{"report_id":"dc9010b2-63b1-4d16-9fc9-4db0f3a8199a","version":6,"status":"done","tags":["suspicious"],"date":"2026-06-07T00:06:12Z","url":{"schema":"http","addr":"check.quicktent.org","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":0,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"final":{"url":{"schema":"https","addr":"check.quicktent.org/qr/?tenant=check","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"title":"Transfer Trust Wallet","dom":{"size":5499,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (392)","md5":"a81c8b40cbb73c5a009cf90c00892bd9","sha1":"3bb281d235a121b284135dc6d0e2f4b289357a04","sha256":"992ef00ab01eb6ad149ec8106fff38458ca3106da32d319af11f798bd33a95cc","sha512":"95ccfc21d3e51677b7f5b51c7c559c6852242a609bd2c12896f18de67d33f4e6100dfb86d011ad2e2d6256143793210fcb8f9bcb03f961347e63d909aa5b605e","ssdeep":"96:3dv7h9NqO3uuau9WCWaJ9mkow/LqA36R6LIfkgIfkmvEqVO4MPmJtDbuk:3dv7jNq8uuau9WCWaJAkow/LuEL5eatN","tlshash":"f9b1d722f8e11f6ea00387e66ae6b03fba24e507c20f995c75dc51a15fc7d99dda3108","dom_hash":"domhash5c16fb52f53d60d611d7ac3bf435deb9","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"check.quicktent.org","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":0,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-12T00:06:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":2,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-07","alert":"Detects file containing Telegram Bot API","trigger":"check.quicktent.org/qr/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"check.quicktent.org","ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"domain_registered":"2026-05-26","domain_rank":0,"first_seen":"2026-06-07T00:06:13.941125Z","last_seen":"2026-06-07T00:06:13.941125Z","alert_count":2,"request_count":9,"received_data":77554,"sent_data":4186,"comment":"","tags":null,"fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]},{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2026-05-31T22:42:17.707694Z","alert_count":0,"request_count":1,"received_data":761324,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"check.quicktent.org/qr/runtime-config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"78efc188c8f3eef19d5085d416f1d091","sha1":"e046d389663af9b5e512c3261403d9bb5655208b","sha256":"9eed7cc17417da470516554cc7ec7dd87ab243354de982628c0d68539877b092","sha512":"2dbd852d801726d1bd2a6dc3e3080973b83b37c46edbd24eeec1445916dbb876478fbc5b10f83a40816ac52c02b9912ff981417c01c8c20ec5ff6dddbc377308","ssdeep":"96:jeWTE8yxd5ED2E7ECfawzwk2w0swNOUy2sscBcfZYdH2jojwegS4c:dIZd5ED2eZokjgGAkccWBe9R","tlshash":"e7a196995ed37031493ba06d536fa654b8166213110bd80cbd8c9304ffb99678ebaee8","size":5006,"data":"","first_seen":"2026-05-30T00:07:31.165475Z","last_seen":"2026-06-13T04:20:11.621355Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","size":760171,"data":"","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-06-13T05:44:22.764626Z","times_seen":3604,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"1dd0dea023477f66456c09eb71c1d2e2","sha1":"e1896ffda97e5271ff467c3974d9cb407fdf52ee","sha256":"8928269a34fc6b6f87c30371c6f1be80a8e8e037e722f7e2aec42e572b734557","sha512":"ec3c0d13316e29fb950b832befc46f0d8e8e1d17766242cf62100052e176d8b5845e3d3b3e285a557bc5b99782a47b05b9ca4ae6fa5d7b872b2f2916adc29b11","ssdeep":"","tlshash":"8121ccfb0fb579620c090067cb897a25224255377a04f405fc1faa563feca72a670dc4","size":1373,"data":"","first_seen":"2026-05-30T00:07:31.175403Z","last_seen":"2026-06-13T04:20:11.624553Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/main.