{"report_id":"e90d671c-92d1-4cbd-b727-dbe3178c1366","version":6,"status":"done","tags":["suspicious"],"date":"2026-03-02T13:49:35Z","url":{"schema":"http","addr":"pump-rescue.fun","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":0,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"pump-rescue.fun/","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"title":"Pump.fun Cashback | Get 70% Back on Rug Pull Losses","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"pump-rescue.fun","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":0,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-06T13:49:35Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":9,"urlquery":2,"analyzer":12}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:11Z","timestamp":1772459351,"ip_dst":{"addr":"104.16.249.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44322,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)","source":"{\"timestamp\":\"2026-03-02T13:49:11.775059+0000\",\"flow_id\":1325910449435135,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":44322,\"dest_ip\":\"104.16.249.249\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027695,\"rev\":5,\"signature\":\"ET INFO Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2019_07_09\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2024_04_22\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"DoH\"],\"updated_at\":[\"2023_10_05\"]}},\"tls\":{\"sni\":\"cloudflare-dns.com\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":920,\"bytes_toclient\":3349,\"start\":\"2026-03-02T13:49:11.766463+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:13Z","timestamp":1772459353,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42622,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:13.895332+0000\",\"flow_id\":1836942838304164,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":42622,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":42622},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-03-02T13:49:13.888228+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:13Z","timestamp":1772459353,"ip_dst":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42624,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:13.900591+0000\",\"flow_id\":1329591236532953,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":42624,\"dest_ip\":\"104.18.54.45\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.54.45\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":42624},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-02T13:49:13.891609+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:13Z","timestamp":1772459353,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54038,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:13.905079+0000\",\"flow_id\":1766032928251378,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":54038,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":54038},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2673,\"start\":\"2026-03-02T13:49:13.892402+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:13Z","timestamp":1772459353,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54064,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:13.907339+0000\",\"flow_id\":543964408685112,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":54064,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":54064},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2599,\"start\":\"2026-03-02T13:49:13.893496+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:13Z","timestamp":1772459353,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54052,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:13.910723+0000\",\"flow_id\":389650528707036,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":54052,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":54052},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-03-02T13:49:13.893404+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:13Z","timestamp":1772459353,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54068,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:13.924254+0000\",\"flow_id\":2215054579197189,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":54068,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":54068},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":945,\"bytes_toclient\":2672,\"start\":\"2026-03-02T13:49:13.910597+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:14Z","timestamp":1772459354,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54082,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:14.104363+0000\",\"flow_id\":734910064780919,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":54082,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":54082},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2598,\"start\":\"2026-03-02T13:49:14.091767+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T13:49:14Z","timestamp":1772459354,"ip_dst":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54098,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI","source":"{\"timestamp\":\"2026-03-02T13:49:14.171920+0000\",\"flow_id\":707761576510731,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.42\",\"src_port\":54098,\"dest_ip\":\"104.18.50.34\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2062569,\"rev\":1,\"signature\":\"ET INFO Observed Cloudflare R2 Public Bucket (r2 .dev) Domain in TLS SNI\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"104.18.50.34\",\"port\":443},\"target\":{\"ip\":\"172.18.0.42\",\"port\":54098},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2025_05_27\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2025_05_27\"]}},\"tls\":{\"sni\":\"pub-14c1504681d2427684ac1f489338d075.r2.dev\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":789,\"bytes_toclient\":2597,\"start\":\"2026-03-02T13:49:14.165131+0000\"}}"}],"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-02","alert":"Hunting_JS_WebAssembly","trigger":"j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"cloudflare-dns.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"summary":[{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-03-01T22:18:12.522658Z","alert_count":0,"request_count":1,"received_data":13321,"sent_data":443,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cloudflare-dns.com","ip":{"addr":"104.16.249.