{"report_id":"eae4f8fe-4ba7-4220-9c1b-efee96e683e4","version":6,"status":"done","tags":[],"date":"2026-01-05T22:23:55Z","url":{"schema":"http","addr":"tornadoapp.cash","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":0,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"final":{"url":{"schema":"https","addr":"tornadoapp.cash/en/","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"title":"Tornado Cash","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tornadoapp.cash","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":0,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-09T22:23:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tornadoapp.cash","ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-12-21T13:38:38.951348Z","last_seen":"2025-12-21T13:38:38.951348Z","alert_count":30,"request_count":15,"received_data":329098,"sent_data":7022,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"bc5c3c35063d7aec8b9fbe0ca7d403cb","sha1":"0e143de6b79087b4cfdc5ba77aaf0eabad744319","sha256":"fd3f0a9c32154ca746051110d9e786a210a148bef2f6e58cd1f55ead254e997c","sha512":"450a071809183d51968629723a655acbb813490ed0e5da0253394db4964bd3eeb8220037c5deba82377545217f5d37615823c4a94e7657c4dee8a045691c6016","ssdeep":"","tlshash":"4ac02bc00cc60d00c2073481c075947731342771c07d44aa163ef3509833126d01cc9d","size":144,"data":"","first_seen":"2024-08-20T18:48:12.891923Z","last_seen":"2026-05-16T01:05:11.768474Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"e9739f192487ffe92fde3cb5fbff41ce","sha1":"67ce3ce4b366724f368a30e669c5359d56831978","sha256":"b2977fefe0070f7ecffce1e2955486bb653e23a4dd22d1cd9ce6ac42b8a85616","sha512":"8b8de2351dca37ff6ac460a3f3b97499d2aa0d0ce0ffb4f044c2db867708cec206729bd40e268f770feb35427af40d810bacc6878fe43fca8efd4ec63f9fff02","ssdeep":"","tlshash":"15c02bc40cc61900c3033981c036483762342a31817e446a173ef350903301ad01ccde","size":143,"data":"","first_seen":"2025-12-03T20:14:39.263471Z","last_seen":"2026-06-03T03:16:48.149515Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"790c73fcffbbd1e80b0ab7f88d232997","sha1":"12779b3139efc75f597a95385bb1613160ae83bf","sha256":"279f02ad315b2e489971bb74a20e09a04679dde40a34c5142697548d5ec98aa4","sha512":"1e11a09142cf2e16b31d44519471937d325217a554254c67f2585e2f8aee4cfcec092c3b649c0b069acaaac6b6b2321d65c377f876643b4482310ac3eb0e89e3","ssdeep":"","tlshash":"c3c02bc028c61b00c3033980c037503b31343220807d486d1f3cf3d49033006d00cc6d","size":141,"data":"","first_seen":"2025-10-28T13:56:16.565804Z","last_seen":"2026-06-12T11:47:24.310922Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"dec81d270cc6f9282b4152a0ce183212","sha1":"a9b66abf9bcf6d9298014b8b09090cb787331731","sha256":"3a514f45293cf0acf92a6af1ebeb974f65ecdcc91492f169c6c4c2d23689c44d","sha512":"502569f2c3cd56414732e61e552e65e42c9000cf2ab9484a747f114c63d8e0d21f374084b6cdc314717a65d381f843801fcaf7761d2e836572a5be783443e587","ssdeep":"","tlshash":"b0c012c438cdaa51c3133d908127a467a228256096ad44562928e7557573516d09dc5e","size":187,"data":"","first_seen":"2025-12-21T13:38:43.569644Z","last_seen":"2026-01-05T22:23:57.05806Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"0ed9614a56754e3144f79fb6d7d73871","sha1":"b0891da0aca52a79339eff7fb123d2f1013dca37","sha256":"0b08aa7b3aa4c6188cfeb5e4186e6a63032235f92875c01e65b093ecf7180