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"560e30584e09d550ffcc15ae1eb20d3b","sha1":"4d8025084a20b7db2e0893d1bf3c630eb6c14a5d","sha256":"4a99576646f10d636d2cf24694de9a101e56ae87abeb6733c008aa5626fde55d","sha512":"8e960253226a6b3d28cccdeca31d60f6df07425c58cbae71679d2324a82f2a95d1e5d17c76b7e4e158313b282e653fcd66b116eef5bf8332f93755a29b0d0b4c","ssdeep":"192:YUPLkViUWgCGoCY7f4ycxmr1cgpXekB3fn9Ds5vwIAlQ3v0qBI5p6MxwShCXp13:jPLkVMraIy51zIdUz","tlshash":"0d82e96e16777020046760a96bcb3120307791273a15eca0769e83936f5ec2eadf3bdd","size":18772,"data":"","first_seen":"2026-06-07T00:06:17.741658Z","last_seen":"2026-06-13T04:20:11.622895Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-07","alert":"Detects file containing Telegram Bot API","trigger":"check.quicktent.org/qr/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/api-config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"b004d6212a23fcca2aa8472d1755106a","sha1":"37e98b93dfc2186e405beae37b05f660215b26a3","sha256":"398a67fe3adae0fcdf575a2e9ae8cc1b148d11678a7b5795fb63cbb92ca4b25e","sha512":"300229e9680abdd0eac0046af7f0e3286f2165fe87d0f50af4a6f12724d9e21c0a87e16a0cff524fe6be3679dbafc343e9fb6d6dfbea7771d561d26d332aa1d2","ssdeep":"","tlshash":"672114af9882618609259361860f4d13256f956f112fca03bfac465a2f0c33f231a7f8","size":1240,"data":"","first_seen":"2026-05-30T00:07:31.161209Z","last_seen":"2026-06-13T04:20:11.620689Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"748e04cf20013377941f08c805bac3f8","sha1":"05b80dd14477cb1372c499f4928ed568170bdfa9","sha256":"c39af6150dcc526a36aeb4fc1d9eabff58dadc0669b5d069e27c861e33c51aab","sha512":"66afc0b86c400532afee3c3a35c1dbba945e809c6ea435b182c79911117e6e74ff58e1ff8f6ab7556dcc32d17864cb8efc70d5f6642be7b659a748a96a84e17d","ssdeep":"","tlshash":"8df0dc353d8150b70e234801425f2924b55197370e35c351b64c018b3f9a81726aaefd","size":476,"data":"","first_seen":"2026-05-30T00:07:31.181097Z","last_seen":"2026-06-07T00:07:23.905966Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"0815e7dafea73ef8496a4e7c52bfff38","sha1":"07d42545d076232101192c77bffbb906f59973b2","sha256":"fb00f70fba55e19c1a2a78134b17aa56c3ca1163841b7dde82175018503c67cd","sha512":"1f460bc493f73e457c5635f1be52048ee925111353c6d74e5f7012bccc0ee973d0a884a3eb8f67973da8ff3ab8d13e85774660e9db48404ec08accb903f848b9","ssdeep":"","tlshash":"3e11218d4c4270939965e31f5f8f9b0433b209a702cbd1067ecce619afe520e526a2e8","size":1110,"data":"","first_seen":"2026-05-30T00:07:31.183078Z","last_seen":"2026-06-07T00:07:23.906948Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/api-config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":false,"md5":"b004d6212a23fcca2aa8472d1755106a","sha1":"37e98b93dfc2186e405beae37b05f660215b26a3","sha256":"398a67fe3adae0fcdf575a2e9ae8cc1b148d11678a7b5795fb63cbb92ca4b25e","sha512":"300229e9680abdd0eac0046af7f0e3286f2165fe87d0f50af4a6f12724d9e21c0a87e16a0cff524fe6be3679dbafc343e9fb6d6dfbea7771d561d26d332aa1d2","ssdeep":"","tlshash":"672114af9882618609259361860f4d13256f956f112fca03bfac465a2f0c33f231a7f8","size":1240,"data":"","first_seen":"2026-05-30T00:07:31.161209Z","last_seen":"2026-06-13T04:20:11.620689Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/?tenant=check","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"introduction_type":"scriptElement","is_inline":true,"md5":"4436be55e435cdb4ce98fb721a4df4b1","sha1":"80be671b3a4a1cf8a12217a5ff787935373605df","sha256":"b420646d06a9bb2ebfd720cd33e1f35f7b7fd470a7d59b08f5271183ccded372","sha512":"c31b409f5eb10c447d267733eeecaa909e0c4ed2b17a46f7d81d1105edfbed7a0e574c32627768d5c01f93bb0f5d98a9c2829aef5c949ed3530558bb845cad1f","ssdeep":"","tlshash":"06c012597020696604ce787d4ccf088ebe269412a20849c99ddcd8547fb2e6c42e484c","size":192,"data":"","first_seen":"2025-09-07T13:20:24.46413Z","last_seen":"2026-06-07T04:15:54.83152Z","times_seen":94,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"check.quicktent.org/qr/config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:52.398Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /qr/config.js HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"disqcy6ectmp125-gzip\"\r\nlast-modified: Tue, 26 May 2026 15:57:24 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 670\r\ndate: Sun, 07 Jun 2026 00:05:52 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":1373,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"1dd0dea023477f66456c09eb71c1d2e2","sha1":"e1896ffda97e5271ff467c3974d9cb407fdf52ee","sha256":"8928269a34fc6b6f87c30371c6f1be80a8e8e037e722f7e2aec42e572b734557","sha512":"ec3c0d13316e29fb950b832befc46f0d8e8e1d17766242cf62100052e176d8b5845e3d3b3e285a557bc5b99782a47b05b9ca4ae6fa5d7b872b2f2916adc29b11","ssdeep":"","tlshash":"8121ccfb0fb579620c090067cb897a25224255377a04f405fc1faa563feca72a670dc4","first_seen":"2026-05-30T00:07:31.175403Z","last_seen":"2026-06-13T04:20:11.624553Z","times_seen":5,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/?tenant=check","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-07T00:05:51.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /qr/?tenant=check HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\netag: \"disqcy6ectmp8jw-gzip\"\r\nlast-modified: Tue, 26 May 2026 15:57:24 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 2365\r\ndate: Sun, 07 Jun 2026 00:05:51 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":11084,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"1688d3ec55d7bd115a703f299fa7bd4b","sha1":"dab6ca4effd45e52c3359d2d6871d4778ac3162e","sha256":"1a4d1ffb8b59b465a17a2c8c9f9584aa18271372e357f16e0604429fd0a9a6e7","sha512":"f4d61e3950a150ac1f554903708184927aa02cafa9b03090f8999d5494cbf67d83feb25cb11d6a22a0ef2fe2adf36fe31838a722d521b05309c0abc0a7c7c749","ssdeep":"192:8x4NaQl76LSeyLZS+UQU12U1HxLZ9IUSDWgz:Y5+/ZzUQU12U1tZSUSSC","tlshash":"6c3280032beb0104f1b6af59a97615620e7bbd521838cd5c11ac2e4d8fe3f529861fb7","first_seen":"2026-05-08T08:33:53.047061Z","last_seen":"2026-06-13T04:20:11.618024Z","times_seen":11,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/api-config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:51.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /api-config.js HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"ditg80dopmnbyg-gzip\"\r\nlast-modified: Wed, 27 May 2026 12:13:26 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 632\r\ndate: Sun, 07 Jun 2026 00:05:51 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":1240,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"b004d6212a23fcca2aa8472d1755106a","sha1":"37e98b93dfc2186e405beae37b05f660215b26a3","sha256":"398a67fe3adae0fcdf575a2e9ae8cc1b148d11678a7b5795fb63cbb92ca4b25e","sha512":"300229e9680abdd0eac0046af7f0e3286f2165fe87d0f50af4a6f12724d9e21c0a87e16a0cff524fe6be3679dbafc343e9fb6d6dfbea7771d561d26d332aa1d2","ssdeep":"","tlshash":"672114af9882618609259361860f4d13256f956f112fca03bfac465a2f0c33f231a7f8","first_seen":"2026-05-30T00:07:31.161209Z","last_seen":"2026-06-13T04:20:11.620689Z","times_seen":8,"resource_available":true,"data":null}},"time_used":57,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/ethers@5.7.2/dist/ethers.umd.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"104.17.207.5","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:51.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jsdelivr.net","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Wed, 22 Apr 2026 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"65:D9:C4:7E:04:4C:FD:DD:60:E0:CC:18:B5:B7:01:68:B4:2D:C7:34","sha256":"50:6C:A4:F6:ED:74:C7:E9:68:DB:32:56:5A:68:4C:98:ED:01:28:36:F8:13:BA:CC:19:A7:FD:7A:0A:6E:E7:D4"}}},"request":{"raw":"GET /npm/ethers@5.7.2/dist/ethers.umd.