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-03-28","domain_rank":112,"first_seen":"2015-04-09T01:00:28Z","last_seen":"2026-03-02T13:24:08.785249Z","alert_count":1,"request_count":1,"received_data":513,"sent_data":474,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pump-rescue.fun","ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":29,"request_count":14,"received_data":216626,"sent_data":5926,"comment":"","tags":null,"fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-03-01T22:15:00.771016Z","alert_count":0,"request_count":5,"received_data":246835,"sent_data":2775,"comment":"","tags":null,"fingerprints":null},{"fqdn":"j2tzzk.vercel.app","ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2020-01-28","domain_rank":0,"first_seen":"2026-03-02T13:24:08.188634Z","last_seen":"2026-03-02T13:24:08.188634Z","alert_count":0,"request_count":4,"received_data":2855014,"sent_data":2158,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}]},{"fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-08-23","domain_rank":0,"first_seen":"2026-02-25T03:05:04.781981Z","last_seen":"2026-02-25T03:05:04.781981Z","alert_count":8,"request_count":8,"received_data":4659067,"sent_data":3816,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"pump-rescue.fun/js/script.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"660a62eebc4c6cf6fed68ad4b85f3b10","sha1":"a3f8d5d53115ddde637292ffb3c6a9204bc52e66","sha256":"ab5d39d2222926cb3a35cef1cf1676b49552102440bd773da930d99faa086392","sha512":"a904c9cb52206a1d14065f55e5764d62196e6ccdf879077a96d6eb868dc9c2b4d80fd56667836ca94e21dcc86a3ed8d943ae1513ce69c891fd5c74849daee394","ssdeep":"192:yw5kX+sObyHw1HBFUmyAjt4hRYIkbw2uCymH2fqMo2GtrVr1TY+s1BUC3kFwxka8:yILsObybQ2No9TozT3avcZc","tlshash":"2672636da5b1003586b3727a1b9fa248fa3340633505ce043e1d8b446ff2b559ab3fd9","size":17254,"data":"","first_seen":"2026-03-02T13:47:47.981894Z","last_seen":"2026-03-30T22:24:38.198912Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"introduction_type":"eval","is_inline":false,"md5":"130bde0017a24f6d52935e051135f62b","sha1":"a47849be3f85ff649fd1cd0e3562927f9ecf7dda","sha256":"67639b147389687ce910235b3abd707bb154f5b34afa931b59b5eb0c4bc96f9a","sha512":"86df4de8d3f5adac273d3a2ab64f4679bdc713c60de69180940eac94519694af07d28d3f57829dd7a389024ad777d55c159ac81e49850c64935a1f67a637d242","ssdeep":"192:EQ11Gh/u11rpriQeXQIdCpqO4D4ogfoiY+0dhNPnsEsC32pf7kuqGZvkpSFVBbNV:X/1qDCpJwskwkEZxtN+NH6R+4n","tlshash":"1ba2f98ebfa3113666a3712f2bafa15d717650031009cd24bdbd93006f90a75127afed","size":22587,"data":"","first_seen":"2026-02-28T01:25:08.168839Z","last_seen":"2026-03-03T02:12:47.462579Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"3f9305bfe231b46f46f6aa4f9601f2a2","sha1":"8d69cdd50045daa452152815e21bc2affd617503","sha256":"8bd4b9b1946d5eeeb34ec58e7a74084486a14275555be285f9f000a66be65dad","sha512":"09b1ca85d25a7310e780af028459e9a82c4f0e7724e51d2df745acbe0becfd442c2fd31a336fc36f8d3467a29d265db1c4cbbfef732ecdf67b0d980e0890901a","ssdeep":"","tlshash":"cd21d01be5a36471f866306e67cbf60531375847810eda047e0c9d017fa5116873e6da","size":1378,"data":"","first_seen":"2026-02-25T03:05:09.99146Z","last_seen":"2026-03-05T13:47:43.068318Z","times_seen":49,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/noir.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"1475a3fddc0203d362b0f42ecc271e44","sha1":"bbaecab80772f3fc16f174008ba2e4804bc88d1b","sha256":"28d760c0e36c23af65c9ffc7af75e1450203de0cf4e04f70574b8121aef71fca","sha512":"2f80abc959103bd37bbfb15da9942f28c27fdeb4b477f8e5c54099664cefdc68609a4dd857258a4a481bafd579456c370ddd9f46ddf6e5ba1c85f8c8b9f7a83f","ssdeep":"768:57p4/BGg274TclQv4BEnFJkkdNnZfKmO0hQlYhpMreFjZqVoIw/2:57p4ZGg2ETcev4BEnbkMKrCaYhpmeFNu","tlshash":"74d23ba7ce8f3d65db741e0823df18c9092c1b8fa8e148cd950aabc9c24e67715cc5e9","size":30223,"data":"","first_seen":"2026-03-02T13:47:47.994477Z","last_seen":"2026-03-03T02:12:47.45965Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/js/chat-support.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"8f56cbba16abca703b3cc18e50a43abd","sha1":"48ad3e29b0d7f0da67d910a1dcba69aeab09ab85","sha256":"c91fc3552cc5ffabcc9de078cd060d2f9503fbd8cae93bea3ee7e0df2e4cc3eb","sha512":"e68d1bedd680727ef3fc3d171a864b13d0ebd086e1f8ebf3f2a3679395a97aa1f15c2fee90f3d598e272a09db811e9b049755a59b5096af707d72a8f56faa471","ssdeep":"768:vy302aY4tXXf/Sr40C+AePT5BEkHqkII7w5asTeFacn+wci27B3a9QcMPU5dhLjS:vyknXXf/Sr40C+AePT5BEkKkII7w5ast","tlshash":"83c2956d20e2103909b3a13fab6b212bff73405b224785207d5e47512f70f94a6b7fa9","size":27708,"data":"","first_seen":"2026-03-02T13:47:48.014504Z","last_seen":"2026-03-30T22:24:38.208078Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"a4c1b82c67008e0b9b5eecf131312513","sha1":"65878df6cf1c78a8f23072ff1eab145f96834d8b","sha256":"bd6b3e009c6eb48d8b3d002f13d614c1701e72dd6a45c3ccfaaa2bfbb5033451","sha512":"c3f291114f254222df96ffbc7400fb7543c0fc268ac74cfd6e1367b1e8741ee99815aceed2da8b31a00136f65dbc6550dfff557c0316141b9695983901c4b539","ssdeep":"","tlshash":"cfc02207910e01a100254a048b2712802c19b0aaba01b8a1aa78e34a2fa014381b82ce","size":191,"data":"","first_seen":"2026-03-02T13:49:48.119588Z","last_seen":"2026-03-02T13:49:48.119588Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"4cb688f77f25ceb10163e65e985bcfd3","sha1":"a7f75e7fd165bbf106ac7840980dcad9cc0a4868","sha256":"0193826c06dd2bcb3426ce8558c72fd117f8b4d7ab74676eeca4b183e7d24b79","sha512":"f9ec2a3b310c17f4e8ecf9605217f8f034d530a16031c67325390e50d8e590e86a2ebf8599355e7def79f5f36953419907a9808b4df599275f04a684e24a63af","ssdeep":"49152:24+xtaUFAYp8Su3ilTYDMsvpXrdVCiG/NdUgmS9UT9bCWCawOJGSH17129hBpWLS:AxuitgJCWCawOJG","tlshash":"f3d57cb073b1707907e792d454a71100f234a44a700984bcfbec95e7af9aaca957bf78","size":2846419,"data":"","first_seen":"2026-03-02T13:49:48.121618Z","last_seen":"2026-03-03T02:12:47.466713Z","times_seen":3,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2026-03-02","alert":"Hunting_JS_WebAssembly","trigger":"j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/js/support-modal.