d81","sha512":"8bf283e53b035f2b56d5641dfab0adc6125e99ff1896e5144faca1e6a6601a49e3676271df195ecd2f7a490a9c3145359658824250d5a42bd71a0319eadd0cdb","ssdeep":"","tlshash":"bcc02bc03cc61900c3033880c037503b22382671807d44662a3ca354a433107d01cc5d","size":141,"data":"","first_seen":"2025-12-21T13:38:43.575559Z","last_seen":"2026-01-05T22:23:57.058958Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"scriptElement","is_inline":false,"md5":"0c19281d45106179d378160794107e10","sha1":"82526d062d10254140c1802d039fcd9f275c257b","sha256":"097194ebc59ad9109fc778ff7e4e6c01ed9aeb68aa6cf7807d0d0118cfb68c11","sha512":"2c9f332914dea48e3c4bc169d4c79aa9077c3933dc3d44149a1edfb52791b2b9499e2eb1decc3c437125cc9184533268ff5a5b1bcf3cf839575b22fd577ee93a","ssdeep":"768:lvupjzJGlNZMCgUKY8ACval9XMSAkxnLyDgVO3FMPY1j2Kv9U6isrtzlV95zVTJg:l2RyjMhqCva98SacVUKalnamFo","tlshash":"6a13fae972dab17283ef01b250fb464af3392894680e5424b62ddcda383549d51f3f7a","size":44445,"data":"","first_seen":"2025-12-02T15:58:48.325223Z","last_seen":"2026-01-05T22:23:57.04333Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/umami/script.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"scriptElement","is_inline":false,"md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","size":2688,"data":"","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-13T14:18:56.85874Z","times_seen":4376,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"9bfc34eac59b09bdcbafce96b0a38ae0","sha1":"4e3327170babce48443a7c173d0b9e57f98c557b","sha256":"c391b4d8623bcbfcb9e09e62f0947030fd34f1f221d02878e52123d943b23cd9","sha512":"6ec23834d1517ed9ec6ee039c5b9c8059268bdd1f779e6bb9c408f9ff8a2766c79d8f5d9ff2e753f1fb8cb6e63106dde2bc4e1ac30af28ac84abe061b965a394","ssdeep":"","tlshash":"66c02bc00cc61910c3133981c035843762343631817e447d573ef360803311ed01cc9e","size":142,"data":"","first_seen":"2025-08-23T02:13:42.790074Z","last_seen":"2026-05-16T01:05:11.764183Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/hoisted.DmfxZS2j.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"scriptElement","is_inline":false,"md5":"0788e759d711ad43295fe1ed13d8fc2c","sha1":"b30dcc437e65fa00d2cf3cc4c51fb16e3c1b0b2c","sha256":"759b0d8b9f7b63e03169c04010ec9e4aaead4546888e93001a32ab48b5d58d57","sha512":"f67da587b7895c0a874b3d5c3abfa5570e649a53f467fd1d360e12d073fd025217930bf674e4fc809962aa6d7f5730cbf5055bf861939c66ed0ae6123f8f684f","ssdeep":"192:bpMCTwNn2eyBlUmzbgmgwXg+8dpuPXthfjGBHj1CBMDin3ENxpeDRYH9T:bSCMNns9RDfdM+3EaYHh","tlshash":"4712c7a8776c397204df96e7b05e938db6313049740598ac703dd8e81d3ee8921a7f76","size":9636,"data":"","first_seen":"2025-12-21T13:38:43.551463Z","last_seen":"2026-01-05T22:23:57.049105Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"ddd264471893d2bdb1bad9f9515c46f5","sha1":"812c9b509d0a62e6e7f2bfd59b25414f0a1b55a3","sha256":"b4d9db5750ba99c97de86320ea4bbbb64db5525f60f4c14fdaf07091453a3211","sha512":"9e2c29e4c817395028d691b6abdd9dab1be63de6f952bc65b9a13c6150a7db02a5c29e339b053cfff408307871c46a5dd218692cc0347921a4e18edfa480bdf7","ssdeep":"","tlshash":"3cc09bc45cc65900c3173991d035543761345671917d4469163ef3549533516d15cc9e","size":135,"data":"","first_seen":"2023-07-06T10:22:54Z","last_seen":"2026-06-03T03:16:48.133647Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"9e4c798731aa1d2fa403249d167e062a","sha