277e7d","size":1352346,"data":"","first_seen":"2026-03-19T13:43:02.886671Z","last_seen":"2026-03-31T14:07:38.372003Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-Dh_7oKra.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"introduction_type":"scriptElement","is_inline":false,"md5":"b4f49ce938aa83915159ab5aa4262aa9","sha1":"aa3f59b47db7348a8795585d56b9a447304c6619","sha256":"ef8f6481fb364d5e2cbefb3f69ee2d36405dc18678e147150f88b01712d30b51","sha512":"538555a2778392d10eadfe1970941708638351d1cfb8507fea59ffd5bc3c13a42f78b1b6175ad686108a4aeec185648eb04cae4d5bfcdb9dc7aa3117e1d717d6","ssdeep":"192:B+67N1Hun8ab55gyagxg1bkh64D5ITHL0Df/NDfOVDSDfopyY6w:B+GXHu8c+gmJkhvITrOf/tfOVEfGT","tlshash":"9ee1b5086ef4d1bca0cf04b5e561e4e0b076bc6ae16585d17ff50a2d97aeb4ca341538","size":6901,"data":"","first_seen":"2026-03-19T13:43:02.843985Z","last_seen":"2026-03-31T14:07:38.355831Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-Dh_7oKra.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/index-Dh_7oKra.js HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"dh6zk25pwirk5bp-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 3070\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":6901,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6888)","md5":"b4f49ce938aa83915159ab5aa4262aa9","sha1":"aa3f59b47db7348a8795585d56b9a447304c6619","sha256":"ef8f6481fb364d5e2cbefb3f69ee2d36405dc18678e147150f88b01712d30b51","sha512":"538555a2778392d10eadfe1970941708638351d1cfb8507fea59ffd5bc3c13a42f78b1b6175ad686108a4aeec185648eb04cae4d5bfcdb9dc7aa3117e1d717d6","ssdeep":"192:B+67N1Hun8ab55gyagxg1bkh64D5ITHL0Df/NDfOVDSDfopyY6w:B+GXHu8c+gmJkhvITrOf/tfOVEfGT","tlshash":"9ee1b5086ef4d1bca0cf04b5e561e4e0b076bc6ae16585d17ff50a2d97aeb4ca341538","first_seen":"2026-03-19T13:43:02.843985Z","last_seen":"2026-03-31T14:07:38.355831Z","times_seen":63,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-CNKEqp5j.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-CNKEqp5j.js HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"dh6zk25pwirk2s\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 100\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":100,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"19c80aa3ed425e1719f54ecfef114053","sha1":"575cf9b9fd0ae4f39d4220eeb4a2d08230374cc4","sha256":"fc2602654bfe5b3e6cc29d599f76bd6b63c4a6694e107528b349c37e0fe41369","sha512":"5a51f695148ca8c7ad7e0446cc2be0731d3132dcf90606c63bdf7cee13cb9678ebd900d454cb0728cdf9b767f5fb2e6b119ff4c196fa0dd315df9fc43cdbf742","ssdeep":"","tlshash":"a3b01203490f21b8023401be0b057fb0111125ccba5087b8374d4ae9875bf521d0a601","first_seen":"2026-03-19T13:43:02.846995Z","last_seen":"2026-04-06T22:04:44.93441Z","times_seen":73,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/exchange","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-27T13:39:40.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /exchange HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/html;charset=utf-8\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: workerman\r\nset-cookie: PHPSID=8db76227a271da41c742aa07a267a4e9; Max-Age=31536000; Path=/; HttpOnly\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 353\r\ndate: Fri, 27 Mar 2026 13:39:41 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":572,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF, CR, LF line terminators","md5":"e0ff35e69a3e9fbb98879c9241afc1ac","sha1":"994a923d420318fbeb6f0e4a068a02b76afa2df8","sha256":"9f6a9461b401f1a585575523a5854177162d09f819bc338944ebe95d7b52520b","sha512":"054998c909cfe893e29291be5b048db4e67edc2d74c170fe5c12198a717905b2f0b593af1a64e08a590cc390f95c9163d5ce5c07c0551f3ff8ee381e71a22b9b","ssdeep":"","tlshash":"96f081510c954c1d03f1577c3b82d514e4d3fa4acb0b69c076e5707f2ef5e4888ab649","first_seen":"2026-03-19T13:43:02.866194Z","last_seen":"2026-03-31T14:07:38.360504Z","times_seen":63,"resource_available":true,"data":null}},"time_used":1674,"timings":{"blocked":668,"dns":350,"connect":153,"send":0,"wait":338,"receive":0,"ssl":162},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-4MS2rSuD.css","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:41.