{"report_id":"d2b899a7-3bf6-47aa-b9d5-854847787100","version":6,"status":"done","tags":[],"date":"2026-02-15T01:03:36Z","url":{"schema":"https","addr":"usdtbep-mining.click/","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":0,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"usdtbep-mining.click/","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"title":"Usdtbep-mining - USDT-BEP20 Cloud Mining","dom":{"size":66875,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (705)","md5":"96d7470eab03bd44a046c03959042d6e","sha1":"61162e3bded9bbc85f4698f70a3ef7d34f5b8072","sha256":"7e18740108edd67177a501ac031d5fdd427bc312f13248e795045dfea4a89346","sha512":"c42720fe9018a1c83140ceecec54c080b8c1183bfdef4b802c10e5f2d5d03ae1277297b478220bea4cb9a92f4f62ad4e8cb9dcf0ad73dcb8c37d7de9f280d517","ssdeep":"1536:tWSmAptugCClGaGInbUZEk64xD60tX531vJY4SlY:t/B4SlY","tlshash":"c663e9642af41a2d755bc544bbbb6f1a3368c043dc0fc928b3ed01685fc5ae8e963694","dom_hash":"domhashe907cbfb1c87a7cf3d175ea5d2144360","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"usdtbep-mining.click/","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":0,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-22T01:03:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"www.coinpayments.net","ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"domain_registered":"2013-08-01","domain_rank":912536,"first_seen":"2013-09-13T09:53:01Z","last_seen":"2026-02-01T02:03:11.150183Z","alert_count":0,"request_count":11,"received_data":146514,"sent_data":5009,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-02-08T22:32:21.331091Z","alert_count":0,"request_count":1,"received_data":47737,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-08T22:17:48.645662Z","alert_count":0,"request_count":1,"received_data":7880,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-08T22:14:51.234086Z","alert_count":0,"request_count":7,"received_data":58385,"sent_data":3802,"comment":"","tags":null,"fingerprints":null},{"fqdn":"usdtbep-mining.click","ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"domain_registered":"2026-02-11","domain_rank":0,"first_seen":"2026-02-15T01:03:37.306884Z","last_seen":"2026-02-15T01:03:37.306884Z","alert_count":6,"request_count":6,"received_data":317994,"sent_data":6466,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Laravel","description":"Laravel is a free, open-source PHP web framework.","website":"https://laravel.com","common_platform_enumeration":"cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*","icon":"Laravel.svg","categories":["Web frameworks"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Livewire","description":"Livewire is a full-stack Laravel framework for building dynamic interfaces.","website":"https://laravel-livewire.com","common_platform_enumeration":"","icon":"Livewire.svg","categories":["Web frameworks","Miscellaneous"]},{"name":"Popper","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"10580ad0bc3ea7ac43d556702a16299f","sha1":"f84fe31960c098db1f541e63327043a2e864cb1f","sha256":"fc4d427083f4ce04bdfef5f0f7777887673c4ea791e332102df4f232175b0035","sha512":"da1f9fda5762332ac24402b8b25cdbe1fb537e6bb38bcd9553025c427ceaf826991f95ada669dcccdc893e1fa60fc1e5c892ab88f6e5c018d20a90903f065a8a","ssdeep":"","tlshash":"c7b09bc458c75900c2173591c035543761341661917e4465173de3949533116e15cc9d","size":128,"data":"","first_seen":"2023-04-12T18:09:08Z","last_seen":"2026-06-06T12:48:14.043044Z","times_seen":8577,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"40eb0c30ef592f7403c033be71ac40a8","sha1":"66b8f7eeaeec7d8686fef51b0605d61a09db889d","sha256":"3a9faf5ba5af95f0200f47d506bdad0df943299e87396b973fa87c88183463df","sha512":"6997d7dac3b7f20670d1418237bf9ec6c09f069fc5e96f706bb1add22869662abcae68c628510550255496ecab3d5072f465eeabdcb50b64e74c9aad9f05df1b","ssdeep":"","tlshash":"20c09bc45cc75910d21735d1c037553b61346661917d4465573da3949533116e15ccdd","size":134,"data":"","first_seen":"2023-04-27T01:00:11Z","last_seen":"2026-06-06T02:49:03.154233Z","times_seen":492,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"2982f2a5009e11a6683e97806132babb","sha1":"25712b90f38100590ed42b9521269fa09b6d879b","sha256":"fa3977f892ef0a6a13cde75e22f4e7f1932ac4cfa81514ea213cc40e6b4258f9","sha512":"0d51f545a4f5acd4b6cc6192f17f2b0bda034b1fb07c458b491c190a037f67ab69cb451c37b6b27981b9377eed6644d8a0d04a360d21d649cb531f28859b4608","ssdeep":"","tlshash":"e9f0bb2a5ac5faf4ad71b0d6d74fb30824f631d508c75424c53cc2557c6447bc2a58c7","size":539,"data":"","first_seen":"2026-02-15T01:03:40.467653Z","last_seen":"2026-02-15T01:03:40.467653Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/livewire/livewire.js?id=5cdaa3ec393c09829366","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"5cdaa3ec393c098293666a1a69eeb311","sha1":"45e20c4a2ad11fdbe6507b3aa731b340826a2669","sha256":"90b371dcd1e5e1455b51c7b0759945859cf1228340f7a5900cd44c1b7ed66c55","sha512":"4bb3dc34851904ed56f5a6d89f4a00352eadd3e0cc801ca9aa45936cdcbb1d410a72e2628493ebcf34f4f203c2ffe4222d65b3ccd65141fe6254ab74b0f97122","ssdeep":"1536:bFWbBs025VQpotIfUoeR9g6qpvWuPkbEyVnw7lxCGuIHIYMx0suDbk/5UK0t6fZm:5KyLBtuU4DpvVZfjuIHIYhvt6FEOySW","tlshash":"e3f33b99b6c1f1b248c77164643f3a0fb2762054589d9090fa79cec07eba948522bf7f","size":159027,"data":"","first_seen":"2023-03-07T12:27:00Z","last_seen":"2026-06-03T15:12:53.32885Z","times_seen":67,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7f53c06f93ae095221ff718c3a158a93","sha1":"9572c80b2918c796eea3c16eba905ef835aeb41b","sha256":"899842782a7fd16fcc2d7a7c877ff9ec159394044c87b158b2ef132786606932","sha512":"d9ac61274b8de67808c2bc86fbdfa5b45d9c9858285a5bbf6a1ad21db09d4159e66bfe2c2fa2a8759591c17b224667b559e82fc71e6343b2df8d26a0375abe9e","ssdeep":"768:gDWpHFKOT9onx0mD+zcyLAE+7jNb+mQmPl7cQqDTvmtfbYxeE3X5K:iWG1h+cMAE25+mQ+LqOf8p5K","tlshash":"dc23f8e97396b53283ef01b180bb460af33d2990550e5468f769d8da383948d41f3fba","size":46632,"data":"","first_seen":"2026-02-03T15:27:32.411372Z","last_seen":"2026-06-06T09:06:40.070484Z","times_seen":970,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"a23b003a77f