1":"08d2e87eb42211038c6a159869c389645bbc054a","sha256":"ac586cbe2069a57247caea9a74e37298ae5ffab067d1e7f0e2c825eb422fbe84","sha512":"6cbb59fbae50597468772d20b5e060973f2a3b458189f16cf6cb175834a4b87fa130a9bea20d705dae96e36b35c1fa653b5ec22afce0d3e3bb5fbb98553237ec","ssdeep":"","tlshash":"34f0d80674ca3984c713387184235567322515b3c96e8c6a7d2ca7a12f23735dc1eea5","size":622,"data":"","first_seen":"2025-12-21T13:38:43.563353Z","last_seen":"2026-01-05T22:23:57.061431Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"e209bb468709b5d291014bfffa6476a4","sha1":"42e9bda12ab584996c9e39b9397214742426afeb","sha256":"0209abb6753eec9ab70f22530d1b270ab1e19f2508fbef7aa56e38dca8a9975a","sha512":"89542f256f09e82d0a5b19f6c61e2b20a3915c1820fedd293555fdc960e20f6dcea76cc5e1108f6db91c75379967e0abc72e65e7a5555ff08ed224719c45ff76","ssdeep":"","tlshash":"bec02bc438c71900c3033880c037543b62382a70817e44672a3ce354b433007d03ccde","size":149,"data":"","first_seen":"2025-12-21T13:38:43.574475Z","last_seen":"2026-01-05T22:23:57.062246Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"AsyncFunction","is_inline":false,"md5":"98746ab118e88debf0d75cacd7a116aa","sha1":"30cffc7944099b57361c24202229dd7966f8d867","sha256":"c6fbc51bd2a6a6091876112b4abb7606e40830a20c422e9c961dacaa9b40ede6","sha512":"4c881697f3d783e98cfacd9522c8fc6043bdaaa19b71855a6fb64a301aa12ced76fba7682bb4b22314e2729772e8d1b2e77e25a144c242d6ba0297a56bf0526d","ssdeep":"","tlshash":"4dc02bc02cc61900c3133880c036603722381672807d446b2a3ce3519433107e01dc5d","size":142,"data":"","first_seen":"2025-12-21T13:38:43.568073Z","last_seen":"2026-01-05T22:23:57.063153Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/en/","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"introduction_type":"scriptElement","is_inline":true,"md5":"57bed93a2f1b29d89e013467effad6cc","sha1":"cb2d4466c6dc54eeec744e86501b9eef51669cc1","sha256":"dd0ad64caa549a74a5c468682cf0a8aebdb1cf26c1bce193b95cbb78494c9048","sha512":"add16b668a566913bd3b56e20699fc7698883435546b4b482bf458e247b4b67ad3a2fabe8d3407461483dd9eba6d7421b7e03894fecdd36465c21fdd2c5ee955","ssdeep":"","tlshash":"9001817467520131442b106c398e97543b3e700330b0e614ff6c9a680f74e5f81e1fda","size":660,"data":"","first_seen":"2025-12-21T13:38:43.576489Z","last_seen":"2026-04-01T23:35:55.551038Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tornadoapp.cash/favicon.ico","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tornadoapp.cash/","date":"2026-01-05T22:23:33.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:32 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15086\r\nlast-modified: Mon, 27 Oct 2025 06:07:44 GMT\r\netag: \"68ff0c30-3aee\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"eabf113fb72f455c76cc64e59a0c28cd","sha1":"1ce5f3c57f6432cf87a9cb4ef6564db6d10a7871","sha256":"232ae31cb84d94faf1d8ef469cf511d9950a97d537ad505f642219f99ecb167b","sha512":"6f77781a5a038af742f4a1bc0e5ee9ebfae947f029993fb51d4ad6bc47c61ca07daf8a46962bc8690eee2cb5d8de9ce074b1857b5284298fb7d81a4576b8370a","ssdeep":"96:jWTcvvvvvvvvvPvvvvvsvvvvsvVsvvvvvvvvvvvvvvvyDvvsOvvvvvvvsvvvGnVP:juXP65j7sAx+X8v8CLai","tlshash":"3d62dbb33f6dabaee92445fbd96923decbc4da965210c70bb918361d2cc217cbd00245","first_seen":"2026-01-05T22:23:57.042058Z","last_seen":"2026-01-05T22:23:57.042058Z","times_seen":1,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/page.7UCKLhDU.