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/index-4MS2rSuD.css HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=utf-8\r\netag: \"dh6zk25pwirkb43x-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ndate: Fri, 27 Mar 2026 13:39:42 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":518541,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (64930), with no line terminators","md5":"974899cff7020907365c2d2f95844ff6","sha1":"0e23bd69566eefa5a960df94fb875ddc4066abd2","sha256":"d48d043faef2a736d19bc5e4137b014efb5d7b3028ea0afaf2839976dbd18a97","sha512":"f0acef1951db5e11f9d4071c9b7fbf0a41353428fef05a731ac7af5b20490b7531683b1e4096f319ea069456c1987d52eeb559db59825592df3618e0297ee2db","ssdeep":"3072:CVzEu03pAs8zdJHR4/ZDrvLUbemsDAw6FB:CVzEu03pL3vLUbemsDAwYB","tlshash":"49b4a7c9f6e0211dc226c60af2913ab8fb6b555ce7452df7f11f7b5c9ac228702b2518","first_seen":"2026-03-26T23:19:44.757319Z","last_seen":"2026-03-31T14:07:38.361473Z","times_seen":44,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":308,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-CdBZIvPs.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:41.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/index-CdBZIvPs.js HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"dh6zk25pwirkszh6-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ndate: Fri, 27 Mar 2026 13:39:42 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":1352346,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65124)","md5":"a1c9ad3d6d5d24d9b59d9a56f616ee92","sha1":"14e7593c2e6306963d8cbdefd68f2118827434c7","sha256":"5945d32aca7345ba53f7e252dd985dfacad41d9bdc996bb0fdc5f6fdd008cdfd","sha512":"24f4a009dc66da2b3fc54d1f05f87d29b760034d72f73d5b02a41e9408ee8bdd716fad1d7037ff601897bbb824cdaa6c3627627413857b93e64367c5022a1256","ssdeep":"24576:zGNhnQL29ydynb0o3+KTMSV8K+78S7C89PpsUNH5/rWtv3pjT7f6QKE1:zGNhnQL29ydynb0o3+KTMSV8K+78S+U6","tlshash":"61359da839d0632001e2468de6c7364fe36ddc2ab109a5f5b68cd84a3fc3895d177e6d","first_seen":"2026-03-27T13:40:09.032226Z","last_seen":"2026-03-27T13:40:09.032226Z","times_seen":1,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts-api.wp.com/css?family=Inter%3A500%2C%7CPoppins%3A500%2C\u0026display=fallback\u0026ver=4.11.16","fqdn":"fonts-api.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.77.32","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:42.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Mon, 02 Feb 2026 19:44:49 GMT","end":"Sun, 03 May 2026 19:44:48 GMT"},"fingerprint":{"sha1":"74:16:DF:29:E8:C6:D5:FE:A5:36:94:0A:16:BE:D1:6C:47:5D:73:4E","sha256":"6B:F6:59:57:FF:CF:20:B1:02:F4:62:B9:0B:13:CF:BC:2A:97:53:23:B5:D3:82:11:79:85:81:64:BE:85:54:75"}}},"request":{"raw":"GET /css?family=Inter%3A500%2C%7CPoppins%3A500%2C\u0026display=fallback\u0026ver=4.11.16 HTTP/1.1\r\nHost: fonts-api.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Fri, 27 Mar 2026 13:39:42 GMT\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding, Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-nc: BYPASS arn 13\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=BYPASS;dur=15.0\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3782,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"20d3052e2ec2d6724ef6c901b7837b53","sha1":"03b668324779b05d0d08380aeb41e499f1443731","sha256":"6e6595f831c9645979d196d7a5672486e1c31607a883b52472bc6c5492a385ae","sha512":"9eb3303d234a784c73214627ae0c01a3471b6edb534179f960394dc7918eecbd545de181c71d91dba700b43ef73d5cb78e80d7c9da2e7c7dd93ad81379e0502a","ssdeep":"","tlshash":"9e710ea1042ba1009b835dc323cf7f36ee8e25482045d6a95bfd0d486cead3a5371b9e","first_seen":"2026-03-19T13:43:02.872759Z","last_seen":"2026-04-06T22:04:44.96057Z","times_seen":75,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":37,"dns":4,"connect":8,"send":0,"wait":23,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/@formkit/themes@1.6.9/dist/genesis/theme.