0753b7f0f4ff34c977099","sha1":"9f7ca9508c7c9a4f30b370b17b3f219ba04c949e","sha256":"9a56107fe3fa5e7c1cf37c221e5a4d75ed699016b85d9971c3e6f58164237cc1","sha512":"660350f1fc0849317c059fd3cf80fa30b7f7aeca09e95c5cfd98cb49bde4836526c3bfd72423cca41e678e70d26db56a163422bdd9f7f0baafefaa81ea9e4c66","ssdeep":"","tlshash":"afc09bc498c75900c3573591c035543b62346661917f4875173de7d5953315ae15cc9d","size":136,"data":"","first_seen":"2023-04-15T22:30:47Z","last_seen":"2026-06-06T12:48:14.040614Z","times_seen":4586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"ef089f58bda76fcc33654f10ea60480c","sha1":"9648039b975f75419e8abd664b422999ef2d6906","sha256":"32ca86163b511e050a5eea26a81f2495b0606c3da2707dea45d00b0e62f73aeb","sha512":"eed602abfa0cac3f6b27059710354ef4eacd4100abd70ad619fdb95f253e34ceb5d8981f06a2e4177f5ba949fec322d92caa21f5f292c0dc5297e35092809d51","ssdeep":"","tlshash":"42c02bc488c20900c3073590c039803731341260c07d44aa173ce3909833026e00ccdd","size":139,"data":"","first_seen":"2023-04-13T23:00:32Z","last_seen":"2026-06-06T12:48:14.040038Z","times_seen":5502,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"2d06177c6233c92302d7ae52a431ffa5","sha1":"eec8bd413f439f9d455e6646e4daa56b6301f87c","sha256":"f23431bb4b025df0ac2be615d518e2727bea1ba93c895d15986e3a696c891bb0","sha512":"9e2f239c7522d4f262e21ea55b381203a02475f93bd7bef74cd7b714a6acb7de4665200b2170361ef724962f7a71ffc803580b1d5c4f2f9d520f8de0e9053300","ssdeep":"","tlshash":"4db09bc458c65900c3533591c035543b61345661917e4875173de7949533156d15cc9d","size":129,"data":"","first_seen":"2023-05-09T18:04:55Z","last_seen":"2026-06-06T10:00:18.873909Z","times_seen":1307,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/assets/themes/frontend/default/vendors/@popperjs/popper.min.js","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"83e6ef063fa41ff8d8c00956a7cd3fd9","sha1":"8eeb7bf71e8a978b82a1a198015f14d73d2ea592","sha256":"5a07c69f9061eb12e39a031358a4f567f30a002ad6182639ac84fd1bda2f6e65","sha512":"dab363d8a27e0fcb3571e35ab1321ec7acf81d6c8e9c460b542dc58a018e9b240265cd9e0572a03b1426a37a0a2c7c9f723e77bb3e1032c44258d6cb777d90d6","ssdeep":"384:PDzk5KmEpLFd7tRwQZMVwAVfbsnmlHiBnjLU4MSV1Nn1awap1P9Vy8UuZHFh+L4O:NmERLwQZcFVLCBjg4MC1Nn1ip1P9Vy84","tlshash":"5d82c6cd3994f0a1167b52b6c07f550f73339561228ea410b255d6dd2c74ebba22bc3e","size":18594,"data":"","first_seen":"2023-03-07T12:03:09Z","last_seen":"2026-06-06T12:33:54.51361Z","times_seen":5267,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/assets/themes/frontend/default/vendors/bootstrap/bootstrap.min.js","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b5730588db13e71c65bdb1d234089260","sha1":"282209ef6065e8451a5623c1b208d256d7b14c27","sha256":"77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9","sha512":"10a596b3565c036658f656cb2123f3f1a191dbe2fb25562a040613ab90178019128d14ae4041aa5b1f11d73017d7a29d5cf6828ce09a284f0c0a9534c1c1e51c","ssdeep":"768:Gs1FOa1EatDEOyStIzhgAQD/BExN8TVO3cQodO6/2Vm7MTRAxmYIZ9tFepWOgdJK:G9i5G/M+ThF6n","tlshash":"9a43b45a3258b87309de44a68076470bf7255d94b047812cb9bdacee1b3dc8272b7f78","size":60091,"data":"","first_seen":"2023-03-07T12:10:18Z","last_seen":"2026-06-06T10:30:38.066799Z","times_seen":12638,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7884\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 00:49:17 GMT\r\nexpires: Sat, 13 Feb 2027 00:49:17 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:34:42 GMT\r\ncontent-type: font/woff2\r\nage: 173639\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7884,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7884, version 1.0","md5":"9212f6f9860f9fc6c69b02fedf6db8c3","sha1":"ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b","sha256":"7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f","sha512":"67317495f4b53e20a9f31c034e456e6c37f387dffb2c092caa5159bc441cfcadd02749ffe5bbed1d580d5300a59e48a767ef2c6d9978b474f84c1a2cd095c126","ssdeep":"192:xLFDbKO9E3rS3JWBRO/J601FSS5ZUbik3Zy2f0:pd9J5W501otlI","tlshash":"c3f1ae4eb3f2cd1be40982e53a0fc90b1c578272681fd772d067a22517893bc8db2c81","first_seen":"2023-04-05T15:35:34Z","last_seen":"2026-06-06T13:10:49.977272Z","times_seen":352196,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":143,"dns":1,"connect":7,"send":0,"wait":8,"receive":1,"ssl":242},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/alialoula/alialoula.css","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ltc-miner.pro.x2money.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 18:14:50 GMT","end":"Wed, 13 May 2026 18:14:49 GMT"},"fingerprint":{"sha1":"08:0B:25:16:1A:81:9F:20:0C:75:68:11:C4:1A:2A:B6:DA:A4:36:75","sha256":"E5:82:41:E7:E3:5D:CE:B4:53:CF:D2:78:53:1B:F1:3E:82:10:11:18:5B:E2:4C:5A:5C:E3:09:C9:A7:C4:7D:40"}}},"request":{"raw":"GET /alialoula/alialoula.css HTTP/1.1\r\nHost: usdtbep-mining.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nCookie: XSRF-TOKEN=eyJpdiI6ImJzREFibWxWQ3JrUVJrUUFObXVGYmc9PSIsInZhbHVlIjoiYnN2SHdnNmhqcG5ESkh6OHhVNE01VFd5OTZibjlhVnlKRXY4bTVyMHQ1N0k0cG42aHByUS8zbkdyOUVOclRNYmpJaktmUHI3b2pucitaL3E0REdJM2RaTFYyVVlvSTc1T0lxdVZ1MzFsaFkrUjVWUmhKcGhQSVA1Qy92aDlhMlgiLCJtYWMiOiJmZTM2ZDliZDM1MjUxZDRlOTBkMjRiN2Q1YjQ4YTcyNTA0N2IzNmI1M2FjZGJlMzI5ZjBhMmJmZjEyMGE5YTE0IiwidGFnIjoiIn0%3D; usdtbep_mining_session=eyJpdiI6Imo2QUtpSHFBR2swcjhkaUkzM0VYcGc9PSIsInZhbHVlIjoiTGIrTXlKQmJSMlhPeW85anZUOXpjL1l0NmRYeFR6MG42R2pMclNLWFRSRE1IaU0ybXRLUGRzWnZrb2djRXA0aW04TDRFVEFPdkN6dm9uZ3hRbFhBZ0NyV2hZd0dYSUw0c1FXc1N1VU5sUVB0Vnl6RTRBUkY3Y0JFYWpNWXFyUWgiLCJtYWMiOiI4NDAyNTRkMzhiZDUxMDIwN2YyMzg4ZmI4ZGRiOWIwN2MxOWQwZDNjNmZlMWMwNTg5ZDkwMGQxMTVkZGU0ODQ1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 22 Feb 2026 01:03:15 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 24 Oct 2025 20:53:32 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1101\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6843,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"2a3cdc2b37f64dc533c56c22081c0e9e","sha1":"54fae146fb51362bbe556c5592b10548e0136ebb","sha256":"7398388cf2915cf71e0e6528b9d1a76eb9eedca1a21c98c39e8d2322ae4e364a","sha512":"f1fd34e943b347581bd8068864e7377de923f37950235a6c6d5a761a0d63e2f444efa08bd4614f6f73eb1fe0e9919f97147ae3b4863d83136763fe16eaa415d0","ssdeep":"48:bo8tccqCWeIll0xePcXiaQIgPWqMCUwli+xjo8tKtMnFiBqM0RdvZpunFiBqM03m:buCV4PcXiXIgPNnFpznLv8nLGKHPVagY","tlshash":"75e1ccbe8d1d128065ff8b3637e70ff796b54132860611eabae52a0e77c1b1004e0de5","first_seen":"2025-10-26T12:36:10.072534Z","last_seen":"2026-05-04T23:53:06.965941Z","times_seen":14,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/TRX.