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/page.7UCKLhDU.js HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 44445\r\nlast-modified: Mon, 29 Dec 2025 18:20:50 GMT\r\netag: \"6952c682-ad9d\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44445,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (39222)","md5":"0c19281d45106179d378160794107e10","sha1":"82526d062d10254140c1802d039fcd9f275c257b","sha256":"097194ebc59ad9109fc778ff7e4e6c01ed9aeb68aa6cf7807d0d0118cfb68c11","sha512":"2c9f332914dea48e3c4bc169d4c79aa9077c3933dc3d44149a1edfb52791b2b9499e2eb1decc3c437125cc9184533268ff5a5b1bcf3cf839575b22fd577ee93a","ssdeep":"768:lvupjzJGlNZMCgUKY8ACval9XMSAkxnLyDgVO3FMPY1j2Kv9U6isrtzlV95zVTJg:l2RyjMhqCva98SacVUKalnamFo","tlshash":"6a13fae972dab17283ef01b250fb464af3392894680e5424b62ddcda383549d51f3f7a","first_seen":"2025-12-02T15:58:48.325223Z","last_seen":"2026-01-05T22:23:57.04333Z","times_seen":3,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/inter-latin-wght-normal.Dx4kXJAl.woff2","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/inter-latin-wght-normal.Dx4kXJAl.woff2 HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/_astro/index.Da6u_8E9.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 48256\r\nlast-modified: Mon, 29 Dec 2025 18:20:49 GMT\r\netag: \"6952c681-bc80\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 48256, version 1.0","md5":"260c81a4759baf163c025001c4f27872","sha1":"f11d729bb0a4d8350d2ea3d0fc062cf6ef2d5298","sha256":"3100e775e8616cd2611beecfa23a4263d7037586789b43f035236a2e6fbd4c62","sha512":"9acec3e7a411a1eb6d072c3773bb14e5aa74d85d334674ec0fb018b7937174d5b612b756b2ce7aa3993d31dfe172516e7aaec79c7dd209eac5fd15d9aea077e9","ssdeep":"768:Gp4Wb3wv+eCLRZRtq9uGHpHveBOX5qw/14X+5edVWK4afHSTle4MRhVUNMT/TQDt:Gp483wdmXRtqhJPeByj/f4WK4mHIj8xw","tlshash":"be2302df9e4d72d29271267045338383798e2d8a50aae7a1061c0fe6de05b69d31fb9c","first_seen":"2025-05-30T10:47:22.433446Z","last_seen":"2026-06-13T14:28:32.503554Z","times_seen":19267,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/inter-vietnamese-wght-normal.CBcvBZtf.woff2","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/inter-vietnamese-wght-normal.CBcvBZtf.woff2 HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/_astro/index.Da6u_8E9.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 10252\r\nlast-modified: Mon, 29 Dec 2025 18:20:49 GMT\r\netag: \"6952c681-280c\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10252,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 10252, version 1.0","md5":"9df17551da76cba6ee2d5d35fc762ed9","sha1":"9c1cad863a03434fb9c1501e9dd27ac14ed7cf63","sha256":"5c66f9e07e90c6d4ac4922cc68d60de26c17b1858e677fb5e603fce3952b3ff2","sha512":"da96c3931f9fb3584bf27c66faec92ba4118b7e5d47815f92528a363abe3933df3a570165cbdaa44c94acae8a1d25865389f79191ba5eea129d263f7c821c5ae","ssdeep":"192:LO2p32aTpmBmaYdF5pYYUY+n5YGq7jdWkkD9N5odUb:LOY5aYdHp8Y+DcdhnU","tlshash":"3f22af64ba5d32f48a77263ffa6e5b8513b1595bf13c81679913332ba00706de0944e3","first_seen":"2024-08-01T12:13:18Z","last_seen":"2026-06-13T02:00:01.849277Z","times_seen":769,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/favicon.svg","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:36.004Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:35 