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"bbd0d55de929b6da87749509c9226f95","sha1":"39b7411cced962fa7ad4432ffbacefdec087d011","sha256":"322d44f191f8dbf416f43e4d1c3c5e8e2d1f8212acceca78f031463732847067","sha512":"eaba099111a0039761e4808f2c7d66f69a206d1a2122ee8fd4bc0e7f14f4be6828be26fca1c465d9678048d85cf515c609b6176a01c3fc5747a9280a71f72457","ssdeep":"96:mMj8hbkY0x1DITLcj7oY8MOOz7XfYJHoGqCJXuPCOJWfBlH3:8hbkY0xl2LoUaXQJ+CJXuqOJWH","tlshash":"7ec1f2b45abb3021845f606b7bdf1a673e3480875c49f511bd3c83914fe58aec863b54","size":6110,"data":"","first_seen":"2026-03-02T13:47:47.997789Z","last_seen":"2026-03-30T22:24:38.2136Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"pump-rescue.fun/css/support-modal.css","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /css/support-modal.css HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: text/css; charset=UTF-8\r\nContent-Length: 3813\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sun, 01 Mar 2026 21:19:23 GMT\r\nETag: W/\"ee5-19cab452cd2\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3813,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"c42c024da040a3adcf1cdf5b09b5edcc","sha1":"2045520c991be880700991557e84779e5c51ba6b","sha256":"14935616028c303a7cc053be63ca7f68d61e1f3dcca91577d2f80f14beff66b2","sha512":"744bfa79ef9c51ae2daa6ff75d01bcb213b34fd3abb09c5fd40437baa25a01cb619e81850cd7087d28a6db440f4309303d752816068094a9fd5c358f007dee42","ssdeep":"","tlshash":"5b7115819af71910fd1fd4663fe24e53a6289203c05ae82d7fe8328c4fa91d8d195f58","first_seen":"2026-03-02T13:47:47.979715Z","last_seen":"2026-03-30T22:24:38.203818Z","times_seen":12,"resource_available":false,"data":null}},"time_used":167,"timings":{"blocked":62,"dns":1,"connect":32,"send":0,"wait":33,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/js/support-modal.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /js/support-modal.js HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 6110\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sun, 01 Mar 2026 21:19:02 GMT\r\nETag: W/\"17de-19cab44dc06\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6110,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text","md5":"bbd0d55de929b6da87749509c9226f95","sha1":"39b7411cced962fa7ad4432ffbacefdec087d011","sha256":"322d44f191f8dbf416f43e4d1c3c5e8e2d1f8212acceca78f031463732847067","sha512":"eaba099111a0039761e4808f2c7d66f69a206d1a2122ee8fd4bc0e7f14f4be6828be26fca1c465d9678048d85cf515c609b6176a01c3fc5747a9280a71f72457","ssdeep":"96:mMj8hbkY0x1DITLcj7oY8MOOz7XfYJHoGqCJXuPCOJWfBlH3:8hbkY0xl2LoUaXQJ+CJXuqOJWH","tlshash":"7ec1f2b45abb3021845f606b7bdf1a673e3480875c49f511bd3c83914fe58aec863b54","first_seen":"2026-03-02T13:47:47.997789Z","last_seen":"2026-03-30T22:24:38.2136Z","times_seen":12,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":60,"dns":0,"connect":32,"send":0,"wait":32,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.727Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 379275\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-06T04:07:26.309827Z","times_seen":204378,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":73,"dns":1,"connect":21,"send":0,"wait":13,"receive":3,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"GET /demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F HTTP/1.1\r\nHost: j2tzzk.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\nage: 0\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: text/html; charset=utf-8\r\ndate: Mon, 02 Mar 2026 13:49:12 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t%2FH6FpQ7NaBcLTUN5%2F39s%2FgjBjzyiKPMYrBH0goq%2FsJ6Y%2FEyUfCVDPjRbOv8ZKIJfOQyCA25dyui8cDD7CkNJCR4U6moOLtpOJb%2B2f9dQ499PPspSw9nPNyS81HWny68y1uUURJI\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-ratelimit-limit: 50\r\nx-ratelimit-remaining: 48\r\nx-ratelimit-reset: 562\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::mhrw6-1772459351978-1b976290ca8c\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":2850380,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (33714)","md5":"fdbeb26dc0618a88214e699d6f767c3b","sha1":"21cfb4d311ac6e1588c41500dbbc61012ba3489c","sha256":"924259c5e648df8fe466bad9c44901d2d200473aca4a44cd7b6ee4e7c82e6980","sha512":"f06cccfa790609f8d42dd4e3c10fc16913c68bb965f7247dcbc101acd2ac4de8a0ba5ae70321d96363dd4fcc5f9c4920a51f4ca49621ad0a0535829af043634f","ssdeep":"12288:V44LZxNuaZYNUIFPfLUlKY4Ue+jFy1rq6c5249AZQmYN8Ge5CK3i/R0u4gpJm:V4cZxtaUFBE1r5c52aAZSu3iZ0uTJm","tlshash":"af256cb073a1b07a03eb92d594661100f334941a700d84acfbaca9eb6f959cf957bf35","first_seen":"2026-03-02T13:49:48.072659Z","last_seen":"2026-03-02T13:49:48.072659Z","times_seen":1,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":31,"dns":1,"connect":2,"send":0,"wait":10,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/api/v2/handshake","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.395Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/handshake HTTP/1.1\r\nHost: j2tzzk.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nContent-Length: 71\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Mon, 02 Mar 2026 13:49:13 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N9ehTh44pIeqZmDFLYBX7uM%2BaRkb6rA%2BRsGvtAf5oLAr8kM4E1ek3e2V67YNzzAyZl0KHkIFjmPk5msGWJE50ZVQ4XA%2BXMmHGTts%2BWESlJHabE6jqitT6QhixTAjK4o4ymijZTT5\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-session-id: da60a9461227e8b5e9a5559b36855cad\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::rhhrx-1772459353402-6727273720c4\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":80,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"4364d95c9e3de723d4c38d67872c046f","sha1":"07129b6b8edd6919ba684211dca6625ad2913ce3","sha256":"1024d279ec919e91051ead663c9789065aa1f72779362840af6ee4033f8a7d26","sha512":"3f83dada38fc58a8e414a316df7054c1ee2a8fbc3004f4a90735e15bec70fa7693fed32e8d71f5fcc4ac81d3fa7247e89ecd7ffed87c83618fd6692d80be2235","ssdeep":"","tlshash":"e8a011e020e02222a2082028c08080ce8a80c2babc222aa0822a228038a82c022c200a","first_seen":"2026-03-02T13:49:48.07501Z","last_seen":"2026-03-02T13:49:48.07501Z","times_seen":1,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/api/v2/binary","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.746Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: j2tzzk.