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Jun 2026 00:05:51 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 168432\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-jsd-version: 5.7.2\r\nx-jsd-version-type: version\r\netag: W/\"b996b-tlFUVYf2JXNF3D3p3apESxDe3z4\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nx-served-by: cache-fra-etou8220026-FRA, cache-bma-essb1270058-BMA\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.01,\"max_age\":604800}\r\nage: 1865403\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RB7l%2FzLsQloTAwcofTYIs%2Bb4V84Rvyd5o5IDOry0%2FaPpDZ2UtZEP4iiHqRA7DWDjzLZJcwfdTJPNJEvICNFsG9CTbHG%2FOhXlj3b2Q3xAtg3hAQMurkIx1pZydv429HPtLLQ%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: a07b68563f7fb509-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":760171,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"71f8c498e792c6179d4e2840228f777a","sha1":"b651545587f6257345dc3de9ddaa444b10dedf3e","sha256":"a66293a6a2bb4dee061a68612be0be3c5c0ab7e4068ab8d98a4a357baf664c73","sha512":"14371563e83bbdce425c035bad34a0d4ae6a2f2ae20ac183602134d8b8b5b5711874d40fbcb3c7344fab4f63237a2f0dedf65b7b458b870dbb8f64ab191a5d32","ssdeep":"12288:TfamYTKkkAJs8P+H8Xb2F/nNuwEYtnob6qQr:TfjkhPaNnN9EYtwo","tlshash":"35f43b80b3b1b0b583c729a4143f6046f63af46a505840a8f659faf279f9d4c957bb3c","first_seen":"2023-03-13T00:48:53Z","last_seen":"2026-06-13T05:44:22.764626Z","times_seen":3604,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":12,"dns":2,"connect":1,"send":0,"wait":6,"receive":10,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/main.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:52.609Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /qr/main.js HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"disqcy6ectmpehg-gzip\"\r\nlast-modified: Tue, 26 May 2026 15:57:24 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ndate: Sun, 07 Jun 2026 00:05:52 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":18772,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"560e30584e09d550ffcc15ae1eb20d3b","sha1":"4d8025084a20b7db2e0893d1bf3c630eb6c14a5d","sha256":"4a99576646f10d636d2cf24694de9a101e56ae87abeb6733c008aa5626fde55d","sha512":"8e960253226a6b3d28cccdeca31d60f6df07425c58cbae71679d2324a82f2a95d1e5d17c76b7e4e158313b282e653fcd66b116eef5bf8332f93755a29b0d0b4c","ssdeep":"192:YUPLkViUWgCGoCY7f4ycxmr1cgpXekB3fn9Ds5vwIAlQ3v0qBI5p6MxwShCXp13:jPLkVMraIy51zIdUz","tlshash":"0d82e96e16777020046760a96bcb3120307791273a15eca0769e83936f5ec2eadf3bdd","first_seen":"2026-06-07T00:06:17.741658Z","last_seen":"2026-06-13T04:20:11.622895Z","times_seen":3,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-06-07","alert":"Detects file containing Telegram Bot API","trigger":"check.quicktent.org/qr/main.js","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"rectifyq","date":"2024-09-07","description":"Detects file containing Telegram Bot API","rule":"telegram_bot_api","yarahub_author_twitter":"@_rectifyq","yarahub_license":"CC0 1.0","yarahub_reference_md5":"9DA48D34DC999B4E05E0C6716A3B3B83","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58c9e4fe-d1e9-46ed-913c-dba943ac16d6"}}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Suspicious Javascript code","verdict":"suspicious","severity":"medium","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"check.quicktent.org/","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-06-07T00:05:51.