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.65.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/@formkit/themes@1.6.9/dist/genesis/theme.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=86400, s-maxage=86400\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/plain; charset=utf-8\r\netag: W/\"4c-4MDUp7kfXiNqi5+TqygY6Z58cgc\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nage: 46503\r\nx-served-by: cache-fra-etou8220162-FRA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 72\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T16:55:58.259884Z","times_seen":13669561,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":62,"dns":1,"connect":26,"send":0,"wait":27,"receive":1,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/getApp?app_id=US_PT_02","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /getApp?app_id=US_PT_02 HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: *\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: workerman\r\nvary: Accept-Encoding\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10973,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"337c835826b9cf96151d2c750a07c5d2","sha1":"e4ca5528628b0974e99f2abe6f0f615b3a1a9217","sha256":"2b0ab7f230eb6665c3afd802ffae120beac99f35d47393f5fd84fd317f7a99ec","sha512":"bb639d4ca830efb39e43fc9515c7d18c0c05e93f9220baebb239e6a7fb4902df3780fa32cfc2c7bce563f1d673c369c93d52fd338493b7a51ab62a354e5e8664","ssdeep":"192:Y/LGw2i9F3uIzyTz72czVEMUVb3dDuTGSvKBElmmiJ2xbMaD/ADnoninK:ELDD+KabxEpb3d6GBOIDDaDGI","tlshash":"c932ae441ec8875e83d1ba9dd67c1b1adc7cf62d4bfa67e1329900ce09ac02a5a37260","first_seen":"2026-03-27T13:40:09.038493Z","last_seen":"2026-03-27T13:40:09.038493Z","times_seen":1,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/dls-flag-us-B-gBogFA.svg","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/dls-flag-us-B-gBogFA.svg HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"dh6zk25pwirk4c8-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 618\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":5624,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"56addba553083eb384b100cbb7e8632f","sha1":"f718526f1ef720e5d361536615595d5bfc3c9688","sha256":"5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18","sha512":"8e25c45c3cb1c056cdbd40e83bfcae2594c4346c5664d28599c81f84d143970d02c65ea47ac2d74d35b76ac913cc28cc2bd5490283f8877b17dee63c315fe8a7","ssdeep":"96:GL5GLGGGa7GDaSFF77W87yCG++7d9iYGGeJ7G1j4GeJSAGj7GetIR747WqyCGkWW:G9PO2XHW8G7B59iYGLE8ih/gRsWP7pTS","tlshash":"35c1cd88bd344e4c1e83a5ce7f6a1ee57efca499e23fc10a561e0648d3a6741e10f9d1","first_seen":"2023-04-20T02:21:02Z","last_seen":"2026-04-08T15:46:23.980261Z","times_seen":855,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/favicon.ico","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.237Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/favicon.ico HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/vnd.microsoft.icon\r\netag: \"dh6d23ivwgsg12s-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 01:17:22 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 1421\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":1396,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"d4814ea76c5393efaf6c27e6632e67ed","sha1":"d3c5921add928ed4d86ef31b36887019645cc15e","sha256":"5cd0f23ccd8cdd237af364707b85c20893fe8abf41e6ca3b5640e01411cc55be","sha512":"02ac1dbb0e8b88bfd06466c092282de7563220e422f4763edbb20bc02aca0674f90d7ea32f637cc6014e9a088cbb21f3706094008b45b01a1bda605c8ffc7cf6","ssdeep":"","tlshash":"da21e9653bc3193e6d1057e36fd2802297c614ae5f590f99600558a3a1fb54068a46e0","first_seen":"2026-03-19T13:43:02.85755Z","last_seen":"2026-04-06T22:04:44.962935Z","times_seen":73,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-CNKEqp5j.