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/TRX.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 13844\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"3614-5db4aa8fb0ff1\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1485\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":13844,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 232 x 232, 8-bit/color RGBA, non-interlaced","md5":"cd3b6fbb02d8a85c1b41d4f94cd0da86","sha1":"77fcfb8e32c0551af0378a1a2e1ebee0bc5bc8d8","sha256":"e2d071c6f9b908e5f7953bd2aec8f7e5501aec6e3b5f2db9e8700f58451b8f4b","sha512":"1a245e0230b8f595c08ad67d039ce8597af0d9a3b8e2390696a6fb78913bc5299795de51c7f68381defb600f6fe819f4f5a11421fb945bd345081d937d9ba6e3","ssdeep":"192:GYnthJuun6b8sUW0eXbRrAsUqG1Pjd8HrQApck+WwrFUJvSR6kedA6bc3SJF2gGv:GYb/6bzNJAx71qL7XbwGpScQpq6RH","tlshash":"cc52c04847ee4f116a8f58d4cce04d8a78b993ef37a1cc50a66b554f963f8c01958377","first_seen":"2023-08-07T11:47:13Z","last_seen":"2026-05-27T01:30:22.755602Z","times_seen":15,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":193,"dns":0,"connect":0,"send":0,"wait":59,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/livewire/livewire.js?id=5cdaa3ec393c09829366","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.816Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ltc-miner.pro.x2money.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 18:14:50 GMT","end":"Wed, 13 May 2026 18:14:49 GMT"},"fingerprint":{"sha1":"08:0B:25:16:1A:81:9F:20:0C:75:68:11:C4:1A:2A:B6:DA:A4:36:75","sha256":"E5:82:41:E7:E3:5D:CE:B4:53:CF:D2:78:53:1B:F1:3E:82:10:11:18:5B:E2:4C:5A:5C:E3:09:C9:A7:C4:7D:40"}}},"request":{"raw":"GET /livewire/livewire.js?id=5cdaa3ec393c09829366 HTTP/1.1\r\nHost: usdtbep-mining.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nCookie: XSRF-TOKEN=eyJpdiI6ImJzREFibWxWQ3JrUVJrUUFObXVGYmc9PSIsInZhbHVlIjoiYnN2SHdnNmhqcG5ESkh6OHhVNE01VFd5OTZibjlhVnlKRXY4bTVyMHQ1N0k0cG42aHByUS8zbkdyOUVOclRNYmpJaktmUHI3b2pucitaL3E0REdJM2RaTFYyVVlvSTc1T0lxdVZ1MzFsaFkrUjVWUmhKcGhQSVA1Qy92aDlhMlgiLCJtYWMiOiJmZTM2ZDliZDM1MjUxZDRlOTBkMjRiN2Q1YjQ4YTcyNTA0N2IzNmI1M2FjZGJlMzI5ZjBhMmJmZjEyMGE5YTE0IiwidGFnIjoiIn0%3D; usdtbep_mining_session=eyJpdiI6Imo2QUtpSHFBR2swcjhkaUkzM0VYcGc9PSIsInZhbHVlIjoiTGIrTXlKQmJSMlhPeW85anZUOXpjL1l0NmRYeFR6MG42R2pMclNLWFRSRE1IaU0ybXRLUGRzWnZrb2djRXA0aW04TDRFVEFPdkN6dm9uZ3hRbFhBZ0NyV2hZd0dYSUw0c1FXc1N1VU5sUVB0Vnl6RTRBUkY3Y0JFYWpNWXFyUWgiLCJtYWMiOiI4NDAyNTRkMzhiZDUxMDIwN2YyMzg4ZmI4ZGRiOWIwN2MxOWQwZDNjNmZlMWMwNTg5ZDkwMGQxMTVkZGU0ODQ1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: PHP/7.4.33\r\ncontent-type: application/javascript; charset=utf-8\r\nexpires: Mon, 15 Feb 2027 01:03:15 GMT\r\ncache-control: max-age=31536000, public\r\nlast-modified: Wed, 20 Oct 2021 07:27:34 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":159027,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (54461)","md5":"5cdaa3ec393c098293666a1a69eeb311","sha1":"45e20c4a2ad11fdbe6507b3aa731b340826a2669","sha256":"90b371dcd1e5e1455b51c7b0759945859cf1228340f7a5900cd44c1b7ed66c55","sha512":"4bb3dc34851904ed56f5a6d89f4a00352eadd3e0cc801ca9aa45936cdcbb1d410a72e2628493ebcf34f4f203c2ffe4222d65b3ccd65141fe6254ab74b0f97122","ssdeep":"1536:bFWbBs025VQpotIfUoeR9g6qpvWuPkbEyVnw7lxCGuIHIYMx0suDbk/5UK0t6fZm:5KyLBtuU4DpvVZfjuIHIYhvt6FEOySW","tlshash":"e3f33b99b6c1f1b248c77164643f3a0fb2762054589d9090fa79cec07eba948522bf7f","first_seen":"2023-03-07T12:27:00Z","last_seen":"2026-06-03T15:12:53.32885Z","times_seen":67,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":191,"receive":74,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLDD4Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7824\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 12 Feb 2026 20:03:04 GMT\r\nexpires: Fri, 12 Feb 2027 20:03:04 GMT\r\ncache-control: public, max-age=31536000\r\nage: 190812\r\nlast-modified: Mon, 15 Sep 2025 16:34:56 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7824,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7824, version 1.0","md5":"af4d371a10271dafeb343f1eace762bc","sha1":"6d11d743bc3cfb169d70bc86450f18351dc1a905","sha256":"60bf0aba6526436f3930c58c12047687fbb6bff4dd180cce4613458ed3439ea2","sha512":"98e1d4804a31f0ec40307bb02d7af0e25e1a01f2d0f69676cd55f97f64a8d50ecfd5be05525956c4a80bf0d98810badbb08acb2927cd78963bcdde9f96e25ba1","ssdeep":"192:SvrCMV0T6yUN1NfKPtAqGFNL2kshO5YwMg9eSnUK:SvV0T6pNzSPtCrhsCYwMqeSnUK","tlshash":"44f1ae6ff6ea226ff944537dbc50108431224f92b94f11b61d2b126a77e87c8620b2a9","first_seen":"2023-04-06T18:33:44Z","last_seen":"2026-06-06T13:34:07.942794Z","times_seen":27345,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":195,"dns":4,"connect":8,"send":0,"wait":9,"receive":1,"ssl":179},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7816\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 14 Feb 2026 07:02:38 GMT\r\nexpires: Sun, 14 Feb 2027 07:02:38 GMT\r\ncache-control: public, max-age=31536000\r\nage: 64838\r\nlast-modified: Mon, 15 Sep 2025 16:35:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7816,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7816, version 1.0","md5":"25b0e113ca7cce3770d542736db26368","sha1":"cb726212d5d525021752a1d8470a0fb593e0c49e","sha256":"9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526","sha512":"a0d331e62ab4727f49ca286a1ee7fb81cddc5bb9edf71ef84f4bd4fa1552069af1a82752011ba88fae80862d034135926b7e99d70e59d626d66d4ede90e94c30","ssdeep":"192:Agw5ksLwlyK8F2BXU96Fc575OI3+ga534SlEFwTG4ovej9be:Al5y8FSUMS5VOq1KISlvS4ov+4","tlshash":"a3f1af19d5de5a73f80032b45b6911ba7e42fa83bc68bbedf8046a10ad542cb467cc91","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-06-06T13:09:22.105042Z","times_seen":257632,"resource_available":false,"data":null}},"time_used":376,"timings":{"blocked":138,"dns":3,"connect":20,"send":0,"wait":8,"receive":1,"ssl":202},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiEyp8kv8JHgFVrJJnecmNE.