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 752\r\nlast-modified: Mon, 27 Oct 2025 06:07:44 GMT\r\netag: \"68ff0c30-2f0\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":752,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"91ba1de2f97c822269c82a589cf861c0","sha1":"b8c763b08f749d02bb71e7b86489071f5be988fb","sha256":"9f75850076ee40b0c413f8b7ef17a2dd497dbcd1a0727f942c8a8e32ebfbc3c1","sha512":"185e53d65dece1a9d8e2205bd8759d49744ae90afa42b7bbefb3338cca04157ad36d5fc47508c8f450b2e697b5b71313bd3c96b2f5e0cf81c50e36a777b24e47","ssdeep":"","tlshash":"90014c7fc3469b2aa66487046578c80ae1a5ec4270b56248ef930c7afc24dd3247541f","first_seen":"2025-12-21T13:38:43.559095Z","last_seen":"2026-01-05T22:23:57.045466Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T22:23:33.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:32 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 29 Dec 2025 18:20:50 GMT\r\netag: W/\"6952c682-172\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":370,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (370), with no line terminators","md5":"9f853c65d0dacdf798df900d004814fc","sha1":"5d366d50610a633cc5ae42973edaa36fa4744642","sha256":"090806adb2cc58f58d30267ef4aaf7df4db4857046a7e4fcff4c184bc6e410be","sha512":"431bba47fbbefea88ea81e057e729bd50f8be77afc241bd8d3a2615aaa1cc7ba1d7f104f4b1e666b01f1a605c28c831de15b066793fb0f23c96d270f576d36e0","ssdeep":"","tlshash":"d0e0d8f783f5390ea324639c8065309864af840c9ec9085d8506e3b44cd07f081ba58b","first_seen":"2026-01-05T22:23:57.046416Z","last_seen":"2026-01-05T22:23:57.046416Z","times_seen":1,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":113,"dns":49,"connect":18,"send":0,"wait":17,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/index.DylcBo1r.css","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/index.DylcBo1r.css HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: text/css\r\ncontent-length: 28070\r\nlast-modified: Mon, 29 Dec 2025 18:20:49 GMT\r\netag: \"6952c681-6da6\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28070,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (28069)","md5":"48cf1d48e508f756bf889ab42abd0644","sha1":"d40d654c7959472257535ce07e155a417ecba349","sha256":"a4a6e0a8f5ed59f09b8ef4da333436093e03a7753eaf19fe6d281d10bfcec288","sha512":"bf18fc867536bfced7bfbce12c50a5cad6daed242c0fd16f581c34abb510e7a2e0660f095b610c463f5fcc9f0b721bc77a00d08545e2476314e6505c107fb305","ssdeep":"384:kEUiXR8v/TNIYAHe27LzELNik32OUX/c+v5Yzc:IiXW/IeT32OUXf","tlshash":"c7c2532aba10113f6c6794fdd698f99db22ab0c1ef3e46e6fd4311125ad63f60d93204","first_seen":"2025-12-21T13:38:43.528689Z","last_seen":"2026-01-05T22:23:57.047283Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/index.Da6u_8E9.css","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/index.Da6u_8E9.css HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: text/css\r\ncontent-length: 5440\r\nlast-modified: Mon, 29 Dec 2025 18:20:49 GMT\r\netag: \"6952c681-1540\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5440,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5439)","md5":"1b89656eb1ce158ff499666585f26a15","sha1":"d730d3f30af6ea68f4a24f864d8eb778191d2208","sha256":"46e2e924613731bc7b510ec2ecb42e82b08d92ac28eb6793a440376205ea87d7","sha512":"413db7832c7e1bfc604eaad441a8ad2989d75a30b72bc895c0671bbd78a2cf5dd99f2260ea25f69526d72d1dd4f1568b78951f5d5e706a80c4a1e7910f1827dc","ssdeep":"96:14azNDChHeCqJQ3k/cljOsMOZtmNLtfiKGzQqtX40DrEdUIvIf84IV7n4ACIwwto:PNuJeDa3OsflHh+XPSgq","tlshash":"6bb194106129512eae03d8fe62ccb51f7c3a7080d83e17676e0905982fde7ba16b7f15","first_seen":"2026-01-05T22:23:57.048169Z","last_seen":"2026-01-05T22:23:57.048169Z","times_seen":1,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/hoisted.DmfxZS2j.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/hoisted.DmfxZS2j.js HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 9636\r\nlast-modified: Mon, 29 Dec 2025 18:20:50 GMT\r\netag: \"6952c682-25a4\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9636,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8928)","md5":"0788e759d711ad43295fe1ed13d8fc2c","sha1":"b30dcc437e65fa00d2cf3cc4c51fb16e3c1b0b2c","sha256":"759b0d8b9f7b63e03169c04010ec9e4aaead4546888e93001a32ab48b5d58d57","sha512":"f67da587b7895c0a874b3d5c3abfa5570e649a53f467fd1d360e12d073fd025217930bf674e4fc809962aa6d7f5730cbf5055bf861939c66ed0ae6123f8f684f","ssdeep":"192:bpMCTwNn2eyBlUmzbgmgwXg+8dpuPXthfjGBHj1CBMDin3ENxpeDRYH9T:bSCMNns9RDfdM+3EaYHh","tlshash":"4712c7a8776c397204df96e7b05e938db6313049740598ac703dd8e81d3ee8921a7f76","first_seen":"2025-12-21T13:38:43.551463Z","last_seen":"2026-01-05T22:23:57.049105Z","times_seen":2,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/tornado1.DrhDFKcu_dLHeX.svg","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/tornado1.DrhDFKcu_dLHeX.svg HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 34289\r\nlast-modified: Wed, 19 Nov 2025 14:17:56 GMT\r\netag: \"691dd194-85f1\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":34289,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"929399a5df200d3390743400d08ed0a9","sha1":"69b94b3a7055880b6fcfcfb4d01e7600dd9ebb92","sha256":"ffa298aea4f2e407df4948d60901687a715964e3706f3366f6ad521879a3ea70","sha512":"aae60f204074b9cf3d9fa7a8f001c49663db2159fb7ecb725c07c1e6a5cb79567685de9ecc3011f83c00f5eb8292e791bf965e572dc9a17eaa616e3b0d85261c","ssdeep":"384:txMLyLROTK3QKAur7zJpBzPcnhX34s8zvrD9FPmc+LYOYasuoLPm7CzElQWsfltU:PML0RmZVuPzJpBD48z4re7zEFq/CD","tlshash":"86f2e9cd3b705ed5ca94c7ebbf0640fd381b65bb98848928c16c5f69548087eed2a9c3","first_seen":"2025-09-23T04:39:22.837834Z","last_seen":"2026-06-06T03:58:01.285043Z","times_seen":11,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/_astro/inter-cyrillic-wght-normal.DqGufNeO.woff2","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /_astro/inter-cyrillic-wght-normal.DqGufNeO.woff2 HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/_astro/index.Da6u_8E9.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:35 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 18748\r\nlast-modified: Mon, 29 Dec 2025 18:20:49 GMT\r\netag: \"6952c681-493c\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18748,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18748, version 1.0","md5":"de93fdc85e3d9009340f44f401ce62cf","sha1":"9f73b2f43ea3bf37cc8e90a5aa8c7e668ec44504","sha256":"71d5ee93cc1e9f1d520a3a8b66456de18c7879d8df09d57fcd2eaff75fef0075","sha512":"1c10e80e6fcd197c5acb2b811794a1d13f7b025868349d1b261e02424e2f1970c7f03c502c6190d386f2e78cdb126a374c64ee6c25eb848f82c5ff1462b3a367","ssdeep":"384:+llEwUsRDydOWF3kczROPIMjvFyNBNaK8QXNkhgP0DXzY0me:+lSwbdDWHeFjtyvdjX2w0DXzY0me","tlshash":"0182e043eb7d80e02039ab687545cd6b76c84ac529d993c4169ffde6d6633c01e9f08b","first_seen":"2025-09-21T12:02:08.032982Z","last_seen":"2026-06-13T13:06:10.570558Z","times_seen":546,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/apple-touch-icon.png","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:36.