{"report_id":"de8bd88f-2188-4d26-8313-31f55f95b198","version":6,"status":"done","tags":[],"date":"2026-02-20T23:29:07Z","url":{"schema":"https","addr":"mvswap.online/","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":0,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"final":{"url":{"schema":"https","addr":"mvswap.online/","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"title":"MVSWAP – Buy USDT in Maldives","dom":{"size":27701,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14767)","md5":"2447e5838648c106ef2132982bb1cbaf","sha1":"72c6c31b75958bc94d4b8de6ae240909b7bac4be","sha256":"e49487a2c57b98428cecaba226cd9d3f043f2ff5e4a78ea79b2f34461a673b6e","sha512":"8afd601c9a148360d4e44a316b15dcaba47dcc662a2126250cf42fab45578085c72fdb08803658e28ec8ad9b3a7a1bc209bb7faa08ed3c61afed9b29b3683c7f","ssdeep":"768:tVMsnB7cxksc64Jysq7vG9BM91SioWVeDbdjdEdJ2F+dlOxqDeW:tmXx/c64Jysq7vOvW25Rw8Fo","tlshash":"c5c2b651710c127c6d2f9ba9fac4a33c9025f542eea7442af21d0096d7c3ff529bab94","dom_hash":"domhashe5a856503384184ebbd3a45e373e3fb1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"mvswap.online/","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":0,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-27T23:29:07Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"mvswap.online","ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":6,"received_data":1239860,"sent_data":2737,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mvswap.online/~flock.js","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"ed557a78d5301fbb961abfe911a42b62","sha1":"d11a2a4e9fee28c4b1abc38cd8136bffec7e325b","sha256":"a86e084b4f82709814be6c15fd6305daa783fda87ad95402da9a4d3a1dd6d748","sha512":"18dd1525e2b4d89e3c46d92367fca020cf99fb07856acfd96a25dc7410611eea83b438c91691683983495945eb04a9427bc63e2a383cbe93449f4df0eb1ddb51","ssdeep":"384:FtUCBXTpeaFEo5TTThri1t/mCsOCXiTNZruJ4vKFlcEhRCDxOcX/YM2Vybyq/kmt:n7XTpeauI/Thri1CKWM4ldRzurwkTO0D","tlshash":"cea2b6d61007243d57ead1a13929f7d63177ea98a0caec8a7de91f84d414c83f3f294a","size":21296,"data":"","first_seen":"2025-07-30T15:25:28.733337Z","last_seen":"2026-06-06T21:15:35.449874Z","times_seen":10069,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mvswap.online/assets/index-IyBjEblS.js","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"introduction_type":"scriptElement","is_inline":false,"md5":"e74c9a3ae9e1587fcb1dcd8d72efe00e","sha1":"83f9293ad46da53110957a75d4d1ba0a9e9ae419","sha256":"14e35430030930b2ad2aa79abb314eaf8ba3f8ec34de842031af07783b619c8d","sha512":"a81dc324206af9ad689d6d6a8577b836ce31a5f164f492c8b5e5ecf157e64246c8abba20bd63b53add5cb1c5a62c46f6ce5aff8ff1f21393b7706edc5e534d1b","ssdeep":"24576:hx9ebHJ+dkCZhGrIuzSu4L1Lgw9QFn3QjdhxHrBdMy:hx9ebHJ+dkCZhGrIeSu4L6xnqdhxLBuy","tlshash":"e0355bc87196f5b94ba345f1403f5107f23d2915a85e8460f27dd8ea3eb480aa237fb9","size":1125039,"data":"","first_seen":"2026-02-20T23:29:13.207296Z","last_seen":"2026-02-20T23:31:20.472479Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"mvswap.online/assets/index-IyBjEblS.js","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mvswap.online/","date":"2026-02-20T23:28:46.