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiEyp8kv8JHgFVrJJnecmNE.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 5644\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 00:49:19 GMT\r\nexpires: Sat, 13 Feb 2027 00:49:19 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:34:42 GMT\r\ncontent-type: font/woff2\r\nage: 173637\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5644,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5644, version 1.0","md5":"90926c36b712cb131f3f890bbb8c477e","sha1":"854e6f96532537002044042175ea57d6f83bf4e9","sha256":"0b1fcab42c18b69bcfe9ce4799fcbff5af1621c53ffcfdc4723c6f5ec4ee3ffb","sha512":"83807f0c7a832ffcc7093e676b8da21b323e0ca46b407978249565197416429f8208191b50a47a0ee0e0e56fb0a7e52a57aceebe77544580b88c174078446147","ssdeep":"96:fIFfzjZxOWVAeoZKJygG7gQ0ARrvfzR7YHDviqi9CdWRxHTjlt7ndMk+09RiOb:wlLOLZKJzJARrl7Yjvhi9CdoTjR+09L","tlshash":"dcc19e7ff40ea6424e4c3c7afa3fe30fd5c1109f5e3985f12696a9283562195821c2e6","first_seen":"2024-12-05T00:19:49.50341Z","last_seen":"2026-06-06T12:31:51.738343Z","times_seen":23235,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/DOGE.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.373Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/DOGE.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 8717\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"220d-5db4aa8faa291\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8717,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"17c82f9553e44f80bf489eb4f00cd21d","sha1":"24bc21e6ae3705ab1f38fec68d30f41d40725841","sha256":"e6c61ff17419bddc3998402db7e3ff59291ecbb2facbebfb9581ecd53812604f","sha512":"b1dc4012df193d51d8c45f740fcd419874edb0be69bbe7e56e1d84b63401099ccb270670a169488a02c11ab5c0477985d50634c761a11815bee4769a1f05679c","ssdeep":"192:tF8zaZWs+bNt+fg3tkpPDGkGvIC72l5liWEaCaXyyJoRB:t+cWHBtPOtGjAC7mliWjC+yyJoRB","tlshash":"05029ecab8b01f10c969f0901af6be33f5855cd145a2fb68ca1f582e2120663ebe44c7","first_seen":"2023-11-04T10:00:50Z","last_seen":"2026-05-27T01:30:22.757408Z","times_seen":14,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/alpinejs@3.x.x/dist/cdn.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.16.175.226","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 25 Apr 2025 00:00:00 GMT","end":"Mon, 04 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"A6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F","sha256":"20:CE:80:8C:8A:B7:48:3B:0B:A0:F2:AC:61:42:83:EC:54:84:A8:FA:4C:2D:98:10:FF:8B:FA:A5:1D:F5:21:28"}}},"request":{"raw":"GET /npm/alpinejs@3.x.x/dist/cdn.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 17260\r\ncf-ray: 9ce0e26bab6d2efa-OSL\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=604800, s-maxage=43200\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 3.15.8\r\nx-jsd-version-type: version\r\netag: W/\"b628-lXLICykYx5buo8FuupBe+DWutBs\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220146-FRA\r\nx-cache: HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 3005\r\ncf-cache-status: HIT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=vpRgxxHgQOAFAjy%2Fqwrl3gW4rmaQplZNlToPVXBvAXuaXcnTyhOJBbNDvifPQlLrP9rAggNp2RMx5B3jEJfXimKRdhFN1ze8j4%2BUuqSp92z%2FI1CV%2FkAbfEmriBR6LaKK8as%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46632,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (41221)","md5":"7f53c06f93ae095221ff718c3a158a93","sha1":"9572c80b2918c796eea3c16eba905ef835aeb41b","sha256":"899842782a7fd16fcc2d7a7c877ff9ec159394044c87b158b2ef132786606932","sha512":"d9ac61274b8de67808c2bc86fbdfa5b45d9c9858285a5bbf6a1ad21db09d4159e66bfe2c2fa2a8759591c17b224667b559e82fc71e6343b2df8d26a0375abe9e","ssdeep":"768:gDWpHFKOT9onx0mD+zcyLAE+7jNb+mQmPl7cQqDTvmtfbYxeE3X5K:iWG1h+cMAE25+mQ+LqOf8p5K","tlshash":"dc23f8e97396b53283ef01b180bb460af33d2990550e5468f769d8da383948d41f3fba","first_seen":"2026-02-03T15:27:32.411372Z","last_seen":"2026-06-06T09:06:40.070484Z","times_seen":970,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":2,"connect":1,"send":0,"wait":9,"receive":1,"ssl":12},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/BTC.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.796Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/BTC.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 6291\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"1893-5db4aa8fa73b1\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6291,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"b3fe99ab4fbf1c4fb2b853283096af82","sha1":"02c61a898e2227aa4ba40bdd02004d07b20041f9","sha256":"2bcc56bbe3e3a2a3477ac60ede90284e089dd2ab344c52fef30dc0aaad0d6e9f","sha512":"aed7f3fd584451584917a3d84427d012e4e64e40e1509da994a8cb7b47f4331013ab3b88b95518ae034b9045ef65dd203cb33562116e851b4cfd32dde4709712","ssdeep":"192:PTqBWOH29tkQJPqOOWGdBXxB8eGvWxhSL5Zmj:PTqBVH/0S9WGdRxBGvOSNAj","tlshash":"67d1b04976917803a84914aa2be2600577800d89a7d8f807ff4bdccdf33cae154e4adf","first_seen":"2023-11-04T10:00:50Z","last_seen":"2026-05-27T01:30:22.762097Z","times_seen":11,"resource_available":false,"data":null}},"time_used":435,"timings":{"blocked":197,"dns":94,"connect":23,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/ETH.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.799Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/ETH.