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nX-Session-Id: da60a9461227e8b5e9a5559b36855cad\r\nX-Config-Id: 69923965562d44580b7b4501\r\nContent-Length: 99\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Mon, 02 Mar 2026 13:49:13 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p5KPPVmdBDlRZHvi6W2cBUVHgUgHdjTqvox9CYY1nCAiBQpZTA5yzbsLLmRr8HNhIhgzWHFR8lT3IkLyr%2FSH95ZyyMdI6nEZLQvDljb44g8IXlVeIbscsqvxWIC%2BzJRqfV5NQ6ow\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin,Accept-Encoding\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::djhwz-1772459353753-dd463c087d3e\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":995,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"9c6659ed24d3cfd2f30805ded003fb58","sha1":"b489630133b377428a7a082e1939b5bbe5945b00","sha256":"16ffd5759f9192fd374fdd905d8797c8e4200856d73b5aafbe0c00368554c30b","sha512":"747e97fa4ecdeb0f8dcd036e0d094643671b7eb199151caa3a12ebf5298b26f958d73971055f3d976f2a6c7cbe36ffd69de448b29fd4e61bd60c77c51091fb9c","ssdeep":"","tlshash":"3511a886c4177d01e85fe67da1cafe489447dd500ec4d28591771141b013ae8a1d5d74","first_seen":"2026-03-02T13:49:48.077322Z","last_seen":"2026-03-02T13:49:48.077322Z","times_seen":1,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":111,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:18 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd120ba71ae6-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":606208,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"d6593d1d172099e9f7a39dba5be5789a","sha1":"1c829d688cade44b2bced3368547fe6003b4f93e","sha256":"36cc07c88a201b6e07555da9abd299c250187c4028dd39ab9a9363fb3adef149","sha512":"634f8d7bfd5df3abbd47d3112bd999550cb40dd272eb0ee202472dba5cbc23059c624b41bb339310e9c60fdaa4e41ad3e225c56b60ff2bbaaaad8d1f23d5d10e","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tw:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVI","tlshash":"7cd4233ec1bc458079b501256a2427614d336cfd64efea3343ecde36db9a52e6ee1290","first_seen":"2026-03-02T13:49:48.07983Z","last_seen":"2026-03-02T13:49:48.07983Z","times_seen":1,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":34,"dns":1,"connect":1,"send":0,"wait":186,"receive":117,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:05:42 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd121a462efa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":557056,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"c9ba43101a27f0f962d210efc87f5b26","sha1":"5ebcdd83b16061416c177d695e3314ad28abada6","sha256":"aac785d8ff46abc11b9ad9cf1e05697748dbee7118074046f0a048c8d533ec9b","sha512":"58f4f0b67c8f5e4b3c483c79c342fddf5523db41119e37135680fca61df80244141119974fdaad9ea6b0c5f93f39d1ea775751b5039d1abe645062a24cafac21","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxC:avufiMHLszpYKMLHl4XST","tlshash":"acc4236944bc5c85216901652a59367c2013a07ed8f7bc7cb2accf9c89cf9bf4ee90e5","first_seen":"2026-03-02T13:49:48.082102Z","last_seen":"2026-03-02T13:49:48.082102Z","times_seen":1,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":35,"dns":1,"connect":7,"send":0,"wait":137,"receive":21,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/js/chat-support.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /js/chat-support.js HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 27708\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sun, 01 Mar 2026 21:19:02 GMT\r\nETag: W/\"6c3c-19cab44dc6a\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27708,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"8f56cbba16abca703b3cc18e50a43abd","sha1":"48ad3e29b0d7f0da67d910a1dcba69aeab09ab85","sha256":"c91fc3552cc5ffabcc9de078cd060d2f9503fbd8cae93bea3ee7e0df2e4cc3eb","sha512":"e68d1bedd680727ef3fc3d171a864b13d0ebd086e1f8ebf3f2a3679395a97aa1f15c2fee90f3d598e272a09db811e9b049755a59b5096af707d72a8f56faa471","ssdeep":"768:vy302aY4tXXf/Sr40C+AePT5BEkHqkII7w5asTeFacn+wci27B3a9QcMPU5dhLjS:vyknXXf/Sr40C+AePT5BEkKkII7w5ast","tlshash":"83c2956d20e2103909b3a13fab6b212bff73405b224785207d5e47512f70f94a6b7fa9","first_seen":"2026-03-02T13:47:48.014504Z","last_seen":"2026-03-30T22:24:38.208078Z","times_seen":12,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":68,"dns":1,"connect":38,"send":0,"wait":65,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 379275\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-06T04:07:26.309827Z","times_seen":204378,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":60,"dns":0,"connect":0,"send":0,"wait":11,"receive":10,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.54.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 2031700\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"a22dc9face81ff1665651f1052a0a99f\"\r\nLast-Modified: Fri, 23 Jan 2026 22:55:26 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd121b2423eb-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"eeebcd74061a9dcd7dfad338ebe1d46a","sha1":"23148fe8cd0cfe6b4379103d03dabde517e9bfd9","sha256":"631978ce1c77fdc8360949130dc08a761d8a5cbf0b87875b7b1556706cabc068","sha512":"e151fd7805ccbf649173ed454739604bbb31cbd0daa1dbf057454363c74532c9a5c2310e516f087f21ef09e5cd7de46e91d67e01815274b82573caae494eff45","ssdeep":"12288:/2TA4vVLmF/WbRkFOppRWsWNbGSQHJAUOUsLOsWZssG5bxVWhseThDII57tSKnXb:/2TAaRkFipRWRSlpAzUWOsWWvbLqhDVr","tlshash":"41f4233ac26c0681a9a500112e6526604c337cbc54feea3383eddf3adb5b92d6da5295","first_seen":"2026-02-25T03:05:09.955526Z","last_seen":"2026-03-07T02:01:37.494267Z","times_seen":63,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":36,"dns":2,"connect":2,"send":0,"wait":159,"receive":116,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /phantom-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 3967947\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"5a6a3867cbfe36845cfc495e5ca7f0ea\"\r\nLast-Modified: Fri, 23 Jan 2026 15:28:10 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd1219b31525-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"77c8cf44927733853063e12a9c919838","sha1":"e753f4fab619a4ad9c7e362f7dbca7d28c6af569","sha256":"0a412e42c896359759d6f578d9439fdfa66c8387c55de84440861ea71f463e59","sha512":"23e51c246c2f5f89fb1e53fad2bbba306a23f2a5d708b1b58dd8b8a60a382c9e38d475a7b57e90d617d2f87524659ca3c63da65c0248367925c1f5ab8bb570c6","ssdeep":"12288:VEznytgluvfiMoSnqYsA4Xp8fvndMMr95Hl42YSbZQxiVUSmj3+SSB9WV:avufiMHLszpYKMLHl4XSjC3h+s","tlshash":"8ff423e9846d4c8222510261295a753c2053b03eddf7bc39b1acdf9dc69ee3e8ce91e5","first_seen":"2026-02-25T03:05:09.958112Z","last_seen":"2026-03-07T02:01:37.50279Z","times_seen":62,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":35,"dns":0,"connect":6,"send":0,"wait":168,"receive":115,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/phantom-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:30 