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:35 GMT\r\ncontent-type: image/png\r\ncontent-length: 7971\r\nlast-modified: Mon, 27 Oct 2025 06:07:44 GMT\r\netag: \"68ff0c30-1f23\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7971,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"490e9135dd6b438a1e78590aed428e5d","sha1":"51564a9faaaeadeea48289fba3cf5d00cf186b26","sha256":"d36f0c15e843049b15b317c0cf20deb58b4dee1d0e39cd5e264c28a495228f63","sha512":"905689c94b1a2d927702572caa7338fc4cdb448cd42e698a28bb78227ad49cc166a95c830db3a170ffe7a969020eacdbab1d8ac498e19dfcc90892d9bc5ffe26","ssdeep":"192:pNvcdE6n+rtm74phn842oJWpXkb2L1ZwR:v/IOEinJWPL1Za","tlshash":"0cf1aee7c272fef09c9f87fad51a3019a11e455d0b0c8b292a698fc957c8e473362917","first_seen":"2025-12-21T13:38:43.538932Z","last_seen":"2026-01-05T22:23:57.051763Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/umami/api/send","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:36.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"POST /umami/api/send HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://tornadoapp.cash/en/\r\nContent-Type: application/json\r\nContent-Length: 219\r\nOrigin: https://tornadoapp.cash\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":219,"data":"{\"type\":\"event\",\"payload\":{\"website\":\"2203f33a-36ba-48e9-ba2a-5bce18909fd5\",\"screen\":\"1280x1024\",\"language\":\"en-US\",\"title\":\"Tornado Cash\",\"hostname\":\"tornadoapp.cash\",\"url\":\"https://tornadoapp.cash/en/\",\"referrer\":\"\"}}"}},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:35 GMT\r\ncontent-type: application/json\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: *\r\naccess-control-allow-methods: GET, DELETE, POST, PUT\r\naccess-control-max-age: 86400\r\ncache-control: no-cache\r\nx-dns-prefetch-control: on\r\ncontent-security-policy: default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' ;\r\nvary: rsc, next-router-state-tree, next-router-prefetch, next-router-segment-prefetch\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":419,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"38930ea395a0410d95f8d47d5ede316f","sha1":"3f51aa761e5e93780fc805e8d37660408dad79f2","sha256":"8c353ae976f63acc17e14df82169796a579fb340dd054e95f02f5f53d81c6f91","sha512":"49a042a5776936c0a58f1d07fd4f48e3e68df8494199584ed4052fc438c7bf51b7befaa48f85c355f24a8573cdb284334f7189287d8e3a7e084cb637fabedcf1","ssdeep":"","tlshash":"a0e0810408ec2fe62bf47c284f204bd30a07b3c22cd428f0c1d82811eb3c5cea04b068","first_seen":"2026-01-05T22:23:57.053072Z","last_seen":"2026-01-05T22:23:57.053072Z","times_seen":1,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/en/","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T22:23:35.