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 24219\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"5e9b-5db4aa8faa291\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1485\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24219,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"8cf1bd655a7c0b9eae707e3db3437c47","sha1":"08aef49c8575cd26d3613ab976890d5201fca3fa","sha256":"2f31893f9271daa1700473033f4c1b584c1243895e0a1a2e322afe4ed58056c7","sha512":"ddb252844c439c073604401dbf08d0cdbe6aabccb4b6ed578fda5294f4b3770eb9d05d503265acd9c41cdf2457051277654d05c0cd0441d1a383a0b4d01f4e01","ssdeep":"384:9pBmYnIWn30ZcZGT+SQD1J/WEuKnLZZlsa/bjZSM8+fTPk890IFFhg78xyqs9tXf:9pBmYnLkZcZhN7WEfLTLJ8GTlRS4xyqg","tlshash":"1bb2e0dcd632ec980fd255041a1d649fe92dd2ed7f61fda6cccf80728ca6b004666ac2","first_seen":"2023-11-04T10:00:50Z","last_seen":"2026-05-27T01:30:22.763047Z","times_seen":8,"resource_available":false,"data":null}},"time_used":237,"timings":{"blocked":194,"dns":0,"connect":0,"send":0,"wait":42,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/DOGE.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/DOGE.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 8717\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"220d-5db4aa8faa291\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8717,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced","md5":"17c82f9553e44f80bf489eb4f00cd21d","sha1":"24bc21e6ae3705ab1f38fec68d30f41d40725841","sha256":"e6c61ff17419bddc3998402db7e3ff59291ecbb2facbebfb9581ecd53812604f","sha512":"b1dc4012df193d51d8c45f740fcd419874edb0be69bbe7e56e1d84b63401099ccb270670a169488a02c11ab5c0477985d50634c761a11815bee4769a1f05679c","ssdeep":"192:tF8zaZWs+bNt+fg3tkpPDGkGvIC72l5liWEaCaXyyJoRB:t+cWHBtPOtGjAC7mliWjC+yyJoRB","tlshash":"05029ecab8b01f10c969f0901af6be33f5855cd145a2fb68ca1f582e2120663ebe44c7","first_seen":"2023-11-04T10:00:50Z","last_seen":"2026-05-27T01:30:22.757408Z","times_seen":14,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":84,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/DASH.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.810Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/DASH.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 5498\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"157a-5db4aa8fa92f1\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5498,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced","md5":"780f7d6182283e7315b076ada25d0a05","sha1":"2805fb9507601f1d6e8ad1b1f672227d8424d93e","sha256":"8a66a4f0af3b19bdd6e04eb75c0af7f7bc41d56c6c5c735d4af41ad92fe69043","sha512":"02ed1998aac84a64261e04ac504dfdbf04cac5d93e2b4ffe551adda628a3df1e5aa05cfbab27d0d73d17c13f26d6a59766be81cb39f4aa46b3e6f74771f64e58","ssdeep":"96:0O3oqKf3KIrDWKHACcuh+Z/LqxWTCb/UKfSP8Nu+Oy0sXkpW2779O55tcmspSBTk:H3oqKPKDK7fMZ/Lq8/KfdOy0s0xP9OfO","tlshash":"2eb17dd5c2539ce0922d2c66e1e205a9e2018bcee82d94827673fa53f15f24518ee37d","first_seen":"2023-11-04T10:00:50Z","last_seen":"2026-02-15T01:05:17.61509Z","times_seen":4,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":82,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 8000\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 11 Feb 2026 23:23:02 GMT\r\nexpires: Thu, 11 Feb 2027 23:23:02 GMT\r\ncache-control: public, max-age=31536000\r\nage: 265214\r\nlast-modified: Mon, 15 Sep 2025 16:33:57 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8000,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 8000, version 1.0","md5":"72993dddf88a63e8f226656f7de88e57","sha1":"179f97ec0275f09603a8db94d4380eb584d81cd5","sha256":"f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149","sha512":"7c20165f9d22a86341e841fd58526209017dcde2afe2d0d2a89fe853d95dc69f658d25cf798c71f452dab09843fc808c1ae87a60b1284134163abf5a1d93e50a","ssdeep":"192:GDonmfrEdXT8WrxzRXwyQo3zGEOM7Y2hOMgWnsfYSjv4ENFGwrlKJ:8onPxTzjgyQSzLPXOTIYHJAJ","tlshash":"08f1b0ffa92456c4df692475a5044f27623652b4dd35cb2f496f3e12d2d74224bcc4c1","first_seen":"2023-04-05T18:53:14Z","last_seen":"2026-06-06T13:06:40.33082Z","times_seen":253486,"resource_available":false,"data":null}},"time_used":339,"timings":{"blocked":151,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":177},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/alialoula/usdtbep20.svg","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.794Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ltc-miner.pro.x2money.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 18:14:50 GMT","end":"Wed, 13 May 2026 18:14:49 GMT"},"fingerprint":{"sha1":"08:0B:25:16:1A:81:9F:20:0C:75:68:11:C4:1A:2A:B6:DA:A4:36:75","sha256":"E5:82:41:E7:E3:5D:CE:B4:53:CF:D2:78:53:1B:F1:3E:82:10:11:18:5B:E2:4C:5A:5C:E3:09:C9:A7:C4:7D:40"}}},"request":{"raw":"GET /alialoula/usdtbep20.svg HTTP/1.1\r\nHost: usdtbep-mining.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nCookie: XSRF-TOKEN=eyJpdiI6ImJzREFibWxWQ3JrUVJrUUFObXVGYmc9PSIsInZhbHVlIjoiYnN2SHdnNmhqcG5ESkh6OHhVNE01VFd5OTZibjlhVnlKRXY4bTVyMHQ1N0k0cG42aHByUS8zbkdyOUVOclRNYmpJaktmUHI3b2pucitaL3E0REdJM2RaTFYyVVlvSTc1T0lxdVZ1MzFsaFkrUjVWUmhKcGhQSVA1Qy92aDlhMlgiLCJtYWMiOiJmZTM2ZDliZDM1MjUxZDRlOTBkMjRiN2Q1YjQ4YTcyNTA0N2IzNmI1M2FjZGJlMzI5ZjBhMmJmZjEyMGE5YTE0IiwidGFnIjoiIn0%3D; usdtbep_mining_session=eyJpdiI6Imo2QUtpSHFBR2swcjhkaUkzM0VYcGc9PSIsInZhbHVlIjoiTGIrTXlKQmJSMlhPeW85anZUOXpjL1l0NmRYeFR6MG42R2pMclNLWFRSRE1IaU0ybXRLUGRzWnZrb2djRXA0aW04TDRFVEFPdkN6dm9uZ3hRbFhBZ0NyV2hZd0dYSUw0c1FXc1N1VU5sUVB0Vnl6RTRBUkY3Y0JFYWpNWXFyUWgiLCJtYWMiOiI4NDAyNTRkMzhiZDUxMDIwN2YyMzg4ZmI4ZGRiOWIwN2MxOWQwZDNjNmZlMWMwNTg5ZDkwMGQxMTVkZGU0ODQ1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 22 Feb 2026 01:03:15 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 26 Jan 2026 23:49:34 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1123\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2949,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b368c24a7048a724ab71552f0c91722c","sha1":"15d2cfef1737a3964aaaa6d25cc8fe7b38922ce9","sha256":"f39dd31dee5d2783f8b157b76d205dd7bb3c8f7d20265007bbfec42e35be5e07","sha512":"d26ba217ec897cee7d4a0315dc5ae296daf3a655e0a7e9e0cc5ea92a1915badb32101175a93865bdfe0c4efabafa69a859c3a1489e42e5417e4c1ee7b9028ca9","ssdeep":"","tlshash":"c35172c033fce1e982058b294ada6069767330fdf25dce21d7c46e096c5a02f1ce89d5","first_seen":"2025-10-26T12:36:10.079023Z","last_seen":"2026-05-27T01:30:22.768102Z","times_seen":10,"resource_available":false,"data":null}},"time_used":93,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/TON.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/TON.