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\netag: \"ditmppjaqt3k6yd-gzip\"\r\nlast-modified: Wed, 27 May 2026 17:18:39 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 2878\r\ndate: Sun, 07 Jun 2026 00:05:51 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":9013,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"f722161788617f9584185113a7ae18b0","sha1":"8fd468c70e0e5138efdd770f894dfb719d8fa32d","sha256":"0f53acfaa6b9494939e7ef07d2a6984c8a702f08f7dbb1e8af0d623ed5009b24","sha512":"ced12f6e8e9acb6b65eb6a1516bec74b02721fab4bc91ea4c34bbdca54735cef0527e24395837c6076b04c6c8e0492318da31baa486931b6e455273299cbfc69","ssdeep":"192:vW0I4kpDaRfbDvvDT2cTZXyXCDWeNosJDTbTZYRDfAHfYgz8p4/Yn8yBfkFhHcYC:vA46Yf2h0RZW2ggA4+fdYC","tlshash":"7e02d6668cd35133193be23e576fa204793ad52b010bde047f4c83199fe4a2643a2eec","first_seen":"2026-05-30T00:07:31.158313Z","last_seen":"2026-06-13T04:20:11.617311Z","times_seen":4,"resource_available":true,"data":null}},"time_used":420,"timings":{"blocked":181,"dns":61,"connect":53,"send":0,"wait":57,"receive":1,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/style.css","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:51.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /qr/style.css HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/css; charset=utf-8\r\netag: \"disqcy6ectmpbz7-gzip\"\r\nlast-modified: Tue, 26 May 2026 15:57:24 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 3792\r\ndate: Sun, 07 Jun 2026 00:05:51 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":15523,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"c08b10bbeabba2693f4d5800ec5a3fe2","sha1":"d8341820a7e65309f8a9472d6a6c17c84d606108","sha256":"93aa890a0c8ce70af27f673f8270abadd24e076d09b7c5b6b588d4bd60f83e88","sha512":"0300c2c97f35a85dd2591bd9f7fd9816e6bbab240a2808abb69885016851aee68f2e1ee011d5cfb73032d95e85e94ea0c53dde024a0c6cd032fa38e2b58c5116","ssdeep":"192:wDn4DUDn4D1ZgNHuECW1IJPLJvnCxvDRHsfHyzvBt2pPOOIjyxPhPLsXj2VE3Io0:J11WJQONyNtsm","tlshash":"5662655956b34c016d2a44feb3de7747b23b80cbde2eeda9b7c511048fc51a159c2b88","first_seen":"2026-03-01T02:47:58.32943Z","last_seen":"2026-06-13T04:20:11.619558Z","times_seen":13,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/runtime-config.js","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:51.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /qr/runtime-config.js HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/javascript; charset=utf-8\r\netag: \"disqcy6ectmp3v2-gzip\"\r\nlast-modified: Tue, 26 May 2026 15:57:24 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 1843\r\ndate: Sun, 07 Jun 2026 00:05:51 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":5006,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"78efc188c8f3eef19d5085d416f1d091","sha1":"e046d389663af9b5e512c3261403d9bb5655208b","sha256":"9eed7cc17417da470516554cc7ec7dd87ab243354de982628c0d68539877b092","sha512":"2dbd852d801726d1bd2a6dc3e3080973b83b37c46edbd24eeec1445916dbb876478fbc5b10f83a40816ac52c02b9912ff981417c01c8c20ec5ff6dddbc377308","ssdeep":"96:jeWTE8yxd5ED2E7ECfawzwk2w0swNOUy2sscBcfZYdH2jojwegS4c:dIZd5ED2eZokjgGAkccWBe9R","tlshash":"e7a196995ed37031493ba06d536fa654b8166213110bd80cbd8c9304ffb99678ebaee8","first_seen":"2026-05-30T00:07:31.165475Z","last_seen":"2026-06-13T04:20:11.621355Z","times_seen":6,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/api/tenant-config","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:51.