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-CNKEqp5j.js HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/apps/US_PT_02/assets/index-Dh_7oKra.js\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"dh6zk25pwirk2s\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 100\r\ndate: Fri, 27 Mar 2026 13:39:44 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":100,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text","md5":"19c80aa3ed425e1719f54ecfef114053","sha1":"575cf9b9fd0ae4f39d4220eeb4a2d08230374cc4","sha256":"fc2602654bfe5b3e6cc29d599f76bd6b63c4a6694e107528b349c37e0fe41369","sha512":"5a51f695148ca8c7ad7e0446cc2be0731d3132dcf90606c63bdf7cee13cb9678ebd900d454cb0728cdf9b767f5fb2e6b119ff4c196fa0dd315df9fc43cdbf742","ssdeep":"","tlshash":"a3b01203490f21b8023401be0b057fb0111125ccba5087b8374d4ae9875bf521d0a601","first_seen":"2026-03-19T13:43:02.846995Z","last_seen":"2026-04-06T22:04:44.93441Z","times_seen":73,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ipapi.co/json/","fqdn":"ipapi.co","domain":"ipapi.co","tld":"co"},"ip":{"addr":"104.26.8.44","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:44.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"ipapi.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 16 Feb 2026 15:59:25 GMT","end":"Sun, 17 May 2026 16:59:23 GMT"},"fingerprint":{"sha1":"37:8F:7A:B7:BF:60:24:8D:1C:83:4F:C2:59:C3:0A:0C:EE:B3:75:A5","sha256":"8D:E6:B5:3D:41:1D:D8:B2:FA:03:95:07:E2:54:7C:1F:A2:22:E9:05:05:5E:D2:99:7D:DF:46:3F:32:52:53:F9"}}},"request":{"raw":"GET /json/ HTTP/1.1\r\nHost: ipapi.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/\r\nOrigin: https://exchangelink0067.ink\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 13:39:44 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nallow: OPTIONS, HEAD, OPTIONS, GET, POST\r\nx-frame-options: DENY\r\nvary: Host, origin\r\naccess-control-allow-origin: https://exchangelink0067.ink\r\nx-content-type-options: nosniff\r\nreferrer-policy: same-origin\r\ncross-origin-opener-policy: same-origin\r\ncontent-security-policy-report-only: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://*.paddle.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://ipapi.co https://maps.gstatic.com https://maps.googleapis.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.google.com https://*.stripe.com https://*.paddle.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; connect-src 'self' https://ipapi.co/ https://*.paddle.com https://*.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/; object-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AwYi25BOQN%2BgUtt%2FopCYEcx7TLOrLWbyOyHl6vZnz6Cp8nP7Wa%2Flq7MnaMaWePM%2F56QI6AOTyUOgyOP4u4e%2BfAA8IPnxvOPSgqf6jD17P7JkY77ZUmISDF%2FD\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9e2ecd8a3b2fb51b-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":744,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5d3efea6ca5c6c08e57dc476b5ffbea0","sha1":"037821c75e45eb29ce42f67b6a61deadbb3a39b1","sha256":"9ec49b3ca65ee4a49a22ad48c275851cdffe49f1eccb6df6dcb7dfcb147f6ee8","sha512":"ad293be23df970c774459940f6c07d057372e21e20defa992014b700fa2737a8c2258009a523e047106593f9a78f474c42918e5fa753d73def65a12fb157a7e1","ssdeep":"","tlshash":"7401df68e4680e7bacb9135cb42869071274220b5e56758e7bd49b8d0f8e9bf30b534e","first_seen":"2026-03-25T11:30:19.658755Z","last_seen":"2026-03-28T22:27:04.671556Z","times_seen":222,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":16,"dns":1,"connect":1,"send":0,"wait":230,"receive":0,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/dls-flag-us-B-gBogFA.svg","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.587Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/dls-flag-us-B-gBogFA.svg HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\netag: \"dh6zk25pwirk4c8-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 618\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":5624,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"56addba553083eb384b100cbb7e8632f","sha1":"f718526f1ef720e5d361536615595d5bfc3c9688","sha256":"5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18","sha512":"8e25c45c3cb1c056cdbd40e83bfcae2594c4346c5664d28599c81f84d143970d02c65ea47ac2d74d35b76ac913cc28cc2bd5490283f8877b17dee63c315fe8a7","ssdeep":"96:GL5GLGGGa7GDaSFF77W87yCG++7d9iYGGeJ7G1j4GeJSAGj7GetIR747WqyCGkWW:G9PO2XHW8G7B59iYGLE8ih/gRsWP7pTS","tlshash":"35c1cd88bd344e4c1e83a5ce7f6a1ee57efca499e23fc10a561e0648d3a6741e10f9d1","first_seen":"2023-04-20T02:21:02Z","last_seen":"2026-04-08T15:46:23.980261Z","times_seen":855,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/us-Dk8k-lRk.