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mvswap.online","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Feb 2026 19:58:11 GMT","end":"Tue, 19 May 2026 19:58:10 GMT"},"fingerprint":{"sha1":"E1:6B:2B:C1:04:66:A1:69:C0:01:9E:BA:C0:C0:69:9A:51:5A:00:1A","sha256":"02:7F:A9:2F:14:31:D3:B9:BD:03:7E:35:C2:FD:EF:14:87:41:21:B6:82:09:33:DC:94:15:FD:86:F7:20:BB:05"}}},"request":{"raw":"GET /assets/index-IyBjEblS.js HTTP/1.1\r\nHost: mvswap.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mvswap.online/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 23:28:46 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nset-cookie: __cf_bm=xPYipriNfr4ATlPzYKesb7Onb0csGVjTBOMXtEzhfh4-1771630126.6789193-1.0.1.1-OO6T02yjSMNjmXwm.wJPBgHRpexidXIl3CZE3ViEk4wVefeIg1.F4_KM6ywssspaT52qkNBO.WpRLwe7vlkFdVwxisrsRWm4O15Wv0nU2lzuAvv0.Y_nPtrpqVFv9suu; HttpOnly; Secure; Path=/; Domain=lovable.app; Expires=Fri, 20 Feb 2026 23:58:46 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\netag: W/\"e74c9a3ae9e1587fcb1dcd8d72efe00e\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9d11c843bffd0883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1125039,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (37534)","md5":"1663aa8b807ca68cc4e6ea24d749e1ee","sha1":"fba2aad953a81f8d5830df0da03187b53207a1c2","sha256":"f50224e327589bb0b166bc4521242ca9b6307c9251fbdf83e61541f84ffed931","sha512":"a9aee669d17f43057916cc9bf9a6013995b677ab716509183eeee62c1396b17e4d00c676416f0f2ac75626147bbf329edd6fdbe54bb867cde9565a6bddae1f4f","ssdeep":"24576:hx9ebHJ+dkCZhGrIuzSu4L1Lgw9QFn3QjdhxHrBb:hx9ebHJ+dkCZhGrIeSu4L6xnqdhxLBb","tlshash":"e6255bc87296f0b647a351b1403f1107f23c2915a85e9460f27eddea3eb490a927bf79","first_seen":"2026-02-20T23:29:13.2013Z","last_seen":"2026-02-20T23:31:20.466682Z","times_seen":2,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mvswap.online/assets/index-C2ZFcDQC.css","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mvswap.online/","date":"2026-02-20T23:28:46.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mvswap.online","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Feb 2026 19:58:11 GMT","end":"Tue, 19 May 2026 19:58:10 GMT"},"fingerprint":{"sha1":"E1:6B:2B:C1:04:66:A1:69:C0:01:9E:BA:C0:C0:69:9A:51:5A:00:1A","sha256":"02:7F:A9:2F:14:31:D3:B9:BD:03:7E:35:C2:FD:EF:14:87:41:21:B6:82:09:33:DC:94:15:FD:86:F7:20:BB:05"}}},"request":{"raw":"GET /assets/index-C2ZFcDQC.css HTTP/1.1\r\nHost: mvswap.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mvswap.online/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 23:28:46 GMT\r\ncontent-type: text/css; charset=utf-8\r\nset-cookie: __cf_bm=Y_gjuLttCDtctmEQXkI.ZEsX0FGPqKau.yiOiqePcZQ-1771630126.6794517-1.0.1.1-9tH14ByqYwHlwX7e2Suen90NeVGUfbXd1ACduMn6b499V1pyzDHJuM5UIt.sAiASmspaLW8W7vxDmNVKInuC_ykjEXCwJQPbVAEOD2eHUzqNkL.N7ordDeX1grcVWnVm; HttpOnly; Secure; Path=/; Domain=lovable.app; Expires=Fri, 20 Feb 2026 23:58:46 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\netag: W/\"562e5bded3d7ff6ca872fc1a14c9c91c\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9d11c843bfff0883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":67572,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"562e5bded3d7ff6ca872fc1a14c9c91c","sha1":"eebe25b955709674a005a0edcb6b5517fe4d86fa","sha256":"e3d63a1a50fb85a1c9afb11cedf7161851fe907619c777bc25c7273780119a87","sha512":"f48c49eedae75e72e4cf8fdd6c5460e4534b88f7b22a4fc2abd70df4631d04db35c060b2012b95c6e863af23fc58fa31e81480e9d64c42d2b7daf6eb25ca9835","ssdeep":"1536:2hPJWVBXkI2UutGPCr378VQZkt5FNCodf:2hPJWnkI2UutGPCr378VQZkt5Ffdf","tlshash":"2c637619b919a17e3c2790e883dcb9ec610ef0c0de3a06b5be9a41215bc37f61db7554","first_seen":"2026-02-20T23:29:13.202791Z","last_seen":"2026-02-20T23:31:20.469378Z","times_seen":2,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mvswap.online/~flock.js","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mvswap.online/","date":"2026-02-20T23:28:46.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mvswap.online","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Feb 2026 19:58:11 GMT","end":"Tue, 19 May 2026 19:58:10 GMT"},"fingerprint":{"sha1":"E1:6B:2B:C1:04:66:A1:69:C0:01:9E:BA:C0:C0:69:9A:51:5A:00:1A","sha256":"02:7F:A9:2F:14:31:D3:B9:BD:03:7E:35:C2:FD:EF:14:87:41:21:B6:82:09:33:DC:94:15:FD:86:F7:20:BB:05"}}},"request":{"raw":"GET /~flock.js HTTP/1.1\r\nHost: mvswap.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mvswap.online/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 23:28:46 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncache-control: max-age=1500\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nset-cookie: __cf_bm=LEQTRRDtTU6GBHcAuz.WSC_CDt9srb77UHLhiDITMhA-1771630126.680267-1.0.1.1-_iKFFeOUgw8.K9qTyMxrGdtpeymacHElzXVObCg3LOAM1lF.2O7cT6zFwOSCEnlZJkp1.pUJP40tky_6qbnW.r3Snf0wYWrAba0uahm8I26auhynBt17L7yWPi_BvB7W; HttpOnly; Secure; Path=/; Domain=lovable.app; Expires=Fri, 20 Feb 2026 23:58:46 GMT\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9d11c843b8090883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":21296,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (21296), with no line terminators","md5":"ed557a78d5301fbb961abfe911a42b62","sha1":"d11a2a4e9fee28c4b1abc38cd8136bffec7e325b","sha256":"a86e084b4f82709814be6c15fd6305daa783fda87ad95402da9a4d3a1dd6d748","sha512":"18dd1525e2b4d89e3c46d92367fca020cf99fb07856acfd96a25dc7410611eea83b438c91691683983495945eb04a9427bc63e2a383cbe93449f4df0eb1ddb51","ssdeep":"384:FtUCBXTpeaFEo5TTThri1t/mCsOCXiTNZruJ4vKFlcEhRCDxOcX/YM2Vybyq/kmt:n7XTpeauI/Thri1CKWM4ldRzurwkTO0D","tlshash":"cea2b6d61007243d57ead1a13929f7d63177ea98a0caec8a7de91f84d414c83f3f294a","first_seen":"2025-07-30T15:25:28.733337Z","last_seen":"2026-06-06T21:15:35.449874Z","times_seen":10069,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mvswap.online/favicon.ico","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mvswap.online/","date":"2026-02-20T23:28:47.128Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mvswap.online","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Feb 2026 19:58:11 GMT","end":"Tue, 19 May 2026 19:58:10 GMT"},"fingerprint":{"sha1":"E1:6B:2B:C1:04:66:A1:69:C0:01:9E:BA:C0:C0:69:9A:51:5A:00:1A","sha256":"02:7F:A9:2F:14:31:D3:B9:BD:03:7E:35:C2:FD:EF:14:87:41:21:B6:82:09:33:DC:94:15:FD:86:F7:20:BB:05"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: mvswap.