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd121caf4e4c-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"13ec753f0f7ac3f2e09cd8fb3d159fd6","sha1":"fb7c640e5ea1b3eb5af719aec31fe04a971c27db","sha256":"69c12f796a581c42a4dfedd57a615fdc0407867c0ab2577507c6afe5320d5b26","sha512":"79c55e8cc4ba19d93751be035f34ffea46704d06b08da0ee65a013c3bb40a7f3295156bc659db38df831457a65d53ed01bb79812b5903f66de13108d99c85e9a","ssdeep":"12288:WKLOlpdbVhOBbi61VlVP30w5qYO8DgLhC9bxl0zY6+wqzta5YpqXl5M0k+3uJH:WKS1/OBbi61/Vvx5qYONFC9VGM60S15M","tlshash":"b4f433f9941e38c2eb42b5617c2f12219dffb09b487f5fe24b40ba6a23dad4443d9458","first_seen":"2026-02-25T03:05:09.960469Z","last_seen":"2026-03-07T02:01:37.469286Z","times_seen":59,"resource_available":false,"data":null}},"time_used":329,"timings":{"blocked":34,"dns":1,"connect":6,"send":0,"wait":152,"receive":103,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass1-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 6028322\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"cf5ac8fca45e5d0409fef8923c179975\"\r\nLast-Modified: Fri, 23 Jan 2026 22:54:15 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd121c233181-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":786432,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"13ec753f0f7ac3f2e09cd8fb3d159fd6","sha1":"fb7c640e5ea1b3eb5af719aec31fe04a971c27db","sha256":"69c12f796a581c42a4dfedd57a615fdc0407867c0ab2577507c6afe5320d5b26","sha512":"79c55e8cc4ba19d93751be035f34ffea46704d06b08da0ee65a013c3bb40a7f3295156bc659db38df831457a65d53ed01bb79812b5903f66de13108d99c85e9a","ssdeep":"12288:WKLOlpdbVhOBbi61VlVP30w5qYO8DgLhC9bxl0zY6+wqzta5YpqXl5M0k+3uJH:WKS1/OBbi61/Vvx5qYONFC9VGM60S15M","tlshash":"b4f433f9941e38c2eb42b5617c2f12219dffb09b487f5fe24b40ba6a23dad4443d9458","first_seen":"2026-02-25T03:05:09.960469Z","last_seen":"2026-03-07T02:01:37.469286Z","times_seen":59,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":37,"dns":5,"connect":5,"send":0,"wait":145,"receive":82,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass1-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/js/script.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /js/script.js HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 17257\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sun, 01 Mar 2026 21:19:02 GMT\r\nETag: W/\"4369-19cab44db56\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":17257,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with CRLF, LF line terminators","md5":"660a62eebc4c6cf6fed68ad4b85f3b10","sha1":"a3f8d5d53115ddde637292ffb3c6a9204bc52e66","sha256":"ab5d39d2222926cb3a35cef1cf1676b49552102440bd773da930d99faa086392","sha512":"a904c9cb52206a1d14065f55e5764d62196e6ccdf879077a96d6eb868dc9c2b4d80fd56667836ca94e21dcc86a3ed8d943ae1513ce69c891fd5c74849daee394","ssdeep":"192:yw5kX+sObyHw1HBFUmyAjt4hRYIkbw2uCymH2fqMo2GtrVr1TY+s1BUC3kFwxka8:yILsObybQ2No9TozT3avcZc","tlshash":"2672636da5b1003586b3727a1b9fa248fa3340633505ce043e1d8b446ff2b559ab3fd9","first_seen":"2026-03-02T13:47:47.981894Z","last_seen":"2026-03-30T22:24:38.198912Z","times_seen":12,"resource_available":true,"data":null}},"time_used":215,"timings":{"blocked":68,"dns":0,"connect":39,"send":0,"wait":63,"receive":3,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/noir.js","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.553Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /noir.js HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: application/javascript; charset=UTF-8\r\nContent-Length: 30223\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sat, 28 Feb 2026 21:15:54 GMT\r\nETag: W/\"760f-19ca61b9fbf\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":30223,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (30223), with no line terminators","md5":"1475a3fddc0203d362b0f42ecc271e44","sha1":"bbaecab80772f3fc16f174008ba2e4804bc88d1b","sha256":"28d760c0e36c23af65c9ffc7af75e1450203de0cf4e04f70574b8121aef71fca","sha512":"2f80abc959103bd37bbfb15da9942f28c27fdeb4b477f8e5c54099664cefdc68609a4dd857258a4a481bafd579456c370ddd9f46ddf6e5ba1c85f8c8b9f7a83f","ssdeep":"768:57p4/BGg274TclQv4BEnFJkkdNnZfKmO0hQlYhpMreFjZqVoIw/2:57p4ZGg2ETcev4BEnbkMKrCaYhpmeFNu","tlshash":"74d23ba7ce8f3d65db741e0823df18c9092c1b8fa8e148cd950aabc9c24e67715cc5e9","first_seen":"2026-03-02T13:47:47.994477Z","last_seen":"2026-03-03T02:12:47.45965Z","times_seen":4,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":32,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/images/pump-logomark.svg","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:12.027Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:12 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2660\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Mon, 23 Feb 2026 22:30:56 GMT\r\nETag: W/\"a64-19c8ca086ba\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-05-25T20:58:54.05081Z","times_seen":140,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:01 GMT","end":"Mon, 27 Apr 2026 08:38:00 GMT"},"fingerprint":{"sha1":"AD:23:3E:9B:CF:2B:A1:EC:31:14:63:D1:58:73:BB:E7:C5:32:16:8C","sha256":"B1:5F:45:BF:00:8C:68:35:D3:42:B2:67:66:47:9D:BB:42:41:07:56:3A:C4:1C:D6:10:7B:B7:53:C2:71:81:33"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700;800\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 02 Mar 2026 13:49:11 GMT\r\ndate: Mon, 02 Mar 2026 13:49:11 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12635,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"4b1d52c19ccef2398d1de007b3c9a55c","sha1":"c57fa2bcac927a7d60c526cb7ec2b6249019dfe7","sha256":"05f842619ec9f615de0b749034eadaea60e3554d798683fb01ee1eb27abd1e68","sha512":"9dfc4ab3832325eb1438bd85674e15ceb62771b94f06ea8e48a2e286453d571218df3f6727b8df4c1bdfa47218eb5fed0298601da289391a736a76a230d68c3b","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGfNx0NO3kCxHx:vXuM0p2+g7r","tlshash":"1e427892002ba400ab971dc233cf7f3aaece50896085d1b95ffd0dc59cead66436876d","first_seen":"2025-09-10T22:54:08.549336Z","last_seen":"2026-06-06T04:27:42.301421Z","times_seen":11183,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":67,"dns":0,"connect":7,"send":0,"wait":20,"receive":0,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/images/pump-logomark.svg","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.547Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2660\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Mon, 23 Feb 2026 22:30:56 GMT\r\nETag: W/\"a64-19c8ca086ba\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-05-25T20:58:54.05081Z","times_seen":140,"resource_available":false,"data":null}},"time_used":158,"timings":{"blocked":124,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cloudflare-dns.com/dns-query?name=_r.chrome-extension-da0e5-bc.com\u0026type=TXT","fqdn":"cloudflare-dns.com","domain":"cloudflare-dns.com","tld":"com"},"ip":{"addr":"104.16.249.249","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflare-dns.com","organization":"Cloudflare, Inc."