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:44.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/us-Dk8k-lRk.js HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/apps/US_PT_02/assets/index-CdBZIvPs.js\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"dh6zk25pwirkpb-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 413\r\ndate: Fri, 27 Mar 2026 13:39:44 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":911,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (910)","md5":"beb764097c9d144594cb4c7d240874cc","sha1":"523141602effbf2e42d813385469362b4446475a","sha256":"ac9fc10ab30722adb623d5352f36ae10911f8890062cde9b6c3ff909debe85df","sha512":"778c4c5808b2031543cc77bf0c569047f1febeec1f2b9b13eb37e359eec9575f52fdb39c015c52d46526102c5df557bc387694c744f258689537e1d664e66034","ssdeep":"","tlshash":"c711acdc695250a7cf785d1eba7a6d3cc0e23ab95f8b618f8c918c17234065a39980bd","first_seen":"2026-03-19T13:43:02.864214Z","last_seen":"2026-04-03T21:22:57.955067Z","times_seen":65,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/ws-bg-light-grey-LTdop1CE.jpeg","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:44.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/ws-bg-light-grey-LTdop1CE.jpeg HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/apps/US_PT_02/assets/index-4MS2rSuD.css\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-type: image/jpeg\r\netag: \"dh6zk18n5kw0daf\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:12 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 17223\r\ndate: Fri, 27 Mar 2026 13:39:44 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":17223,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x305, components 3","md5":"6b79c0f0a9d869ac00812bb798b34b66","sha1":"fcaea21dd095d7ae4837b1e07a84594093bedf1d","sha256":"4a018578b6c0438c92ce376df95a7fefd9bc6eb122968fe511d72da79131bb42","sha512":"baa39686be7ff8c6e73f7425f010dc0ed963190da7b4090794ba34153ed891bede034cafc83e68580b17409b57058ba8563795b274f5d466017c022ba2e28598","ssdeep":"384:IVSMZQzhElxLBLjmlWwBhEv7J63Hu1GYtlfKK4cVX9XcagWIqsGQk:IVGWlhBLqgahE911tli/iX9sagWIrGb","tlshash":"3872c0f00465871cd8d1b53b5db3d310e2121a66956f88da62a3a676c72a7e03f490cf","first_seen":"2026-03-19T13:43:02.875892Z","last_seen":"2026-04-06T22:04:44.94297Z","times_seen":73,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css","fqdn":"maxcdn.bootstrapcdn.com","domain":"bootstrapcdn.com","tld":"com"},"ip":{"addr":"104.18.10.207","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:42.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bootstrapcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 05 Mar 2026 05:27:05 GMT","end":"Wed, 03 Jun 2026 06:27:01 GMT"},"fingerprint":{"sha1":"04:A8:A2:DB:A5:D9:6E:A1:96:19:8E:E4:20:63:9D:DD:4B:05:E5:4A","sha256":"86:F0:31:59:6F:27:50:6B:1C:65:39:9A:BF:6D:0C:A8:82:D5:B2:A6:36:4B:9C:0A:EB:05:EE:13:0F:EE:25:EC"}}},"request":{"raw":"GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1\r\nHost: maxcdn.bootstrapcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 27 Mar 2026 13:39:42 GMT\r\ncontent-type: text/css; charset=utf-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncdn-pullzone: 252412\r\ncdn-uid: b1941f61-b576-4f40-80de-5677acb38f74\r\ncdn-requestcountrycode: DE\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"4fbd15cb6047af93373f4f895639c8bf\"\r\nlast-modified: Mon, 25 Jan 2021 22:04:54 GMT\r\ncdn-cachedat: 12/09/2024 23:20:39\r\ncdn-proxyver: 1.06\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1075\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 