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /api/tenant-config HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nX-Tenant-Slug: check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncf-cache-status: DYNAMIC\r\ncf-ray: a07b68581b821866-KIV\r\ncontent-encoding: br\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: same-origin\r\ndate: Sun, 07 Jun 2026 00:05:52 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: strict-origin-when-cross-origin, no-referrer\r\nrndr-id: 7ea47d6e-f6fd-471d\r\nserver: cloudflare\r\nstrict-transport-security: max-age=15552000; includeSubDomains\r\nvary: Accept-Encoding\r\nvia: 2.0 Caddy\r\nx-content-type-options: nosniff, nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-ratelimit-limit: 120\r\nx-ratelimit-remaining: 119\r\nx-ratelimit-reset: 60\r\nx-render-origin-server: Render\r\nx-xss-protection: 0\r\ncontent-length: 280\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Render","description":"Render is a cloud computing platform that provides a wide range of services, including web hosting, cloud computing, and application development. Render offers several hosting options, including static site hosting, web application hosting, and managed databases.","website":"https://render.com","common_platform_enumeration":"","icon":"Render.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":403,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"79bd7e1ddde46bbe8ca1b775fa8ed7f5","sha1":"3d901985198c02c154abeb421dfef1184016581c","sha256":"f6e02d8e1eec0c542577340ee8f8470a292bd7552d5b9d862152403ade840db8","sha512":"9262ee868b14c0c6a4541ca906c67f08901f6eb2010f24812899fad8165ab92fefdbabedeb9306671d33d7bf12c5b44e9a2eb35b242e81cebbef37d2877052f7","ssdeep":"","tlshash":"59e0ab7f23a8e4229b8023c850ada9b880da5a84dd2cd423541feb13a5bc823080311a","first_seen":"2026-06-07T00:06:17.748769Z","last_seen":"2026-06-07T00:07:23.902187Z","times_seen":2,"resource_available":false,"data":null}},"time_used":389,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":388,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"check.quicktent.org/qr/favicon.ico","fqdn":"check.quicktent.org","domain":"quicktent.org","tld":"org"},"ip":{"addr":"91.229.239.28","port":443,"asn":200019,"as":"Alexhost Srl","country":"Moldova","country_code":"MD"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://check.quicktent.org/qr/?tenant=check","date":"2026-06-07T00:05:52.084Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"check.quicktent.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 May 2026 10:45:04 GMT","end":"Tue, 25 Aug 2026 10:45:03 GMT"},"fingerprint":{"sha1":"A0:0B:2F:9A:06:6C:E1:E8:83:78:E6:B0:F4:E8:E1:C8:ED:AA:6F:5C","sha256":"2F:0C:EC:D4:9F:34:D4:B4:9F:0F:70:AF:26:49:28:BE:86:AF:86:C0:CB:5E:60:BB:F2:A9:47:27:82:DF:B3:D6"}}},"request":{"raw":"GET /qr/favicon.ico HTTP/1.1\r\nHost: check.quicktent.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://check.quicktent.org/qr/?tenant=check\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nalt-svc: h3=\":443\"; ma=2592000\r\ncontent-encoding: gzip\r\ncontent-type: text/html; charset=utf-8\r\netag: \"disqcy6ectmp8jw-gzip\"\r\nlast-modified: Tue, 26 May 2026 15:57:24 GMT\r\nreferrer-policy: strict-origin-when-cross-origin\r\nserver: Caddy\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\ncontent-length: 2365\r\ndate: Sun, 07 Jun 2026 00:05:52 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":11084,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"data","md5":"1688d3ec55d7bd115a703f299fa7bd4b","sha1":"dab6ca4effd45e52c3359d2d6871d4778ac3162e","sha256":"1a4d1ffb8b59b465a17a2c8c9f9584aa18271372e357f16e0604429fd0a9a6e7","sha512":"f4d61e3950a150ac1f554903708184927aa02cafa9b03090f8999d5494cbf67d83feb25cb11d6a22a0ef2fe2adf36fe31838a722d521b05309c0abc0a7c7c749","ssdeep":"192:8x4NaQl76LSeyLZS+UQU12U1HxLZ9IUSDWgz:Y5+/ZzUQU12U1tZSUSSC","tlshash":"6c3280032beb0104f1b6af59a97615620e7bbd521838cd5c11ac2e4d8fe3f529861fb7","first_seen":"2026-05-08T08:33:53.047061Z","last_seen":"2026-06-13T04:20:11.618024Z","times_seen":11,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}