},"issuer":{"commonName":"SSL.com SSL Intermediate CA ECC R2","organization":"SSL Corp"},"validity":{"start":"Wed, 31 Dec 2025 19:20:01 GMT","end":"Mon, 21 Dec 2026 19:20:01 GMT"},"fingerprint":{"sha1":"F8:86:35:01:72:60:D4:0B:9E:B4:17:BE:E7:37:37:91:1B:63:0E:59","sha256":"E3:B0:28:26:78:9D:65:3D:22:4D:3E:DA:CB:E4:E8:77:CB:72:86:FC:4C:92:26:72:F6:22:67:41:CA:57:AD:65"}}},"request":{"raw":"GET /dns-query?name=_r.chrome-extension-da0e5-bc.com\u0026type=TXT HTTP/1.1\r\nHost: cloudflare-dns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/dns-json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: cloudflare\r\ndate: Mon, 02 Mar 2026 13:49:11 GMT\r\ncontent-type: application/dns-json\r\naccess-control-allow-origin: *\r\nx-content-type-options: nosniff\r\ncontent-length: 237\r\ncf-ray: 9d60dd04b9ea783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":237,"size_decoded":0,"mime_type":"application/dns-json","magic":"JSON text data","md5":"7b29115fc9a9a0fda14eec4027ac1ae7","sha1":"aa8159d80105501035e835817844e0de232ba353","sha256":"2359594b963d54c718503fea60d8afbc825cf9f82d7b93592cd4ed673d734fa8","sha512":"5d4a15e51bfe7a65655acb713f2442c6647ee87bb914f0ac1bb382a6fdd682c959ded44a8dbbaac06c64940179181eea92fe2e57a2e5c5ac0954548fabe32413","ssdeep":"","tlshash":"66d0a7c5d18984ac7417a744c4c314479fbc22b273dcbe7996442e58e2db341904626b","first_seen":"2026-03-02T13:24:13.090349Z","last_seen":"2026-03-02T14:11:13.67097Z","times_seen":4,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":29,"dns":1,"connect":3,"send":0,"wait":23,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"cloudflare-dns.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-desktop.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:06:40 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd135f6732fa-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":150963,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"7d1f5c5f569cd189d57c216930a664dc","sha1":"69a78038f0bd1917d726036c55282a581f6fbace","sha256":"af1d4a537b392ae3057f8a98a415c97c20b9d9c95985d3e63d779885ed0c9ec9","sha512":"bb16efaae1dbf01e39dfc947193a80ee2ad971ca4ce30774466614beea42255cb57a180069a2689b26df3bede6670734aab3f942fcfaf8464fe395ff307f3ed6","ssdeep":"3072:bf5Iz++emEBeefEU69n8DMeI7bRooWIWGSICgjYnsAaf2Ol/IXVui:bfw++FELEn9n81uoNI/ssN2OlwXVp","tlshash":"d0e312daf47e9b19eda415b4266e57c82de301797cb83c325380896c9fc386b2f4c469","first_seen":"2026-03-02T13:49:48.098386Z","last_seen":"2026-03-02T13:49:48.098386Z","times_seen":1,"resource_available":false,"data":null}},"time_used":367,"timings":{"blocked":191,"dns":0,"connect":5,"send":0,"wait":132,"receive":4,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-desktop.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/css/styles.css","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /css/styles.css HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: text/css; charset=UTF-8\r\nContent-Length: 50292\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Mon, 23 Feb 2026 22:30:54 GMT\r\nETag: W/\"c474-19c8ca07f52\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50292,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF, LF line terminators","md5":"b43c724e6677a1679df9ef3dad996ce1","sha1":"2f71b79e5a1c3bab710e23175f850665086f936f","sha256":"2fc99c040a6ccae1cf1e40364120eb8d84ee06bb5280eaeaa047b770c43795c5","sha512":"0caae2983614aa6dae10db7326d6281cdd03762fb2c394a73144ae4235a8edd973ece9f5b86e3a27df4df5ed8c7d362441dbae985040fdf145186df849ce4b16","ssdeep":"192:evmd5M1c3vV4oUqt6R9AaqHGIL7POqqXiqJcTNNYUPetnkXhBI5Y8oz1S5fFJtUI:e2tt6ix+oz4MH2WDQgb3Q5GfJh9vxvq","tlshash":"17333158a71561a66633bbb4aff60719f298a0539b02456e7fdc22450ff13bc41a2fcc","first_seen":"2026-02-20T23:54:40.355055Z","last_seen":"2026-05-25T20:58:54.049671Z","times_seen":109,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/css/chat-support.css","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /css/chat-support.css HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: text/css; charset=UTF-8\r\nContent-Length: 14276\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Mon, 23 Feb 2026 22:30:54 GMT\r\nETag: W/\"37c4-19c8ca07e82\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14276,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF, LF line terminators","md5":"e7b1486c350960d2e159fab373273845","sha1":"602259772e9a91c32b4c914e2f1263678967f03f","sha256":"b911a220da794ecf28d5690d69e2799203f9064b844c6b2bb601858976ac4c0c","sha512":"76e8f194e7007e3e0f8e283e03b19c7735508fde045c72ae8fb6fc3e95a5e0e4c80f3b3d515810c1ce902131313af84bdbfd9209ab245112eb82efedd934b60a","ssdeep":"192:1RjmabwEOS9ei+DVDU6NVFnxiTQ+V10yxxpgTVSpcCpBxTV6g/8v49M9V4A6WwcH:JSrSVzBSo+4v+","tlshash":"a5523278d601506a7a77a7b4afa94605e2a910439b03417f7bec51b90fb23fc8261fdc","first_seen":"2026-02-25T13:18:14.499293Z","last_seen":"2026-05-25T20:58:54.055039Z","times_seen":94,"resource_available":false,"data":null}},"time_used":202,"timings":{"blocked":64,"dns":1,"connect":34,"send":0,"wait":62,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 379275\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-06T04:07:26.309827Z","times_seen":204378,"resource_available":false,"data":null}},"time_used":176,"timings":{"blocked":86,"dns":3,"connect":23,"send":0,"wait":8,"receive":6,"ssl":42},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/api/site-presence?event=online","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"POST /api/site-presence?event=online HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 108\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":108,"data":"{\"status\":\"online\",\"event\":\"online\",\"source\":\"main-script-init\",\"page\":\"/\",\"visitorId\":\"v_53fa89e17a359caf\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:18 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 95\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nCache-Control: no-store, no-cache, must-revalidate, private\r\nPragma: no-cache\r\nExpires: 0\r\nETag: W/\"5f-r3ZstJiBtVH2JAYHN7lrBVLb+tg\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"e963bf16582a53e34646d9f1e7b59800","sha1":"af766cb49881b551f624060737b96b0552dbfad8","sha256":"a14643a4b362df5caf6017f58891f5ac3e8e68311b33176b94950dde7f6afd23","sha512":"03bbe89762081caa08095e0f7ecb1cc9793569e100118a6e85439388e060e6dd329a9cc104a07bf81134d27868974ef00d2fedd3c421e60cd933b6a346100f3f","ssdeep":"","tlshash":"24b0121040192035d4d8126234542f102d7d24f3c1b30cc1d1cf08b13e163816197803","first_seen":"2026-03-02T13:49:48.104401Z","last_seen":"2026-03-02T13:49:48.104401Z","times_seen":1,"resource_available":false,"data":null}},"time_used":7100,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7099,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/images/pump-logomark.svg","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:12.026Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET /images/pump-logomark.svg HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:12 GMT\r\nContent-Type: image/svg+xml\r\nContent-Length: 2660\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nAccept-Ranges: bytes\r\nCache-Control: public, max-age=0\r\nLast-Modified: Mon, 23 Feb 2026 22:30:56 GMT\r\nETag: W/\"a64-19c8ca086ba\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":2660,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e13e575d784e1c0623f9eec1240b21d","sha1":"b37951e967df5b53bd4446b1a3e48c1bd56d9a42","sha256":"8d3ae3eadbf555b9f5302c2c31429ff8420e90eb8eaee34b3fc0e7781566f1ba","sha512":"218ec60489e62cdd55510bb31f30c9b0b149aeec374501ed9b04d7003409a39df4883038765a7efd829af3e534a83c60ce58ea742bc79065ef0b28879c442279","ssdeep":"","tlshash":"7c5172ff6b444de5de86c2f8eb252ad7782a24d97121464193d43f2a740236c4d8ac93","first_seen":"2026-02-20T15:35:56.995338Z","last_seen":"2026-05-25T20:58:54.05081Z","times_seen":140,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/api/site-presence?event=pageshow","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:13.142Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"POST /api/site-presence?event=pageshow HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 114\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":114,"data":"{\"status\":\"online\",\"event\":\"pageshow\",\"source\":\"main-script-pageshow\",\"page\":\"/\",\"visitorId\":\"v_53fa89e17a359caf\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:13 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 96\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nCache-Control: no-store, no-cache, must-revalidate, private\r\nPragma: no-cache\r\nExpires: 0\r\nETag: W/\"60-QLjVu6q97kWYrTO4V58QHV2pxxc\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b7b9a3dbf3ac7c30f57e4293bac4c6f9","sha1":"40b8d5bbaabdee4598ad33b8579f101d5da9c717","sha256":"749f29f08882ddf1875ba419def077dc6d1592d0ddc8ec939f09a8524f20ecef","sha512":"d3a0a65c0ee81931adc14f91aa48eb1b9060f0f873cb688b6adcc17cc2caef13cc0770e15b63aaaef30903c986d7fd555a171992ead8349ce1a93fcd9edf0b6f","ssdeep":"","tlshash":"b7b0121040192039949812a264541f102e6d28f3d1b30cc5c1cf08b13e473c061a7803","first_seen":"2026-03-02T13:49:48.106937Z","last_seen":"2026-03-02T13:49:48.106937Z","times_seen":1,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"j2tzzk.vercel.app/api/v2/binary","fqdn":"j2tzzk.vercel.app","domain":"j2tzzk.vercel.app","tld":"vercel.app"},"ip":{"addr":"64.29.17.67","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.vercel.app","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 26 Feb 2026 06:28:03 GMT","end":"Wed, 27 May 2026 06:28:02 GMT"},"fingerprint":{"sha1":"D6:62:1A:52:B7:FD:F6:BB:FA:AC:01:9E:BB:CD:40:86:5F:04:95:51","sha256":"4B:37:7D:7D:8E:17:70:BB:E1:51:9B:58:96:24:6C:11:6A:B3:AE:A9:68:43:46:58:B3:30:F0:54:F7:EA:43:38"}}},"request":{"raw":"POST /api/v2/binary HTTP/1.1\r\nHost: j2tzzk.vercel.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/octet-stream\r\nX-Session-Id: da60a9461227e8b5e9a5559b36855cad\r\nX-Config-Id: 69923965562d44580b7b4501\r\nContent-Length: 99\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=0, must-revalidate\r\ncontent-encoding: br\r\ncontent-type: application/octet-stream\r\ndate: Mon, 02 Mar 2026 13:49:13 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Is3CHDl0p1Hbqjl0vXoqcz3jlRbc1MO1uLfJo0sdsp6P8pH31meh%2F21hh4b0LV1kYDSQ8Bz0FFroPrEmum6vppN5ybq2w3VH9Pxl3HJGXCQiHNxFlyzrOCLpeGhKNc8EfZ1z8SCR\"}]}\r\nserver: Vercel\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nvary: Origin\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::arn1::djhwz-1772459353879-a5abf15ae0f6\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]}],"data":{"size":99,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"f4932d43172858c8176b118524d7dc84","sha1":"d2541aff7459e18d7927acd521578f754449ebd0","sha256":"7f4c5ff5d5873326b2270ca5c9d01ded661bdcb0310f747f1b391db2c4e97150","sha512":"afd1b0384defff8e53dda90cef85db11e2f631570f3639d1b475a78a9a9ccfe22a81ec376bb8a42a12fc5a0eb9bea9e484f66bb85663f6e9c202341bbd5fdae9","ssdeep":"","tlshash":"e9b01204092e3b30f29a817303646a8d3354b0411a00374a1fb63c2b51b801b28c655a","first_seen":"2026-03-02T13:49:48.10971Z","last_seen":"2026-03-02T13:49:48.10971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T13:49:11.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:11 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nCache-Control: public, max-age=0\r\nLast-Modified: Sun, 01 Mar 2026 21:19:40 GMT\r\nETag: W/\"cc5d-19cab456ecf\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]},{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":52317,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1311), with CRLF, LF line terminators","md5":"30b95ae6ccb573cbb2fde97c7205786b","sha1":"6b0ed9a9f8e08e28100c76ce1b86b674f00c97e3","sha256":"a8c22f08f941173912a1ab5b9c64f701e69fec429f36b92ca21cb45c76f69acf","sha512":"3e46c027347e9c0f468f67eec982eeba62e98d09f5aeb5316f768dcf1d0b131b2dd3c1356c6c74ae85ec1eb4d7c504eddec8b7638603993b5d8cc671d35eec5b","ssdeep":"384:OsltsJs6L9u9YKplKnJDTrjhTxyfNmFPFmtnKrnOHswj:Oyt0OxMDXjDywPF2Pj","tlshash":"993383b452c4043a9173c2d9cb253bbafeaa8183970a9115b6fc27a75fb3c45dc37198","first_seen":"2026-03-02T13:47:47.976239Z","last_seen":"2026-03-04T14:00:15.965445Z","times_seen":9,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":102,"dns":33,"connect":32,"send":0,"wait":64,"receive":0,"ssl":35},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 379275\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-06T04:07:26.309827Z","times_seen":204378,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":107,"dns":2,"connect":7,"send":0,"wait":8,"receive":2,"ssl":90},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.195","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:11.