4f338739bd75b634e7f3517bf2e1f433\r\ncdn-cache: HIT\r\nserver: cloudflare\r\nage: 2870875\r\ncf-cache-status: HIT\r\ncf-ray: 9e2ecd7f3f1b5694-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27466,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (27303)","md5":"4fbd15cb6047af93373f4f895639c8bf","sha1":"12d6861075de8e293265ff6ff03b1f3adcb44c76","sha256":"ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5","sha512":"f8be32cba15170319b5c9f663c6f0c4ffdd4083cf047d80f7b214d302b489eca25fbee66ddb9366d758a7598efc9b9a886b02c9f751ae71f207cb9db1356243a","ssdeep":"384:Qi5yWeTUKW+KlkJ5de2UYmydfwYUas8l8yQ/8c:Dlr+Klk3YlKfwYUf8l8yQ/T","tlshash":"3bc230f8e54c01d66731c48bff81b36862b6f73dd5814d99f01f690c29d22a522c5bba","first_seen":"2023-04-05T07:46:17Z","last_seen":"2026-04-12T17:18:40.685383Z","times_seen":35789,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":19,"dns":1,"connect":1,"send":0,"wait":9,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"exchangelink0067.ink/wss?uuid=8db76227a271da41c742aa07a267a4e9","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /wss?uuid=8db76227a271da41c742aa07a267a4e9 HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://exchangelink0067.ink\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: zPGbcpQytUkjUutuwDtEtw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nAlt-Svc: h3=\":443\"; ma=2592000\r\nConnection: Upgrade\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nSec-WebSocket-Accept: s0S9k/pneEHwtIrGluq7vwqmJoA=\r\nSec-WebSocket-Version: 13\r\nServer: Caddy, workerman\r\nUpgrade: websocket\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nDate: Fri, 27 Mar 2026 13:39:43 GMT\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-12T16:55:58.259884Z","times_seen":13669561,"resource_available":true,"data":null}},"time_used":469,"timings":{"blocked":0,"dns":1,"connect":152,"send":0,"wait":154,"receive":0,"ssl":161},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-Dqj4DXZT.css","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/index-Dqj4DXZT.css HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=utf-8\r\netag: \"dh6zk25pwirkk4-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 377\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":724,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (723)","md5":"3bf256286150c1b8f5c5be9b37775e68","sha1":"b65debce5deffb18e366b8905397bc82ebdb4e64","sha256":"4f342f97d767c9e8dd0fc1bff2a282c7da4a33307639c6562f1aca518a6c2fc9","sha512":"d806956d86a5cb14363a92a9aeb605ef2874faf6b45fb8ad32d899a1b169b2c5325f9aae9ea70725d339e042dad9d3172cc4d23e89890b72c248f5c04c13f6f3","ssdeep":"","tlshash":"30016d21b54ce0517136d021f8cb79ecf01e3b124459542ba94354a0daa71a62fc0ac5","first_seen":"2026-03-19T13:43:02.859772Z","last_seen":"2026-03-31T14:07:38.362425Z","times_seen":63,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/index-Dh_7oKra.js","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:43.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/index-Dh_7oKra.js HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/apps/US_PT_02/assets/index-CdBZIvPs.js\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"dh6zk25pwirk5bp-gzip\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 3070\r\ndate: Fri, 27 Mar 2026 13:39:43 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":6901,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6888)","md5":"b4f49ce938aa83915159ab5aa4262aa9","sha1":"aa3f59b47db7348a8795585d56b9a447304c6619","sha256":"ef8f6481fb364d5e2cbefb3f69ee2d36405dc18678e147150f88b01712d30b51","sha512":"538555a2778392d10eadfe1970941708638351d1cfb8507fea59ffd5bc3c13a42f78b1b6175ad686108a4aeec185648eb04cae4d5bfcdb9dc7aa3117e1d717d6","ssdeep":"192:B+67N1Hun8ab55gyagxg1bkh64D5ITHL0Df/NDfOVDSDfopyY6w:B+GXHu8c+gmJkhvITrOf/tfOVEfGT","tlshash":"9ee1b5086ef4d1bca0cf04b5e561e4e0b076bc6ae16585d17ff50a2d97aeb4ca341538","first_seen":"2026-03-19T13:43:02.843985Z","last_seen":"2026-03-31T14:07:38.355831Z","times_seen":63,"resource_available":true,"data":null}},"time_used":154,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":154,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/DeltaGold-2026LTO-890x500-CIypgJEf.webp","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:44.