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /en/ HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 29 Dec 2025 18:20:50 GMT\r\netag: W/\"6952c682-1804f\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Alpine.js","description":"","website":"https://github.com/alpinejs/alpine","common_platform_enumeration":"","icon":"Alpine.js.png","categories":["JavaScript frameworks"]},{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":98383,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9244)","md5":"baf7b85f13f2c271f9557d2f9896d653","sha1":"3a553982c857b1fd2a921d6fdae51280bd3c1618","sha256":"e8ef7f4d37ef427ac7e5d7af103c03d2ffd27eef3ee4382504e9b750e98517dc","sha512":"4b99313b94591a77110ea0c7a98bc304f8aa44a15372f84a67b931d6e4c9335e93ea70ec425921051c775a81797d24d6b509932ed151480c47baf6c8d47d925c","ssdeep":"1536:92ALIh3pWsY3ptFFc44pXxknuEHXLkGGE92eg286:1HrmCnueXLkGGEB786","tlshash":"71a31a72e354377ec18382e6f311ba9a921fe309d61b905af6edc2673b85d60cd23215","first_seen":"2026-01-05T22:23:57.053923Z","last_seen":"2026-01-05T22:23:57.053923Z","times_seen":1,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tornadoapp.cash/umami/script.js","fqdn":"tornadoapp.cash","domain":"tornadoapp.cash","tld":"cash"},"ip":{"addr":"188.137.249.187","port":443,"asn":0,"as":"","country":"Bahrain","country_code":"BH"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tornadoapp.cash/en/","date":"2026-01-05T22:23:35.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tornadoapp.cash","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 19 Nov 2025 14:21:31 GMT","end":"Tue, 17 Feb 2026 14:21:30 GMT"},"fingerprint":{"sha1":"58:98:A0:CF:17:41:16:5B:F8:77:EF:19:E2:EE:A9:2A:15:9C:14:6E","sha256":"D4:60:3A:67:DE:64:05:B8:29:E9:B4:93:58:3A:B5:78:ED:EB:A4:2D:BB:D6:EE:78:B1:5F:9E:55:2C:E8:B7:A5"}}},"request":{"raw":"GET /umami/script.js HTTP/1.1\r\nHost: tornadoapp.cash\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tornadoapp.cash/en/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.29.3\r\ndate: Mon, 05 Jan 2026 22:23:34 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nx-dns-prefetch-control: on\r\ncontent-security-policy: default-src 'self'; img-src 'self' https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https:; frame-ancestors 'self' ;\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400, must-revalidate\r\naccept-ranges: bytes\r\nlast-modified: Fri, 05 Dec 2025 15:15:45 GMT\r\netag: W/\"a80-19aef155b5c\"\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.29.3","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2688,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (2687)","md5":"191315be80746226f807d10f1eb2bad1","sha1":"c30c616414dabeb026a5d0f7583479a517e15187","sha256":"a1471487eb3e8eb93b1a9e056386019ff5eedadea29bbb725b5494fb2e9ad90a","sha512":"62ed43d4a5312894ef30bf9f4579778e8e40833c6321262eb23da81dce2ad0dd9046ff85fccf98f9b60084b170b43566bff83e23763b47dd63b9ae3f18901117","ssdeep":"","tlshash":"f851d7f53185f1f07f692490d17aa620b9392e73b81e4890a6fb4c462b2e40e9431d2c","first_seen":"2025-12-04T18:46:55.384354Z","last_seen":"2026-06-13T14:18:56.85874Z","times_seen":4376,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-05","alert":"Phishing Block","trigger":"tornadoapp.cash","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"tornadoapp.cash","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}