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:00 GMT","end":"Mon, 27 Apr 2026 08:37:59 GMT"},"fingerprint":{"sha1":"43:A0:56:D7:CE:45:C9:96:6F:34:12:13:53:CC:34:DD:63:FB:5D:20","sha256":"A4:AF:37:76:AF:D3:DB:1B:79:93:8F:E9:D4:21:4B:BA:43:54:3D:F9:56:DC:18:E9:5C:CA:1A:7C:B2:C7:DF:9B"}}},"request":{"raw":"GET /s/inter/v20/UcC73FwrK3iLTeHuS_nVMrMxCp50SjIa1ZL7W0I5nvwU.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 48532\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 26 Feb 2026 04:27:56 GMT\r\nexpires: Fri, 26 Feb 2027 04:27:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 09 Sep 2025 18:33:50 GMT\r\ncontent-type: font/woff2\r\nage: 379275\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48532,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48532, version 1.0","md5":"225835e6e0496c54dc2aca9f3d533892","sha1":"942ef5298bbe74bfe44e445def5f2bfc94027fa8","sha256":"acc60d454f46f2ba233c516aa3299aa60e1f49ffd0f06b8392a7c772a5694087","sha512":"ea2ff96ed5ac965c1846b4b33990beab3d4ced66806fa44321f5dd59d9a29a8ae1a67a5816d40165af8a896677b6a24bb74ea6db53cd5e686080165db9fd62c2","ssdeep":"768:b9tYsJ6BxVEpu8sqEkvfXRGEBqH7KxpxA07hQv2bSokjQx2AOWUVOv7UeFHOpIsR:LsEcy7fXRGqqHmr7qv32UC7UetOGLkF","tlshash":"03230178cf9f85b3d33b153afaf4d20562a9067de76c4a803831051a2a55770b89dc0e","first_seen":"2025-05-29T17:27:56.345238Z","last_seen":"2026-06-06T04:07:26.309827Z","times_seen":204378,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":118,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":104},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","fqdn":"pub-14c1504681d2427684ac1f489338d075.r2.dev","domain":"pub-14c1504681d2427684ac1f489338d075.r2.dev","tld":"r2.dev"},"ip":{"addr":"104.18.50.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://j2tzzk.vercel.app/demo.php?id=69923965562d44580b7b4501\u0026parent_url=pump-rescue.fun%2F","date":"2026-03-02T13:49:13.901Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2.dev","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 14 Jan 2026 08:27:13 GMT","end":"Tue, 14 Apr 2026 08:27:12 GMT"},"fingerprint":{"sha1":"8E:B1:C6:1C:4F:29:20:20:9B:A5:D6:9D:E1:36:5C:9E:97:FB:1D:39","sha256":"37:AE:3E:49:CD:79:B6:64:E2:E2:D7:10:C5:42:B8:60:97:C4:95:B7:D1:0F:FE:B7:2D:84:F2:DC:70:4E:53:C2"}}},"request":{"raw":"GET /solflare-bypass2-mobile.gif HTTP/1.1\r\nHost: pub-14c1504681d2427684ac1f489338d075.r2.dev\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://j2tzzk.vercel.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 02 Mar 2026 13:49:14 GMT\r\nContent-Type: image/gif\r\nContent-Length: 8319275\r\nConnection: keep-alive\r\nAccept-Ranges: bytes\r\nETag: \"ffdbd9550fb16af66a8cf7717da03833\"\r\nLast-Modified: Fri, 23 Jan 2026 22:07:07 GMT\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9d60dd13aecd76ef-OSL\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196608,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 480 x 807","md5":"02163d2fd967c517b10ecd6f8096209b","sha1":"45024657ca90eeabc1e91efddf3cf21569d1ba99","sha256":"59c4a6f38c0de72646a654cd1083701590d5b9b5d0b79207e2af14ff5733a597","sha512":"4276d723a05a16633db45ecbdf78868e021e08c995e463ffe36ce5b7c87841971a3251bf4051435761a7e77095bcfac9c86df3fa73a91c9c30caf5576fd5b8d2","ssdeep":"3072:bf5Iz++emEBeefEU69n8DMeI7bRooWIWGSICgjYnsAaf2Ol/IXVu7Q0GDhh/tNEG:bfw++FELEn9n81uoNI/ssN2OlwXVAQ0U","tlshash":"6c1412eae0be1f15de680468665d1bd52ee340793dbd3c3213809d6d5fd386a3e8c898","first_seen":"2026-02-25T21:58:49.494288Z","last_seen":"2026-03-07T01:55:50.774331Z","times_seen":8,"resource_available":false,"data":null}},"time_used":455,"timings":{"blocked":264,"dns":0,"connect":1,"send":0,"wait":169,"receive":5,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"Nextron YARA rules","description":"Public Nextron YARA rules","scan_date":"2026-03-02","alert":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","trigger":"pub-14c1504681d2427684ac1f489338d075.r2.dev/solflare-bypass2-mobile.gif","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Florian Roth (Nextron Systems)","date":"2020-07-02","description":"Detects files with GIF headers and format anomalies - which means that this image could be an obfuscated file of a different type","reference":"https://en.wikipedia.org/wiki/GIF","rule":"SUSP_GIF_Anomalies","score":"60"}}],"urlquery":null}},{"url":{"schema":"https","addr":"pump-rescue.fun/api/site-presence?event=heartbeat","fqdn":"pump-rescue.fun","domain":"pump-rescue.fun","tld":"fun"},"ip":{"addr":"77.105.161.240","port":443,"asn":215428,"as":"Mykyta Skorobohatko","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://pump-rescue.fun/","date":"2026-03-02T13:49:28.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pump-rescue.fun","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 28 Feb 2026 20:35:23 GMT","end":"Fri, 29 May 2026 20:35:22 GMT"},"fingerprint":{"sha1":"39:7A:53:23:60:07:44:7C:F3:47:B1:A9:A7:A9:D9:85:68:0D:9A:79","sha256":"D9:C4:0E:30:69:25:ED:11:CA:0D:81:39:0F:50:59:8E:79:E7:E9:E6:4B:1A:AD:CD:C2:90:DA:36:4F:50:5F:6D"}}},"request":{"raw":"POST /api/site-presence?event=heartbeat HTTP/1.1\r\nHost: pump-rescue.fun\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 116\r\nOrigin: https://pump-rescue.fun\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":116,"data":"{\"status\":\"online\",\"event\":\"heartbeat\",\"source\":\"main-script-heartbeat\",\"page\":\"/\",\"visitorId\":\"v_53fa89e17a359caf\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Mon, 02 Mar 2026 13:49:28 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 96\r\nConnection: keep-alive\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: DENY\r\nReferrer-Policy: no-referrer\r\nPermissions-Policy: geolocation=(), camera=(), microphone=()\r\nCache-Control: no-store, no-cache, must-revalidate, private\r\nPragma: no-cache\r\nExpires: 0\r\nETag: W/\"60-QLjVu6q97kWYrTO4V58QHV2pxxc\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":96,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"b7b9a3dbf3ac7c30f57e4293bac4c6f9","sha1":"40b8d5bbaabdee4598ad33b8579f101d5da9c717","sha256":"749f29f08882ddf1875ba419def077dc6d1592d0ddc8ec939f09a8524f20ecef","sha512":"d3a0a65c0ee81931adc14f91aa48eb1b9060f0f873cb688b6adcc17cc2caef13cc0770e15b63aaaef30903c986d7fd555a171992ead8349ce1a93fcd9edf0b6f","ssdeep":"","tlshash":"b7b0121040192039949812a264541f102e6d28f3d1b30cc5c1cf08b13e473c061a7803","first_seen":"2026-03-02T13:49:48.106937Z","last_seen":"2026-03-02T13:49:48.106937Z","times_seen":1,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"pump-rescue.fun","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}