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mvswap.online/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 23:28:47 GMT\r\ncontent-type: image/vnd.microsoft.icon\r\nset-cookie: __cf_bm=213QV6PUX.YrHAv6fGw6..WUI2xRnTXgJq_Kzqpv4iw-1771630127.1244667-1.0.1.1-9tkGRhyICUOaIdFfd.9QzmB_o4J.9RZ.u5tHdPUeXgKGMiGEeNggFgp4lvuS9D.TK5u_NfpSlxpd9NI.2z9b2lxmNMdbBefliXyVjnqcrAIMAYk6HJOcgb7WEtkdaCqU; HttpOnly; Secure; Path=/; Domain=lovable.app; Expires=Fri, 20 Feb 2026 23:58:47 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\netag: W/\"9f504444f85a5af2eef9264b02ae40be\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9d11c8468baf0883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":20373,"size_decoded":0,"mime_type":"image/vnd.microsoft.icon","magic":"MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel","md5":"9f504444f85a5af2eef9264b02ae40be","sha1":"dd15dcde9da684402cd56070688bc4d18d2ebb46","sha256":"dd821076a9b03adc2173c93956226aea3d92482d7578fc4339c5d3a2e9c24586","sha512":"e5dbd729746c77d5ec72483a822c6df608086e5877a1ac146cd3e347a2fcaf50af6c561fc4477923925e9bc9d81b65010e911a40b830a637fddd666972b6651d","ssdeep":"384:zvAOjbCDJfSLloocQmVv1Abb/ttPoGwktQ5nuxFqgrssRi:zoiOJfMoNQmVv1AXbXGZu4","tlshash":"3792d10db18eb66d4ff5819bd0f8e53d42c71aa4b4232282cc8229f15db78dd63d2b59","first_seen":"2025-12-01T00:59:47.52305Z","last_seen":"2026-06-06T21:08:52.054342Z","times_seen":2056,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mvswap.online/~api/analytics","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mvswap.online/","date":"2026-02-20T23:28:47.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mvswap.online","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Feb 2026 19:58:11 GMT","end":"Tue, 19 May 2026 19:58:10 GMT"},"fingerprint":{"sha1":"E1:6B:2B:C1:04:66:A1:69:C0:01:9E:BA:C0:C0:69:9A:51:5A:00:1A","sha256":"02:7F:A9:2F:14:31:D3:B9:BD:03:7E:35:C2:FD:EF:14:87:41:21:B6:82:09:33:DC:94:15:FD:86:F7:20:BB:05"}}},"request":{"raw":"POST /~api/analytics HTTP/1.1\r\nHost: mvswap.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://mvswap.online/\r\nContent-Type: application/json\r\nContent-Length: 334\r\nOrigin: https://mvswap.online\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: session-id=74cb721e-70a0-4374-b4ab-dc8aad946860\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":334,"data":"{\"timestamp\":\"2026-02-20T23:28:47.313Z\",\"action\":\"page_hit\",\"version\":\"1\",\"session_id\":\"74cb721e-70a0-4374-b4ab-dc8aad946860\",\"payload\":\"{\\\"user-agent\\\":\\\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\\\",\\\"locale\\\":\\\"en-US\\\",\\\"referrer\\\":\\\"\\\",\\\"pathname\\\":\\\"/\\\",\\\"href\\\":\\\"https://mvswap.online/\\\"}\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 23:28:47 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\nset-cookie: __cf_bm=KlslRtEKQjuXbBTcrFS23icjUGbVgIk5JzH0iXwyYjE-1771630127.313015-1.0.1.1-yHDx.oGexyC5BSQR1PBNUHNBkNmIvtmAaj1DV46GRuGJ.EOZGMplTPa7r9oTEhNzLYFO_lfzYdv.G4LuCHWqC.NIpxaCPjn_K3Upfh3RkQ0fEnzxOXJkAJf1iWDJZKAV; HttpOnly; Secure; Path=/; Domain=lovable.app; Expires=Fri, 