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 4757\r\nlast-modified: Fri, 10 May 2024 13:44:14 GMT\r\netag: \"1295-61819bb308057\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-proxy-cache: EXPIRED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4757,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"dda4df295d289f1c2247a5493eedced0","sha1":"8c0db07b99fa3fef1350b5f7c1991970eada69fb","sha256":"d9f70d27ea6f7a42ce0d7b1aa7d96c94903457dc68901f745d95b130037005f2","sha512":"c3ea2d76185fe0635092e0cee18e3be8ce045d043a97ea8b7ecd44b85c99ec31a70b7d64316c83bb06437e603d759aa730dd649271bfe27fafe73ab36724292a","ssdeep":"96:6SxlT+ghAzUkSk+9N15PkrhFdj9/ohu4tsq5JeDtRwfbmDMgUVtHZio1hW0:6SxbhcUxJorhj9P4vfeDtCbyMJt5vW0","tlshash":"59a17d1b4dc9d26ba583bf44fbe1f5d8783e7f2e2e8f0418a43a615e894303850a4896","first_seen":"2023-05-06T12:03:52Z","last_seen":"2026-05-16T04:17:49.406653Z","times_seen":124,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":195,"dns":0,"connect":0,"send":0,"wait":91,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/LTC.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/LTC.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 35051\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"88eb-5db4aa8fad171\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":35051,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit gray+alpha, non-interlaced","md5":"d77aee66e3eb28bc6c80604d603c84e4","sha1":"9c1582c899d72762dc5e3b733cbc1626d6a9d293","sha256":"b1ca1d2ef0811aef16ec779b8ee77424c5c71379c3f0b7cd5bca245c3f230d28","sha512":"ef79b3c82bf3059f03e0fc8a97e65e4d0a2c138e78b4f1e2e8f843f5853969ce4e634eec203287109412c8295b46ba377b062571d4408b43aa5274a6fdfd90ac","ssdeep":"768:KfFSs5AZzkRDdX9b7R3wp4c6H6da482ZVCzPWJiSt0lKAOHhGQXM:IAxkpXZ6ppda482ZwzPxXTOHhRXM","tlshash":"0bf2e2970e21590b3c277b5704809d58af01a694f5b8c8ecdf2de2f9e548f9c28ac959","first_seen":"2023-11-04T10:00:50Z","last_seen":"2026-05-27T01:30:22.756647Z","times_seen":12,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":189,"dns":0,"connect":0,"send":0,"wait":79,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLBT5Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7632\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 01:04:57 GMT\r\nexpires: Sat, 13 Feb 2027 01:04:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:35:25 GMT\r\ncontent-type: font/woff2\r\nage: 172699\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7632,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7632, version 1.0","md5":"5426bf50c8455aab7a3e89d1138eb969","sha1":"ec0cbbcb4600e691cb24a63451f758727f90a306","sha256":"17ea10196a490a8d3b8da162c7d4af9c301c5229f70af90dad6fa33eb951d83f","sha512":"c80e5e5d2b52b6ac9a67d62d37236fd791c2736d194ea0828b59fb35011d76fb180d76b3fe5789bf62ebc5c5092975bf6e678e619fdb6c1f28a9d692380729d3","ssdeep":"192:ARL1Yg/M1jL06srp5yOoNWxymcaLoNboeuTbEXFgePuCcDozD1:ARL1YgELorpsOKWJcaMduTbEXvP+Dq1","tlshash":"bff1afc30554054bc74daab7dce3bc60056ff49efc11260959e3adc9962a0fa46cb4d5","first_seen":"2023-04-06T18:33:44Z","last_seen":"2026-06-06T12:28:28.013586Z","times_seen":16812,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:16.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"C0:70:82:EC:9D:28:B5:4B:51:02:7A:C7:BE:63:94:B1:DC:64:29:FF","sha256":"5E:E3:2A:C0:F5:10:AE:D1:9D:11:A4:88:D0:66:44:3B:31:B7:05:05:0D:A7:35:66:17:B5:35:88:23:3C:E3:F1"}}},"request":{"raw":"GET /s/poppins/v24/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://usdtbep-mining.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 7748\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 13 Feb 2026 01:01:36 GMT\r\nexpires: Sat, 13 Feb 2027 01:01:36 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 15 Sep 2025 16:36:26 GMT\r\ncontent-type: font/woff2\r\nage: 172900\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 7748, version 1.0","md5":"a09f2fccfee35b7247b08a1a266f0328","sha1":"0da2d17e738f46d2a09e6fb7969da451719a9820","sha256":"cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446","sha512":"5e3f9a298003b84250ec6801e08ad2a4ff8845d4c3e13ea61bec37da24d26ede13b436257882124cc0c27e9a323ba92e7d23c6ad3f48a7b75535f5ed98813a0e","ssdeep":"96:0g6vAF/FXh6MmoI56TEwosGU/DbVF/QBT1gaHEYT6u/w3hXLbJPAS772+6haAftj:zp6x6TYpoDYBJg8TRkbJPAS/2+CzQa7","tlshash":"f3f19de65d1e5e8980f0102f6f6efce767950d88141dadf9a9e72f884c6ba1b04c90cd","first_seen":"2023-04-05T13:48:05Z","last_seen":"2026-06-06T13:09:22.091003Z","times_seen":241287,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-15T01:03:14.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ltc-miner.pro.x2money.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 18:14:50 GMT","end":"Wed, 13 May 2026 18:14:49 GMT"},"fingerprint":{"sha1":"08:0B:25:16:1A:81:9F:20:0C:75:68:11:C4:1A:2A:B6:DA:A4:36:75","sha256":"E5:82:41:E7:E3:5D:CE:B4:53:CF:D2:78:53:1B:F1:3E:82:10:11:18:5B:E2:4C:5A:5C:E3:09:C9:A7:C4:7D:40"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: usdtbep-mining.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/7.4.33\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: max-age=0, must-revalidate, no-cache, no-store, private\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImJzREFibWxWQ3JrUVJrUUFObXVGYmc9PSIsInZhbHVlIjoiYnN2SHdnNmhqcG5ESkh6OHhVNE01VFd5OTZibjlhVnlKRXY4bTVyMHQ1N0k0cG42aHByUS8zbkdyOUVOclRNYmpJaktmUHI3b2pucitaL3E0REdJM2RaTFYyVVlvSTc1T0lxdVZ1MzFsaFkrUjVWUmhKcGhQSVA1Qy92aDlhMlgiLCJtYWMiOiJmZTM2ZDliZDM1MjUxZDRlOTBkMjRiN2Q1YjQ4YTcyNTA0N2IzNmI1M2FjZGJlMzI5ZjBhMmJmZjEyMGE5YTE0IiwidGFnIjoiIn0%3D; expires=Sun, 15-Feb-2026 03:03:15 GMT; Max-Age=7200; path=/; samesite=lax; secure\nusdtbep_mining_session=eyJpdiI6Imo2QUtpSHFBR2swcjhkaUkzM0VYcGc9PSIsInZhbHVlIjoiTGIrTXlKQmJSMlhPeW85anZUOXpjL1l0NmRYeFR6MG42R2pMclNLWFRSRE1IaU0ybXRLUGRzWnZrb2djRXA0aW04TDRFVEFPdkN6dm9uZ3hRbFhBZ0NyV2hZd0dYSUw0c1FXc1N1VU5sUVB0Vnl6RTRBUkY3Y0JFYWpNWXFyUWgiLCJtYWMiOiI4NDAyNTRkMzhiZDUxMDIwN2YyMzg4ZmI4ZGRiOWIwN2MxOWQwZDNjNmZlMWMwNTg5ZDkwMGQxMTVkZGU0ODQ1IiwidGFnIjoiIn0%3D; expires=Sun, 15-Feb-2026 03:03:15 