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/DeltaGold-2026LTO-890x500-CIypgJEf.webp HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-type: image/webp\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: workerman\r\nvia: 1.1 Caddy\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 93507\r\ndate: Fri, 27 Mar 2026 13:39:44 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":93507,"size_decoded":0,"mime_type":"image/webp","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 885x420, components 3","md5":"a82a917abe2f2525b0e63380df9caf27","sha1":"ddadf3dafac85cccd0243d499198530db9957c39","sha256":"f427c260f01d213c1e26e0c34c8779ad44e5a7713a7819a4180396208acc42ab","sha512":"5732376dc3b3d2eabf1b74389455d2afa144cdd70d45825d6f38fbc81441b2aaa1d04490f1b1ad032a928f152136685bd8aaf982a170ce265fd69c19a13bd6b5","ssdeep":"1536:02sLQf7z35pcNiqxtQ0UORhGkojrahivOx44krB/1ESQiKr3yG9qIiYz:02Gs7r5KEktJukoLT4asSQ9zyAqIj","tlshash":"7c93124d90f842caedd95ff493e325328e50c8a94b588ef32240e1b2cbda751d9315bb","first_seen":"2026-03-19T13:43:02.861953Z","last_seen":"2026-04-03T21:22:57.952654Z","times_seen":65,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":156,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"exchangelink0067.ink/apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-DWqgiJZK.jpg","fqdn":"exchangelink0067.ink","domain":"exchangelink0067.ink","tld":"ink"},"ip":{"addr":"154.81.166.17","port":443,"asn":0,"as":"","country":"Seychelles","country_code":"SC"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://exchangelink0067.ink/exchange","date":"2026-03-27T13:39:44.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"exchangelink0067.ink","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Fri, 20 Mar 2026 11:19:57 GMT","end":"Thu, 18 Jun 2026 11:19:56 GMT"},"fingerprint":{"sha1":"44:AF:86:DE:41:C3:1D:45:7A:E6:39:D2:CD:45:B5:B1:9C:08:21:9C","sha256":"B9:6D:6E:77:0D:50:77:96:17:80:1A:0C:DB:56:6A:2F:ED:BF:3B:2C:18:BF:5E:2A:17:5F:09:EA:D2:2B:2F:C8"}}},"request":{"raw":"GET /apps/US_PT_02/assets/HP-175-Year-Banner-1280x400-DWqgiJZK.jpg HTTP/1.1\r\nHost: exchangelink0067.ink\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://exchangelink0067.ink/exchange\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: PHPSID=8db76227a271da41c742aa07a267a4e9; uuid=8db76227a271da41c742aa07a267a4e9\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncache-control: public, max-age=2592000\r\ncontent-type: image/jpeg\r\netag: \"dh6zk25pwirk1zya\"\r\nlast-modified: Thu, 19 Mar 2026 18:55:14 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\ncontent-length: 93250\r\ndate: Fri, 27 Mar 2026 13:39:44 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":93250,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x400, components 3","md5":"c8d4768df9076ac1443c6207c86bd056","sha1":"924d8b4b963d209a7f2aa311f87ed2ef25cb5a6b","sha256":"e3ea017d0f19e27e01aaa5ee9a50bc3d0cf08d668101e4c5cfeea36c5312ad59","sha512":"bd65ecef06cf5b46f237c5dbcbde1010800c322809f9ea96e7a0959f6c57f32e9a4f3bd865b10164b43ce00ba100aab8dd2bd7c4ed6ad77b914748089e63f176","ssdeep":"1536:xsg+BPX8CvQsq6xNXD/JUY8wT87rE8RKxjxmK0jEXNStzm1ZXOOwl:e/tsEtQwT8UBxtXHSlu8Z","tlshash":"bb9312eb938345049526df3e33e52700871e890fefe13e7d089e9171ab2c7649a25d6b","first_seen":"2026-03-19T13:43:02.849525Z","last_seen":"2026-04-06T22:04:44.944009Z","times_seen":73,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":155,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-27","alert":"Sinkholed","trigger":"exchangelink0067.ink","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-03-27","alert":"Phishing Block","trigger":"exchangelink0067.ink","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}