20 Feb 2026 23:58:47 GMT\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9d11c847b8860883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":4,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"f92965e2c8a7afb3c1b9a5c09a263636","sha1":"e9b450d14bc2363d292c84f17cfad5cfbd58a458","sha256":"11a6767d5674c7e45f7e00dc525762275b3a48491ad6045427d2609cc496c516","sha512":"25775ba3c567970fc3df3f8107f2a78a67c5619d54bfb37704423acceec253316949eee77b81100a01b91c742e475b4f6157dd2427a9f9fafd87a4078f2d65df","ssdeep":"","tlshash":"54300000000000000000c00c00000000000000000c0000000000000000000000000000","first_seen":"2023-04-09T18:20:08Z","last_seen":"2026-06-06T21:15:35.439475Z","times_seen":10163,"resource_available":true,"data":null}},"time_used":482,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":482,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mvswap.online/","fqdn":"mvswap.online","domain":"mvswap.online","tld":"online"},"ip":{"addr":"185.158.133.1","port":443,"asn":13213,"as":"UK-2 Limited","country":"United Arab Emirates","country_code":"AE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-20T23:28:46.013Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mvswap.online","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 18 Feb 2026 19:58:11 GMT","end":"Tue, 19 May 2026 19:58:10 GMT"},"fingerprint":{"sha1":"E1:6B:2B:C1:04:66:A1:69:C0:01:9E:BA:C0:C0:69:9A:51:5A:00:1A","sha256":"02:7F:A9:2F:14:31:D3:B9:BD:03:7E:35:C2:FD:EF:14:87:41:21:B6:82:09:33:DC:94:15:FD:86:F7:20:BB:05"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mvswap.online\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 20 Feb 2026 23:28:46 GMT\r\ncontent-type: text/html; charset=utf-8\r\nset-cookie: __cf_bm=bvNppR3M2yQMDNi9krSxrKSg9QGGrdKTATjfKqt_J10-1771630126.1064942-1.0.1.1-m4dbAiRhOWUGLBBGyDuVwPvyBUOtpMXkNdJy1RqF8mNA5_MRGpWBvvMYm230tJyBh1rY68J90pehZhbx6itpBn0Fi.ZrbI4k4DyjH4PmHodxu0rH4_ldB6S7UMcEHK6A; HttpOnly; Secure; Path=/; Domain=lovable.app; Expires=Fri, 20 Feb 2026 23:58:46 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-content-type-options: nosniff\r\netag: W/\"87c5a60675dc2b8915f84f4322d70b6f\"\r\ncontent-encoding: gzip\r\nserver: cloudflare\r\ncf-ray: 9d11c84029180883-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":1515,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"de4dea027e525315a167546d9393ed4e","sha1":"d11bca7d89432b86d090866299d940168ea0d5d6","sha256":"97d0185ce6a604e793f690f5d7ad7ee61a71f3f7c7903572246323d4e2623342","sha512":"d2539e96d41070ae47aa62d870888679aac693c49f49aba412adfb9a095f7bfb8354e1e5e98b3ae2f04b7fce1d05051380c5fd8062deac836654e2cad5e3c122","ssdeep":"","tlshash":"583174536aa0d80a1660c6748cd2f50cc5a7d2478288480efb9c109d2f89ff0c6eb5a1","first_seen":"2026-02-20T23:29:13.206137Z","last_seen":"2026-02-20T23:31:20.463788Z","times_seen":2,"resource_available":false,"data":null}},"time_used":490,"timings":{"blocked":94,"dns":77,"connect":1,"send":0,"wait":296,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-20","alert":"Sinkholed","trigger":"mvswap.online","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}