GMT; Max-Age=7200; path=/; httponly; samesite=lax; secure\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Laravel","description":"Laravel is a free, open-source PHP web framework.","website":"https://laravel.com","common_platform_enumeration":"cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:*","icon":"Laravel.svg","categories":["Web frameworks"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jsDelivr","description":"JSDelivr is a free public CDN for open-source projects. It can serve web files directly from the npm registry and GitHub repositories without any configuration.","website":"https://www.jsdelivr.com/","common_platform_enumeration":"","icon":"jsdelivr-icon.svg","categories":["CDN"]},{"name":"Livewire","description":"Livewire is a full-stack Laravel framework for building dynamic interfaces.","website":"https://laravel-livewire.com","common_platform_enumeration":"","icon":"Livewire.svg","categories":["Web frameworks","Miscellaneous"]},{"name":"PHP:7.4.33","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"Popper","description":"Popper is a positioning engine, its purpose is to calculate the position of an element to make it possible to position it near a given reference element.","website":"https://popper.js.org","common_platform_enumeration":"","icon":"Popper.svg","categories":["Miscellaneous"]},{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]}],"data":{"size":67439,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (706)","md5":"3690fa4f3deda982be470ba508974405","sha1":"7ec317558a009fbb2c6f89df6779e06e88913768","sha256":"011eca31e10fef0c9a2997c9a2337cba06db556bf9d9738e248aba0ce94079c4","sha512":"d6800499cdaf791837aeb156a1cc6349382860506273dc17523bb47299843a66fdbee664fd3f01af16d664de39e6cbc7cdf8b02becb5d813434b7ff5ee19e686","ssdeep":"1536:pNSmAptugCClGaGInbUZEk64x560tX531vJKX1lM:p+jX1lM","tlshash":"1863e9641af4192c755b8450bbbb6f1a3368c043dd4fc928b3ed016c5fc5ae8ea63698","first_seen":"2026-02-15T01:03:40.45932Z","last_seen":"2026-02-15T01:03:40.45932Z","times_seen":1,"resource_available":false,"data":null}},"time_used":998,"timings":{"blocked":368,"dns":184,"connect":91,"send":0,"wait":257,"receive":0,"ssl":94},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Poppins:wght@400;500;600;700;800;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.789Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css2?family=Poppins:wght@400;500;600;700;800;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 15 Feb 2026 01:03:15 GMT\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7194,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"da2d9be9be07e13922a9adc44d3933ea","sha1":"c70308c6adf88fba3a38e1ef84dee6c327321fd3","sha256":"12150cdd293412ffa1a6418261ba48c3dd6b33e90c2d32f00a5225b6a398035d","sha512":"996a520edc0e3a51927439f81e91e744d9d8d77cead23d51881e608d59a91b61839aa98a752197419215dadba0dcb527ab90c3ef7c71874a175ca655366173b2","ssdeep":"96:SOEanOEaCJc+ukOEauN3OXa3OXavJc+ukOXaON3OxMacOxMaUJc+ukOxMarN3OpE:lgKQcXr3lVwa3RzJ/apsqiazk","tlshash":"30e1bdd1087be114ab871cc123cf7d36ee1e9255b850e5786bfd0c98adabc254362b2d","first_seen":"2025-09-17T08:42:41.045493Z","last_seen":"2026-06-06T06:25:44.11917Z","times_seen":621,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":128,"dns":0,"connect":10,"send":0,"wait":20,"receive":0,"ssl":133},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/XRP.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/XRP.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 26953\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"6949-5db4aa8fb3ed1\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26953,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"196dd1dbca4f35f7d94a7a4bcb278cab","sha1":"a811211257ba96ca8bc0124595a21900d240dfcc","sha256":"28977720e5025de348232ef111d92d01963394b6394f6054a2a05fba3d6b55ff","sha512":"14d44dff0230445aefc309509ae8f7df070614de999800837069805a7a7e6294b84fde27342472cc7adac6641dfe460f912e1d831801302c3f8795487c93068b","ssdeep":"768:vJp46B53/pwxUfgFEZiYhZrwsC3a5iM3dwN:vJN5sUI8hZrwBfMKN","tlshash":"74c2d1c000697a6dbd517cf9eba7da70916382e49df5481ed282b73ab1b902e04e583c","first_seen":"2026-02-01T02:03:15.351556Z","last_seen":"2026-05-27T01:30:22.767343Z","times_seen":10,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":191,"dns":0,"connect":0,"send":0,"wait":63,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/USDT.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/USDT.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 7545\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"1d79-5db4aa8fb1f91\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nx-proxy-cache: EXPIRED\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":7545,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"0999e5071bc0348f64a88fb78f0b1534","sha1":"27aac841802e3eed43eed323cf154326e293a964","sha256":"a1a1b04e0ee083a22ec046dd4e5a4776cc18600294a8921c57c047d2f84ae01d","sha512":"862fb2d3d4647364b7d332c6bccc88e23089164919ec54b97067e5be6f589fa4a67cfaea12b12cdc875de4a638671e06216cce212d418d9b537ac96013e13663","ssdeep":"192:uFlP1q9shUSJnjhnxU8pDmMf6vFAanPLMDyF:uFzqubTxU8tmMmLPAc","tlshash":"adf1af5521331d7bba6621c753fe890865f5ffed4a0d41b0a3e40e82221c69f6133758","first_seen":"2023-10-13T11:14:41Z","last_seen":"2026-04-18T12:54:02.976313Z","times_seen":8,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":186,"dns":0,"connect":0,"send":0,"wait":104,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.coinpayments.net/images/coins/BNB.png","fqdn":"www.coinpayments.net","domain":"coinpayments.net","tld":"net"},"ip":{"addr":"205.220.231.4","port":443,"asn":396998,"as":"PATH-NETWORK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.coinpayments.net","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Mar 2025 00:00:00 GMT","end":"Sat, 25 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"47:B9:55:8C:8A:BA:EA:85:5E:61:C2:10:BD:2C:21:5F:07:C4:8E:A8","sha256":"77:FB:B8:1B:02:F3:8A:59:09:7B:8B:49:80:4A:06:DD:E8:16:05:0B:AE:AC:23:69:84:E8:8D:FD:F6:88:3C:31"}}},"request":{"raw":"GET /images/coins/BNB.png HTTP/1.1\r\nHost: www.coinpayments.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: openresty\r\ndate: Sun, 15 Feb 2026 01:03:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 875\r\nlast-modified: Mon, 28 Mar 2022 17:29:52 GMT\r\netag: \"36b-5db4aa8fa5471\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 1484\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]}],"data":{"size":875,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"2a2cdbdb604d203380d1ac0ae493d153","sha1":"36bbfa5cbc18fcbfaa31d8bcacdd9958579a0b26","sha256":"1e89607f19cd793e88cf8a4b0ed0840951c370de1eb852f0174af9834b18784b","sha512":"e3f32ad8d38f93cbd2b86677e13f26d34e13518689268c04e004c73553f8f6f9694929f9e2a7edd1c782eb31505e64ee643abb236ce32132adf8a3aabfb57a3b","ssdeep":"","tlshash":"c21163fa5a16dab6a381cb1ada0751046dd98cd09243d2478a344480a520eaabdceb13","first_seen":"2025-11-04T15:15:53.705373Z","last_seen":"2026-05-27T01:30:22.763631Z","times_seen":11,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":188,"dns":0,"connect":0,"send":0,"wait":83,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/assets/themes/frontend/default/vendors/@popperjs/popper.min.js","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.813Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ltc-miner.pro.x2money.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 18:14:50 GMT","end":"Wed, 13 May 2026 18:14:49 GMT"},"fingerprint":{"sha1":"08:0B:25:16:1A:81:9F:20:0C:75:68:11:C4:1A:2A:B6:DA:A4:36:75","sha256":"E5:82:41:E7:E3:5D:CE:B4:53:CF:D2:78:53:1B:F1:3E:82:10:11:18:5B:E2:4C:5A:5C:E3:09:C9:A7:C4:7D:40"}}},"request":{"raw":"GET /assets/themes/frontend/default/vendors/@popperjs/popper.min.js HTTP/1.1\r\nHost: usdtbep-mining.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nCookie: XSRF-TOKEN=eyJpdiI6ImJzREFibWxWQ3JrUVJrUUFObXVGYmc9PSIsInZhbHVlIjoiYnN2SHdnNmhqcG5ESkh6OHhVNE01VFd5OTZibjlhVnlKRXY4bTVyMHQ1N0k0cG42aHByUS8zbkdyOUVOclRNYmpJaktmUHI3b2pucitaL3E0REdJM2RaTFYyVVlvSTc1T0lxdVZ1MzFsaFkrUjVWUmhKcGhQSVA1Qy92aDlhMlgiLCJtYWMiOiJmZTM2ZDliZDM1MjUxZDRlOTBkMjRiN2Q1YjQ4YTcyNTA0N2IzNmI1M2FjZGJlMzI5ZjBhMmJmZjEyMGE5YTE0IiwidGFnIjoiIn0%3D; usdtbep_mining_session=eyJpdiI6Imo2QUtpSHFBR2swcjhkaUkzM0VYcGc9PSIsInZhbHVlIjoiTGIrTXlKQmJSMlhPeW85anZUOXpjL1l0NmRYeFR6MG42R2pMclNLWFRSRE1IaU0ybXRLUGRzWnZrb2djRXA0aW04TDRFVEFPdkN6dm9uZ3hRbFhBZ0NyV2hZd0dYSUw0c1FXc1N1VU5sUVB0Vnl6RTRBUkY3Y0JFYWpNWXFyUWgiLCJtYWMiOiI4NDAyNTRkMzhiZDUxMDIwN2YyMzg4ZmI4ZGRiOWIwN2MxOWQwZDNjNmZlMWMwNTg5ZDkwMGQxMTVkZGU0ODQ1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 17 Jul 2021 19:27:22 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 6434\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":18594,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (18506)","md5":"83e6ef063fa41ff8d8c00956a7cd3fd9","sha1":"8eeb7bf71e8a978b82a1a198015f14d73d2ea592","sha256":"5a07c69f9061eb12e39a031358a4f567f30a002ad6182639ac84fd1bda2f6e65","sha512":"dab363d8a27e0fcb3571e35ab1321ec7acf81d6c8e9c460b542dc58a018e9b240265cd9e0572a03b1426a37a0a2c7c9f723e77bb3e1032c44258d6cb777d90d6","ssdeep":"384:PDzk5KmEpLFd7tRwQZMVwAVfbsnmlHiBnjLU4MSV1Nn1awap1P9Vy8UuZHFh+L4O:NmERLwQZcFVLCBjg4MC1Nn1ip1P9Vy84","tlshash":"5d82c6cd3994f0a1167b52b6c07f550f73339561228ea410b255d6dd2c74ebba22bc3e","first_seen":"2023-03-07T12:03:09Z","last_seen":"2026-06-06T12:33:54.51361Z","times_seen":5267,"resource_available":true,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"usdtbep-mining.click/assets/themes/frontend/default/vendors/bootstrap/bootstrap.min.js","fqdn":"usdtbep-mining.click","domain":"usdtbep-mining.click","tld":"click"},"ip":{"addr":"66.45.253.54","port":443,"asn":19318,"as":"IS-AS-1","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://usdtbep-mining.click/","date":"2026-02-15T01:03:15.814Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.ltc-miner.pro.x2money.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 12 Feb 2026 18:14:50 GMT","end":"Wed, 13 May 2026 18:14:49 GMT"},"fingerprint":{"sha1":"08:0B:25:16:1A:81:9F:20:0C:75:68:11:C4:1A:2A:B6:DA:A4:36:75","sha256":"E5:82:41:E7:E3:5D:CE:B4:53:CF:D2:78:53:1B:F1:3E:82:10:11:18:5B:E2:4C:5A:5C:E3:09:C9:A7:C4:7D:40"}}},"request":{"raw":"GET /assets/themes/frontend/default/vendors/bootstrap/bootstrap.min.js HTTP/1.1\r\nHost: usdtbep-mining.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://usdtbep-mining.click/\r\nCookie: XSRF-TOKEN=eyJpdiI6ImJzREFibWxWQ3JrUVJrUUFObXVGYmc9PSIsInZhbHVlIjoiYnN2SHdnNmhqcG5ESkh6OHhVNE01VFd5OTZibjlhVnlKRXY4bTVyMHQ1N0k0cG42aHByUS8zbkdyOUVOclRNYmpJaktmUHI3b2pucitaL3E0REdJM2RaTFYyVVlvSTc1T0lxdVZ1MzFsaFkrUjVWUmhKcGhQSVA1Qy92aDlhMlgiLCJtYWMiOiJmZTM2ZDliZDM1MjUxZDRlOTBkMjRiN2Q1YjQ4YTcyNTA0N2IzNmI1M2FjZGJlMzI5ZjBhMmJmZjEyMGE5YTE0IiwidGFnIjoiIn0%3D; usdtbep_mining_session=eyJpdiI6Imo2QUtpSHFBR2swcjhkaUkzM0VYcGc9PSIsInZhbHVlIjoiTGIrTXlKQmJSMlhPeW85anZUOXpjL1l0NmRYeFR6MG42R2pMclNLWFRSRE1IaU0ybXRLUGRzWnZrb2djRXA0aW04TDRFVEFPdkN6dm9uZ3hRbFhBZ0NyV2hZd0dYSUw0c1FXc1N1VU5sUVB0Vnl6RTRBUkY3Y0JFYWpNWXFyUWgiLCJtYWMiOiI4NDAyNTRkMzhiZDUxMDIwN2YyMzg4ZmI4ZGRiOWIwN2MxOWQwZDNjNmZlMWMwNTg5ZDkwMGQxMTVkZGU0ODQ1IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Sat, 17 Jul 2021 19:27:22 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 15427\r\ndate: Sun, 15 Feb 2026 01:03:15 GMT\r\nserver: LiteSpeed\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":60091,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (59812)","md5":"b5730588db13e71c65bdb1d234089260","sha1":"282209ef6065e8451a5623c1b208d256d7b14c27","sha256":"77e1728245a0c2de7d0859163ee081e1113aa75fd6894602cb5eb0d7e739bca9","sha512":"10a596b3565c036658f656cb2123f3f1a191dbe2fb25562a040613ab90178019128d14ae4041aa5b1f11d73017d7a29d5cf6828ce09a284f0c0a9534c1c1e51c","ssdeep":"768:Gs1FOa1EatDEOyStIzhgAQD/BExN8TVO3cQodO6/2Vm7MTRAxmYIZ9tFepWOgdJK:G9i5G/M+ThF6n","tlshash":"9a43b45a3258b87309de44a68076470bf7255d94b047812cb9bdacee1b3dc8272b7f78","first_seen":"2023-03-07T12:10:18Z","last_seen":"2026-06-06T10:30:38.066799Z","times_seen":12638,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-15","alert":"Sinkholed","trigger":"usdtbep-mining.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}